Merge pull request #1336 from flux-iac/dependabot/github_actions/gh-m…

…inor-e15f0431c8

Bump the gh-minor group across 1 directory with 8 updates

.github/workflows/build-and-publish.yaml

@@ -62,17 +62,17 @@ jobs:
  platforms: all
  - name: Setup Docker Buildx
  id: buildx
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+ uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
  with:
  buildkitd-flags: "--debug"
  - name: Login to GitHub Container Registry
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+ uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}
  password: ${{ secrets.GITHUB_TOKEN }}
  - name: Publish multi-arch tf-controller container image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  builder: ${{ steps.buildx.outputs.name }}
@@ -91,7 +91,7 @@ jobs:
  org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
  org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
  - name: Build multi-arch tf-runner base image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  builder: ${{ steps.buildx.outputs.name }}
@@ -112,7 +112,7 @@ jobs:
  org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
  org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
  - name: Publish multi-arch tf-runner container image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  builder: ${{ steps.buildx.outputs.name }}
@@ -131,7 +131,7 @@ jobs:
  org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
  org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
  - name: Publish multi-arch branch-planner container image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  builder: ${{ steps.buildx.outputs.name }}

.github/workflows/e2e.yaml

@@ -42,7 +42,7 @@ jobs:
  restore-keys: |
  ${{ runner.os }}-buildx-ghcache-
  - name: Setup Kubernetes
- uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
+ uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
  with:
  version: v0.18.0
  node_image: kindest/node:v1.24.12@sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16

.github/workflows/helm-release.yaml

@@ -19,7 +19,7 @@ jobs:
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  - name: Login to GitHub Container Registry
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+ uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}

.github/workflows/helm-test.yaml

@@ -62,7 +62,7 @@ jobs:
  if: steps.list-changed.outputs.changed == 'true'
 
  - name: Create kind cluster
- uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
+ uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
  if: steps.list-changed.outputs.changed == 'true'
 
  - name: Load test images into KIND

.github/workflows/ossf.yaml

@@ -25,7 +25,7 @@ jobs:
  persist-credentials: false
 
  - name: "Run analysis"
- uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
+ uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
  with:
  results_file: results.sarif
  results_format: sarif

.github/workflows/release-runners.yaml

@@ -36,17 +36,17 @@ jobs:
  platforms: all
  - name: Setup Docker Buildx
  id: buildx
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+ uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
  with:
  buildkitd-flags: "--debug"
  - name: Login to Docker Registry
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+ uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}
  password: ${{ secrets.GITHUB_TOKEN }}
  - name: Publish multi-arch tf-runner base image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  no-cache: true
@@ -85,17 +85,17 @@ jobs:
  platforms: all
  - name: Setup Docker Buildx
  id: buildx
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+ uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
  with:
  buildkitd-flags: "--debug"
  - name: Login to Docker Registry
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+ uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}
  password: ${{ secrets.GITHUB_TOKEN }}
  - name: Publish multi-arch tf-runner MPL images
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  no-cache: true

.github/workflows/release.yaml

@@ -34,9 +34,9 @@ jobs:
  - name: Setup Kustomize
  uses: fluxcd/pkg/actions/kustomize@1bfad582060d2d6e464756fbd5d7a2b2fa4f75b9 # main
  - name: Setup Cosign
- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
+ uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
  - name: Setup Syft
- uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+ uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
  - name: Prepare
  id: prep
  run: |
@@ -52,17 +52,17 @@ jobs:
  platforms: all
  - name: Setup Docker Buildx
  id: buildx
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+ uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
  with:
  buildkitd-flags: "--debug"
  - name: Login to GitHub Container Registry
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+ uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}
  password: ${{ secrets.GITHUB_TOKEN }}
  - name: Publish multi-arch tofu-controller container image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  no-cache: true
@@ -83,7 +83,7 @@ jobs:
  org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
  org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
  - name: Publish multi-arch tf-runner base image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  builder: ${{ steps.buildx.outputs.name }}
@@ -102,7 +102,7 @@ jobs:
  org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
  org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
  - name: Publish multi-arch tf-runner container image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  no-cache: true
@@ -123,7 +123,7 @@ jobs:
  org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
  org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
  - name: Publish multi-arch tf-runner-azure container image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  no-cache: true
@@ -144,7 +144,7 @@ jobs:
  org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
  org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
  - name: Publish multi-arch branch-planner container image
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
  with:
  push: true
  no-cache: true

.github/workflows/scan.yaml

@@ -57,7 +57,7 @@ jobs:
  run: |
  make docker-buildx
  - name: Run Trivy vulnerability scanner on controller image
- uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # v0.12.0
+ uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
  with:
  image-ref: 'ghcr.io/flux-iac/tofu-controller:latest'
  format: 'table'
@@ -66,7 +66,7 @@ jobs:
  vuln-type: 'os,library'
  severity: 'CRITICAL,HIGH'
  - name: Run Trivy vulnerability scanner on runner image
- uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # v0.12.0
+ uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
  with:
  image-ref: 'ghcr.io/flux-iac/tf-runner:latest'
  format: 'table'
@@ -76,7 +76,7 @@ jobs:
  severity: 'CRITICAL,HIGH'
  skip-files: '/usr/local/bin/terraform' # false positive
  - name: Run Trivy vulnerability scanner on runner image
- uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # v0.12.0
+ uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
  with:
  image-ref: 'ghcr.io/flux-iac/tf-runner-azure:latest'
  format: 'table'
@@ -86,7 +86,7 @@ jobs:
  severity: 'CRITICAL,HIGH'
  skip-files: '/usr/local/bin/terraform' # false positive
  - name: Run Trivy vulnerability scanner on planner image
- uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # v0.12.0
+ uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
  with:
  image-ref: 'ghcr.io/flux-iac/branch-planner:latest'
  format: 'table'