From 1982ba9bdd491332c55797a4b007685b043ce1bb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 14:01:01 +0000 Subject: [PATCH] deps: update github actions --- .github/workflows/checkton-self.yaml | 4 ++-- .github/workflows/prepare-release.yaml | 8 ++++---- .github/workflows/release.yaml | 2 +- .github/workflows/tests.yaml | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/checkton-self.yaml b/.github/workflows/checkton-self.yaml index e30fd44..cfc20d2 100644 --- a/.github/workflows/checkton-self.yaml +++ b/.github/workflows/checkton-self.yaml @@ -9,7 +9,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -29,7 +29,7 @@ jobs: fail-on-findings: false - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@45580472a5bb82c4681c4ac726cfdb60060c2ee1 # v3 + uses: github/codeql-action/upload-sarif@b8bb9f28b8d3f992092362369c57161b755dea45 # v4 with: sarif_file: ${{ steps.checkton.outputs.sarif }} # Avoid clashing with ShellCheck diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml index 06fa33e..33a85ab 100644 --- a/.github/workflows/prepare-release.yaml +++ b/.github/workflows/prepare-release.yaml @@ -37,7 +37,7 @@ jobs: exit 1 fi - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Build image uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 @@ -79,14 +79,14 @@ jobs: ${{ inputs.version }} - name: Generate image attestation - uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4 with: subject-name: ${{ env.IMAGE }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true - name: Generate SBOM attestation - uses: actions/attest-sbom@bd218ad0dbcb3e146bd073d1d9c6d78e08aa8a0b # v2 + uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4 with: subject-name: ${{ env.IMAGE }} subject-digest: ${{ steps.push.outputs.digest }} @@ -104,7 +104,7 @@ jobs: DIGEST: ${{ needs.build.outputs.digest }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # differential-checkton tests require full commit history fetch-depth: 0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1394012..e0a4e70 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Verify that tag matches image version in action.yaml run: | diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 07766cd..9a9393e 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # differential-checkton tests require full commit history fetch-depth: 0