chore(deps): update workflows (#406)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v3.5.2` -> `v3.5.3` | | [docker/login-action](https://togithub.com/docker/login-action) | action | digest | `f4ef78c` -> `465a078` | | [docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action) | action | digest | `4b4e9c3` -> `ecf9528` | | [docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action) | action | digest | `e81a89b` -> `2b82ce8` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.3.6` -> `v2.20.0` | | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | minor | `v3.5.0` -> `v3.6.0` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v4.2.0` -> `v4.3.0` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.6.0` -> `v1.7.0` | --- ### Release Notes <details> <summary>actions/checkout</summary> ### [`v3.5.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v353) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.2...v3.5.3) - [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://togithub.com/actions/checkout/pull/1196) - [Fix typos found by codespell](https://togithub.com/actions/checkout/pull/1287) - [Add support for sparse checkouts](https://togithub.com/actions/checkout/pull/1369) </details> <details> <summary>github/codeql-action</summary> ### [`v2.20.0`](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) </details> <details> <summary>golangci/golangci-lint-action</summary> ### [`v3.6.0`](https://togithub.com/golangci/golangci-lint-action/releases/tag/v3.6.0) [Compare Source](https://togithub.com/golangci/golangci-lint-action/compare/v3.5.0...v3.6.0) #### What's Changed - docs: fix example by [@yuki0920](https://togithub.com/yuki0920) in [golangci/golangci-lint-action#762 - doc: Add custom configuration file path to args by [@Aisuko](https://togithub.com/Aisuko) in [golangci/golangci-lint-action#767 - feat: add install-mode by [@ldez](https://togithub.com/ldez) in [golangci/golangci-lint-action#768 - feat: support out-format as args by [@jrehwaldt](https://togithub.com/jrehwaldt) in [golangci/golangci-lint-action#769 - fix: out-format by [@ldez](https://togithub.com/ldez) in [golangci/golangci-lint-action#770 #### New Contributors - [@yuki0920](https://togithub.com/yuki0920) made their first contribution in [golangci/golangci-lint-action#762 - [@Aisuko](https://togithub.com/Aisuko) made their first contribution in [golangci/golangci-lint-action#767 - [@ldez](https://togithub.com/ldez) made their first contribution in [golangci/golangci-lint-action#768 - [@jrehwaldt](https://togithub.com/jrehwaldt) made their first contribution in [golangci/golangci-lint-action#769 **Full Changelog**: golangci/golangci-lint-action@v3.5.0...v3.6.0 </details> <details> <summary>goreleaser/goreleaser-action</summary> ### [`v4.3.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.3.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.2.0...v4.3.0) #### What's Changed - Update in command examples by [@arnaduga](https://togithub.com/arnaduga) in [goreleaser/goreleaser-action#393 - chore(deps): bump yargs from 17.6.2 to 17.7.0 by [@dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#395 - Improve documentation for use of `GITHUB_TOKEN` by [@jamietanna](https://togithub.com/jamietanna) in [goreleaser/goreleaser-action#399 - chore(deps): bump actions/setup-go from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#403 - chore(deps): bump docker/bake-action from 2 to 3 by [@dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#408 - chore(deps): bump semver from 7.3.8 to 7.5.0 by [@dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#407 - Bump setup-go action version to v4 in README by [@kishaningithub](https://togithub.com/kishaningithub) in [goreleaser/goreleaser-action#411 - ci: split test and validate workflow by [@crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#413 - chore: update yarn to 3.5.1 by [@crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#412 - chore(deps): bump yargs from 17.7.1 to 17.7.2 by [@dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#410 - feat: support nightly by [@caarlos0](https://togithub.com/caarlos0) in [goreleaser/goreleaser-action#419 #### New Contributors - [@arnaduga](https://togithub.com/arnaduga) made their first contribution in [goreleaser/goreleaser-action#393 - [@jamietanna](https://togithub.com/jamietanna) made their first contribution in [goreleaser/goreleaser-action#399 - [@kishaningithub](https://togithub.com/kishaningithub) made their first contribution in [goreleaser/goreleaser-action#411 **Full Changelog**: goreleaser/goreleaser-action@v4.2.0...v4.3.0 </details> <details> <summary>slsa-framework/slsa-github-generator</summary> ### [`v1.7.0`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.7.0) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0) See the [CHANGELOG](./CHANGELOG.md) for details. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner).
google · Jun 21, 2023 · 668b535 · 668b535
1 parent ecc8b4a
commit 668b535
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 15 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -40,11 +40,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
+        uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,7 +55,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
+        uses: github/codeql-action/autobuild@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -69,4 +69,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
+        uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
@@ -21,7 +21,7 @@ jobs:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           fetch-depth: 0
       - name: Set up Go
@@ -33,17 +33,17 @@ jobs:
         uses: ./.github/workflows/test-action
       - name: Run Lints
         uses: ./.github/workflows/lint-action
-      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2
-      - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2
+      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
+      - uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2
       - name: ghcr-login
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Run GoReleaser
         id: run-goreleaser
-        uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
+        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
         with:
           version: latest
           args: release --rm-dist
@@ -63,7 +63,7 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0
     with:
       base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
       upload-assets: true # upload to a new release

diff --git a/.github/workflows/lint-action/action.yml b/.github/workflows/lint-action/action.yml
@@ -19,7 +19,7 @@ runs:
   using: composite
   steps:
     - name: Run golangci-lint
-      uses: golangci/golangci-lint-action@5f1fec7010f6ae3b84ea4f7b2129beb8639b564f # v3.5.0
+      uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
       with:
         # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
         version: v1.51.1

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           persist-credentials: false
           fetch-depth: 0

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           persist-credentials: false
 
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
+        uses: github/codeql-action/upload-sarif@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           persist-credentials: false
           fetch-depth: 0