From 06dd1af21f3f8968520e66da39c4b6736ed8f07a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:12:53 +0000 Subject: [PATCH] build(deps): bump the ci group across 1 directory with 3 updates Bumps the ci group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-go](https://github.com/actions/setup-go) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-go` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/4dc6199c7b1a012772edbd06daecab0f50c9053c...7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5) Updates `github/codeql-action` from 4.31.9 to 4.32.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...b20883b0cd1f46c72ae0ba6d1090936928f9fa30) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: actions/setup-go dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: github/codeql-action dependency-version: 4.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] --- .github/workflows/actions.yaml | 2 +- .github/workflows/build.yaml | 4 ++-- .github/workflows/cifuzz.yaml | 4 ++-- .github/workflows/e2e.yaml | 4 ++-- .github/workflows/integration-aws.yaml | 4 ++-- .github/workflows/integration-azure.yaml | 4 ++-- .github/workflows/integration-cleanup.yaml | 12 ++++++------ .github/workflows/integration-gcp.yaml | 4 ++-- .github/workflows/ossf.yaml | 4 ++-- .github/workflows/preview-release.yaml | 4 ++-- .github/workflows/scan.yaml | 10 +++++----- .github/workflows/sync-labels.yaml | 2 +- 12 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml index 9137d6b2..88865f32 100644 --- a/.github/workflows/actions.yaml +++ b/.github/workflows/actions.yaml @@ -21,7 +21,7 @@ jobs: name: actions on ${{ matrix.version }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup yq uses: ./actions/yq - name: Setup kubeconform diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index cc2c2edb..30bbe0c6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -17,9 +17,9 @@ jobs: chunk: ["1/4", "2/4", "3/4", "4/4"] steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x # https://github.com/actions/setup-go/blob/main/docs/adrs/0000-caching-dependencies.md#example-of-real-use-cases diff --git a/.github/workflows/cifuzz.yaml b/.github/workflows/cifuzz.yaml index 9130f6e9..4be442ed 100644 --- a/.github/workflows/cifuzz.yaml +++ b/.github/workflows/cifuzz.yaml @@ -12,9 +12,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x # https://github.com/actions/setup-go/blob/main/docs/adrs/0000-caching-dependencies.md#example-of-real-use-cases diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 66337351..4df5cacd 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -24,7 +24,7 @@ jobs: - github steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Since this is a monorepo, changes in other packages will also trigger these e2e tests # meant only for the git package. This detects us whether the changed files are part of the @@ -41,7 +41,7 @@ jobs: - 'git/**' - name: Setup Go if: ${{ steps.filter.outputs.git == 'true' || steps.filter.outputs.e2e == 'true' || github.event_name == 'workflow_dispatch' }} - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x # https://github.com/actions/setup-go/blob/main/docs/adrs/0000-caching-dependencies.md#example-of-real-use-cases diff --git a/.github/workflows/integration-aws.yaml b/.github/workflows/integration-aws.yaml index a2fca1d8..e2c49be1 100644 --- a/.github/workflows/integration-aws.yaml +++ b/.github/workflows/integration-aws.yaml @@ -26,9 +26,9 @@ jobs: working-directory: ./tests/integration steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x cache-dependency-path: tests/integration/go.sum diff --git a/.github/workflows/integration-azure.yaml b/.github/workflows/integration-azure.yaml index 4c9eb289..d3043020 100644 --- a/.github/workflows/integration-azure.yaml +++ b/.github/workflows/integration-azure.yaml @@ -25,9 +25,9 @@ jobs: working-directory: ./tests/integration steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x cache-dependency-path: tests/integration/go.sum diff --git a/.github/workflows/integration-cleanup.yaml b/.github/workflows/integration-cleanup.yaml index a6fd8ee7..f7721231 100644 --- a/.github/workflows/integration-cleanup.yaml +++ b/.github/workflows/integration-cleanup.yaml @@ -16,11 +16,11 @@ jobs: working-directory: ./tools/reaper steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: fluxcd/test-infra - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x cache-dependency-path: ./tools/reaper/go.sum @@ -43,11 +43,11 @@ jobs: if: true steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: fluxcd/test-infra - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x cache-dependency-path: ./tools/reaper/go.sum @@ -66,11 +66,11 @@ jobs: if: true steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: fluxcd/test-infra - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x cache-dependency-path: ./tools/reaper/go.sum diff --git a/.github/workflows/integration-gcp.yaml b/.github/workflows/integration-gcp.yaml index de70efc3..0e7f22cd 100644 --- a/.github/workflows/integration-gcp.yaml +++ b/.github/workflows/integration-gcp.yaml @@ -25,9 +25,9 @@ jobs: working-directory: ./tests/integration steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x cache-dependency-path: tests/integration/go.sum diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index 8fcacc32..707a5d65 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Run analysis" uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: @@ -50,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: sarif_file: results.sarif diff --git a/.github/workflows/preview-release.yaml b/.github/workflows/preview-release.yaml index 77d04ff7..03f43825 100644 --- a/.github/workflows/preview-release.yaml +++ b/.github/workflows/preview-release.yaml @@ -10,11 +10,11 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - run: git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - run: git config --global user.name "github-actions[bot]" - run: make tools diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index bb1c4b23..fa74c9e5 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -19,22 +19,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: 1.25.x cache-dependency-path: | **/go.sum **/go.mod - name: Initialize CodeQL - uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: languages: go # xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # xref: https://codeql.github.com/codeql-query-help/go/ queries: security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 diff --git a/.github/workflows/sync-labels.yaml b/.github/workflows/sync-labels.yaml index 4095e85d..74e2752a 100644 --- a/.github/workflows/sync-labels.yaml +++ b/.github/workflows/sync-labels.yaml @@ -17,7 +17,7 @@ jobs: permissions: issues: write steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: EndBug/label-sync@52074158190acb45f3077f9099fea818aa43f97a # v2.3.3 with: # Configuration file