From e22585044b5b7566f48b6fd2ae60c707db8d2d0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 01:22:29 +0000 Subject: [PATCH] ci: bump the github-actions group across 1 directory with 3 updates Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) Updates `codecov/codecov-action` from 5.4.3 to 5.5.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5.4.3...v5.5.0) Updates `sigstore/cosign-installer` from 3.8.2 to 3.9.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.8.2...v3.9.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 5.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 3.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/coverage.yml | 4 ++-- .github/workflows/release.yml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index faabe15..e2c99f3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,7 +24,7 @@ jobs: contents: read steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -43,7 +43,7 @@ jobs: needs: codeql steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Go uses: actions/setup-go@v5 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2d94dd0..01e3611 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -22,7 +22,7 @@ jobs: pull-requests: write steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Go uses: actions/setup-go@v5 @@ -37,7 +37,7 @@ jobs: go test -coverprofile=coverage.txt -covermode=atomic -coverpkg=./pkg/... ./tests/unit/... - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5.4.3 + uses: codecov/codecov-action@v5.5.0 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.txt diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 470e512..db1dffa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,7 +31,7 @@ jobs: private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} @@ -45,7 +45,7 @@ jobs: # https://github.com/sigstore/cosign-installer - name: Install Cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@v3.8.2 + uses: sigstore/cosign-installer@v3.9.2 with: cosign-release: 'v2.4.0' @@ -95,7 +95,7 @@ jobs: id-token: write steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Login to Docker Hub uses: docker/login-action@v3