From 28be5361a4112eff03ff7919bbf624cbbb9894f1 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Fri, 12 Jan 2024 05:09:25 +0100 Subject: [PATCH] chore(deps): update workflows (major) (#709) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | major | `v3` -> `v4` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | major | `v4.1.0` -> `v5.0.0` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | major | `v4` -> `v5` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | major | `v3.1.3` -> `v4.0.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | major | `v2.23.0` -> `v3.23.0` | --- ### Release Notes
actions/download-artifact (actions/download-artifact) ### [`v4`](https://togithub.com/actions/download-artifact/compare/v3...v4) [Compare Source](https://togithub.com/actions/download-artifact/compare/v3...v4)
actions/setup-go (actions/setup-go) ### [`v5.0.0`](https://togithub.com/actions/setup-go/releases/tag/v5.0.0) [Compare Source](https://togithub.com/actions/setup-go/compare/v4.1.0...v5.0.0) ##### What's Changed In scope of this release, we change Nodejs runtime from node16 to node20 ([https://github.com/actions/setup-go/pull/421](https://togithub.com/actions/setup-go/pull/421)). Moreover, we update some dependencies to the latest versions ([https://github.com/actions/setup-go/pull/445](https://togithub.com/actions/setup-go/pull/445)). Besides, this release contains such changes as: - Fix hosted tool cache usage on windows by [@​galargh](https://togithub.com/galargh) in [https://github.com/actions/setup-go/pull/411](https://togithub.com/actions/setup-go/pull/411) - Improve documentation regarding dependencies caching by [@​artemgavrilov](https://togithub.com/artemgavrilov) in [https://github.com/actions/setup-go/pull/417](https://togithub.com/actions/setup-go/pull/417) ##### New Contributors - [@​galargh](https://togithub.com/galargh) made their first contribution in [https://github.com/actions/setup-go/pull/411](https://togithub.com/actions/setup-go/pull/411) - [@​artemgavrilov](https://togithub.com/artemgavrilov) made their first contribution in [https://github.com/actions/setup-go/pull/417](https://togithub.com/actions/setup-go/pull/417) - [@​chenrui333](https://togithub.com/chenrui333) made their first contribution in [https://github.com/actions/setup-go/pull/421](https://togithub.com/actions/setup-go/pull/421) **Full Changelog**: https://github.com/actions/setup-go/compare/v4...v5.0.0
actions/upload-artifact (actions/upload-artifact) ### [`v4.0.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.3...v4.0.0) #### What's Changed The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements. For more information, see the [@​actions/artifact](https://togithub.com/actions/toolkit/tree/main/packages/artifact) documentation. #### New Contributors - [@​vmjoseph](https://togithub.com/vmjoseph) made their first contribution in [https://github.com/actions/upload-artifact/pull/464](https://togithub.com/actions/upload-artifact/pull/464) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v3...v4.0.0
github/codeql-action (github/codeql-action) ### [`v3.23.0`](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0) ### [`v3.22.12`](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12) ### [`v3.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.11...v3.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v3.22.11)
--- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). đŸšĻ **Automerge**: Disabled by config. Please merge this manually once you are satisfied. â™ģ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. đŸ‘ģ **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). --- .github/workflows/checks.yml | 4 ++-- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/goreleaser.yml | 2 +- .github/workflows/osv-scanner-reusable-pr.yml | 8 ++++---- .github/workflows/osv-scanner-reusable.yml | 6 +++--- .github/workflows/prerelease-check.yml | 4 ++-- .github/workflows/scorecards.yml | 4 ++-- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 0046e1f293..652555b59c 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -46,7 +46,7 @@ jobs: with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version-file: .go-version check-latest: true @@ -65,7 +65,7 @@ jobs: with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version-file: .go-version check-latest: true diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index de2acd0679..d2c7c1a055 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -43,12 +43,12 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Update go to the latest version to support minor go versions is go.mod file - name: Install Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0 + uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -59,7 +59,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0 + uses: github/codeql-action/autobuild@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -73,4 +73,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0 + uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 8a118e0d99..91e6c16e18 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -28,7 +28,7 @@ jobs: fetch-depth: 0 ref: ${{ inputs.commit }} - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version-file: .go-version check-latest: true diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml index 141305734c..6c9d4028c5 100644 --- a/.github/workflows/osv-scanner-reusable-pr.yml +++ b/.github/workflows/osv-scanner-reusable-pr.yml @@ -83,21 +83,21 @@ jobs: # format to the repository Actions tab. - name: "Upload artifact" if: "!cancelled()" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 with: name: SARIF file path: ${{ inputs.results-file-name }} retention-days: 5 - name: "Upload old scan json results" if: "!cancelled()" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 with: name: old-json-results path: old-results.json retention-days: 5 - name: "Upload new scan json results" if: "!cancelled()" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 with: name: new-json-results path: new-results.json @@ -105,6 +105,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: ${{ !cancelled() && inputs.upload-sarif == true }} - uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0 + uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: sarif_file: ${{ inputs.results-file-name }} diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml index 6e8220b086..9411462050 100644 --- a/.github/workflows/osv-scanner-reusable.yml +++ b/.github/workflows/osv-scanner-reusable.yml @@ -55,7 +55,7 @@ jobs: with: persist-credentials: false - name: "Download custom artifact if specified" - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 if: "${{ inputs.download-artifact != '' }}" with: name: "${{ inputs.download-artifact }}" @@ -80,7 +80,7 @@ jobs: # format to the repository Actions tab. - name: "Upload artifact" if: "!cancelled()" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 with: name: SARIF file path: ${{ inputs.results-file-name }} @@ -88,6 +88,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: "${{ !cancelled() && inputs.upload-sarif == true }}" - uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0 + uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: sarif_file: ${{ inputs.results-file-name }} diff --git a/.github/workflows/prerelease-check.yml b/.github/workflows/prerelease-check.yml index 1dc95a42f6..9a4ba89356 100644 --- a/.github/workflows/prerelease-check.yml +++ b/.github/workflows/prerelease-check.yml @@ -47,7 +47,7 @@ jobs: persist-credentials: false ref: ${{ inputs.commit }} - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version-file: .go-version check-latest: true @@ -67,7 +67,7 @@ jobs: persist-credentials: false ref: ${{ inputs.commit }} - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version-file: .go-version check-latest: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2260824823..aebf44a3c4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0 + uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: sarif_file: results.sarif