From 9cb1f62b497becf942e13e7cc6486b7127bec271 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 May 2025 21:17:39 +0000 Subject: [PATCH] ci: bump the github-actions group across 1 directory with 4 updates Bumps the github-actions group with 4 updates in the / directory: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action), [codecov/codecov-action](https://github.com/codecov/codecov-action), [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `golangci/golangci-lint-action` from 6 to 7 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7) Updates `codecov/codecov-action` from 5.3.1 to 5.4.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5.3.1...v5.4.0) Updates `actions/create-github-app-token` from 1 to 2 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/v1...v2) Updates `sigstore/cosign-installer` from 3.7.0 to 3.8.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.7.0...v3.8.1) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 3.8.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/coverage.yml | 2 +- .github/workflows/release.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 312d700..faabe15 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -54,6 +54,6 @@ jobs: run: go mod tidy - name: GolangCI Lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@v8 with: version: v1.61.0 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index f0b4d20..2d94dd0 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -37,7 +37,7 @@ jobs: go test -coverprofile=coverage.txt -covermode=atomic -coverpkg=./pkg/... ./tests/unit/... - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5.3.1 + uses: codecov/codecov-action@v5.4.3 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.txt diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a051608..470e512 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: id-token: write steps: - name: GitHub App Token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 id: app-token with: app-id: ${{ secrets.APP_ID }} @@ -45,7 +45,7 @@ jobs: # https://github.com/sigstore/cosign-installer - name: Install Cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@v3.7.0 + uses: sigstore/cosign-installer@v3.8.2 with: cosign-release: 'v2.4.0'