Skip to content

Commit

Permalink
Update workflows (#1596)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://github.com/actions/checkout) | action |
minor | `v3.5.3` -> `v3.6.0` |
|
[actions/upload-artifact](https://github.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`46e4421` -> `a996638` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | minor | `v2.20.1` -> `v2.21.5` |
|
[pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.8` -> `v1.8.10` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://github.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://github.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://github.com/actions/checkout/pull/579)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://github.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://github.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://github.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://github.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://github.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://github.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.5`](https://github.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.4...v2.21.5)

###
[`v2.21.4`](https://github.com/github/codeql-action/compare/v2.21.3...v2.21.4)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.3...v2.21.4)

###
[`v2.21.3`](https://github.com/github/codeql-action/compare/v2.21.2...v2.21.3)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.2...v2.21.3)

###
[`v2.21.2`](https://github.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://github.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.0...v2.21.1)

###
[`v2.21.0`](https://github.com/github/codeql-action/compare/v2.20.4...v2.21.0)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.4...v2.21.0)

###
[`v2.20.4`](https://github.com/github/codeql-action/compare/v2.20.3...v2.20.4)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.3...v2.20.4)

###
[`v2.20.3`](https://github.com/github/codeql-action/compare/v2.20.2...v2.20.3)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.2...v2.20.3)

###
[`v2.20.2`](https://github.com/github/codeql-action/compare/v2.20.1...v2.20.2)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.1...v2.20.2)

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.10`](https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.10)

[Compare
Source](https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.9...v1.8.10)

#### 🐛 What's Fixed

[@&#8203;woodruffw](https://github.com/woodruffw) fixed decoding OIDC
claims in debug output on failure by applying correct padding to the
encoded payload via
[https://github.com/pypa/gh-action-pypi-publish/pull/177](https://github.com/pypa/gh-action-pypi-publish/pull/177).

**Full Diff**:
pypa/gh-action-pypi-publish@v1.8.9...v1.8.10

###
[`v1.8.9`](https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.9)

[Compare
Source](https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.8...v1.8.9)

#### 💅 Cosmetic output improvements

- [@&#8203;woodruffw](https://github.com/woodruffw) added debug output
to the trusted publishing OIDC exchange on failures in
[https://github.com/pypa/gh-action-pypi-publish/pull/174](https://github.com/pypa/gh-action-pypi-publish/pull/174)
- [@&#8203;woodruffw](https://github.com/woodruffw) implemented
Markdown semantic callouts in README via
[https://github.com/pypa/gh-action-pypi-publish/pull/175](https://github.com/pypa/gh-action-pypi-publish/pull/175)

#### 🛠️ Internal dependencies

- Certifi was bumped from 2023.5.7 to 2023.7.22
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/171](https://github.com/pypa/gh-action-pypi-publish/pull/171)ll/171
- Cryptography was bumped from 41.0.2 to 41.0.3
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/172](https://github.com/pypa/gh-action-pypi-publish/pull/172)ll/172

**Full Diff**:
pypa/gh-action-pypi-publish@v1.8.8...v1.8.9

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi42OC4xIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
  • Loading branch information
renovate-bot authored Sep 11, 2023
1 parent 4142c5b commit ebf45a9
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/link-checker-on-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad
- uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
with:
use-quiet-mode: "yes"
check-modified-files-only: "yes"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/link-checker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad
- uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
with:
use-quiet-mode: "yes"

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish-to-pypi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
build
--sdist --wheel --outdir dist/ .
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # v1.8.8
uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # v1.8.10
with:
password: ${{ secrets.PYPI_API_TOKEN }}
packages_dir: dist/
6 changes: 3 additions & 3 deletions .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
id-token: write
steps:
- name: "Checkout code"
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
persist-credentials: false

Expand All @@ -42,14 +42,14 @@ jobs:

# Upload the results as artifacts (optional).
- name: "Upload artifact"
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
with:
sarif_file: results.sarif

0 comments on commit ebf45a9

Please sign in to comment.