Bump the actions-deps group across 1 directory with 9 updates

.github/workflows/actionlint.yml

@@ -34,12 +34,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Harden Runner"
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: "Checkout"
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
 

.github/workflows/api-server.yml

@@ -30,10 +30,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: '1.21.6'
 
@@ -65,9 +65,9 @@ jobs:
       run:
         working-directory: api-server
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: '1.21.6'
 
@@ -95,7 +95,7 @@ jobs:
     if: ${{ github.event_name == 'push' }}
     steps:
       - name: download tar.gz binary artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: apiserver-darwin-packages-tar
           path: ./dist/packages
@@ -105,7 +105,7 @@ jobs:
         working-directory: ./dist/packages
 
       - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{ secrets.AWS_ROLE }}
           role-session-name: apiserver-ci-deploy
@@ -121,9 +121,9 @@ jobs:
       run:
         working-directory: api-server
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: '1.21.6'
 
@@ -151,7 +151,7 @@ jobs:
     if: ${{ github.event_name == 'push' }}
     steps:
       - name: download tar.gz binary artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: apiserver-linux-packages-tar
           path: ./dist/packages
@@ -161,7 +161,7 @@ jobs:
         working-directory: ./dist/packages
 
       - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{ secrets.AWS_ROLE }}
           role-session-name: apiserver-ci-deploy

.github/workflows/cherry-pick.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/devcontainer-image.yml

@@ -27,7 +27,7 @@ jobs:
 
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ secrets.BOT_PAT }}
           ref: 'main'
@@ -59,7 +59,7 @@ jobs:
 
       - name: Get Pull Request Number from Commit
         id: get_pr_number
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             console.log("Repository owner:", context.repo.owner);
@@ -115,7 +115,7 @@ jobs:
           file: src/Containerfile
 
       - name: Generate devcontainer GHCR artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_DEV_IMAGE_NAME}}
           subject-digest: ${{ steps.push-dev-ghcr.outputs.digest }}
@@ -137,7 +137,7 @@ jobs:
           file: src/Containerfile
 
       - name: Generate devcontainer Quay artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_DEV_IMAGE_NAME}}
           subject-digest: ${{ steps.push-dev-quay.outputs.digest }}

.github/workflows/lint-jobs.yml

@@ -19,7 +19,7 @@ jobs:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Run ShellCheck
         uses: ludeeus/action-shellcheck@master
         env:
@@ -28,8 +28,8 @@ jobs:
   markdown-lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: markdownlint-cli2-action
-        uses: DavidAnson/markdownlint-cli2-action@v19
+        uses: DavidAnson/markdownlint-cli2-action@v20
         with:
           globs: "**/*.md"

.github/workflows/lint-ui.yml

@@ -27,9 +27,9 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: '22'
       - name: Install dependencies

.github/workflows/pr-healthcheck-sidecar-image.yml

@@ -27,7 +27,7 @@ jobs:
 
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ secrets.BOT_PAT }}
           ref: 'main'
@@ -59,7 +59,7 @@ jobs:
 
       - name: Get Pull Request Number from Commit
         id: get_pr_number
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             console.log("Repository owner:", context.repo.owner);
@@ -114,7 +114,7 @@ jobs:
           file: healthcheck-sidecar/Containerfile
 
       - name: Generate GHCR artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_HS_IMAGE_NAME}}
           subject-digest: ${{ steps.push-hs-ghcr.outputs.digest }}
@@ -136,7 +136,7 @@ jobs:
           file: healthcheck-sidecar/Containerfile
 
       - name: Generate QA HS Quay artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_HS_IMAGE_NAME}}
           subject-digest: ${{ steps.push-hs-quay.outputs.digest }}

.github/workflows/pr-images.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ secrets.BOT_PAT }}
           ref: 'main'
@@ -71,7 +71,7 @@ jobs:
       - name: Get Pull Request Number from Commit
         if: env.SKIP_WORKFLOW == 'false'
         id: get_pr_number
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             console.log("Repository owner:", context.repo.owner);
@@ -130,7 +130,7 @@ jobs:
 
       - name: Generate GHCR artifact attestation
         if: env.SKIP_WORKFLOW == 'false'
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}}
           subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }}
@@ -154,7 +154,7 @@ jobs:
 
       - name: Generate QA UI Quay artifact attestation
         if: env.SKIP_WORKFLOW == 'false'
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
           subject-digest: ${{ steps.push-ui-quay.outputs.digest }}

.github/workflows/release-images.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Log in to the GHCR container image registry
         uses: docker/login-action@v3
@@ -75,7 +75,7 @@ jobs:
           file: src/Containerfile
 
       - name: Generate Prod UI GHCR artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}}
           subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }}
@@ -95,14 +95,14 @@ jobs:
           file: src/Containerfile
 
       - name: Generate PROD UI Quay artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
           subject-digest: ${{ steps.push-ui-quay.outputs.digest }}
           push-to-registry: true
 
       - name: Re-Checkout main on the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ secrets.BOT_PAT }}
           ref: main