From a53b87190eb20bfa89b4968ef0cba7491cba4df7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 15 Mar 2026 22:12:50 +0000 Subject: [PATCH] Bump the ci group with 3 updates Bumps the ci group with 3 updates: [docker/github-builder/.github/workflows/build.yml](https://github.com/docker/github-builder), [docker/scout-action](https://github.com/docker/scout-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `docker/github-builder/.github/workflows/build.yml` from 1.1.0 to 1.2.0 - [Release notes](https://github.com/docker/github-builder/releases) - [Commits](https://github.com/docker/github-builder/compare/abff7868c866c54704b6afa9ad5871948ca97334...1fbf7b561327a08e044298fe9684dac8d248c7d9) Updates `docker/scout-action` from 1.20.1 to 1.20.2 - [Release notes](https://github.com/docker/scout-action/releases) - [Commits](https://github.com/docker/scout-action/compare/75ec1d410792f411fb41df7ab69a62d14d9b6884...1128f02d1e60f339af7306e0e62b9fdc13d9fab9) Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/faadad0cce49287aee09b3a48701e75088a2c6ad...ba7bc0a3fef59531c69a25acd34668d6d3fe6f22) --- updated-dependencies: - dependency-name: docker/github-builder/.github/workflows/build.yml dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/scout-action dependency-version: 1.20.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 4 ++-- .github/workflows/release.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4e62f6a..28566fb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -28,7 +28,7 @@ jobs: with: version: latest test-multi-arch-build: - uses: docker/github-builder/.github/workflows/build.yml@abff7868c866c54704b6afa9ad5871948ca97334 # v1.1.0 + uses: docker/github-builder/.github/workflows/build.yml@1fbf7b561327a08e044298fe9684dac8d248c7d9 # v1.2.0 if: ${{ !github.event.pull_request.head.repo.fork }} with: output: image @@ -115,7 +115,7 @@ jobs: run: | docker images - name: Docker Scout Comparison between main branch and current PR branch - uses: docker/scout-action@75ec1d410792f411fb41df7ab69a62d14d9b6884 # v1.20.1 + uses: docker/scout-action@1128f02d1e60f339af7306e0e62b9fdc13d9fab9 # v1.20.2 with: command: compare image: local://score-radius:pr-${{ github.event.number }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4232165..0f2ec5b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -30,7 +30,7 @@ jobs: with: version: latest - name: Install Cosign - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0 - name: Run GoReleaser uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 with: @@ -41,7 +41,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }} release-container-image: - uses: docker/github-builder/.github/workflows/build.yml@abff7868c866c54704b6afa9ad5871948ca97334 # v1.1.0 + uses: docker/github-builder/.github/workflows/build.yml@1fbf7b561327a08e044298fe9684dac8d248c7d9 # v1.2.0 permissions: id-token: write # to sign attestation(s) with GitHub OIDC Token packages: write # to push container image to ghcr