chore(deps): update github-actions (#1940)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | minor | `v3.3.0` -> `v3.5.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v2.2.9` -> `v2.2.11` | | [sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer) | action | patch | `v3.0.1` -> `v3.0.2` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout</summary> ### [`v3.5.0`](https://togithub.com/actions/checkout/releases/tag/v3.5.0) [Compare Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0) #### What's Changed - Add new public key for known_hosts by [@cdb](https://togithub.com/cdb) in [actions/checkout#1237 #### New Contributors - [@cdb](https://togithub.com/cdb) made their first contribution in [actions/checkout#1237 **Full Changelog**: actions/checkout@v3.4.0...v3.5.0 ### [`v3.4.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340) [Compare Source](https://togithub.com/actions/checkout/compare/v3.3.0...v3.4.0) - [Upgrade codeql actions to v2](https://togithub.com/actions/checkout/pull/1209) - [Upgrade dependencies](https://togithub.com/actions/checkout/pull/1210) - [Upgrade @actions/io](https://togithub.com/actions/checkout/pull/1225) </details> <details> <summary>github/codeql-action</summary> ### [`v2.2.11`](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11) ### [`v2.2.10`](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10) </details> <details> <summary>sigstore/cosign-installer</summary> ### [`v3.0.2`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.2) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.1...v3.0.2) ##### What's Changed - add --yes to example workflow by [@sebhoss](https://togithub.com/sebhoss) in [sigstore/cosign-installer#110 - Fix aarch64 action run by [@ananos](https://togithub.com/ananos) in [sigstore/cosign-installer#113 - Bump actions/checkout from 3.3.0 to 3.4.0 by [@dependabot](https://togithub.com/dependabot) in [sigstore/cosign-installer#115 - Bump actions/setup-go from 3.5.0 to 4.0.0 by [@dependabot](https://togithub.com/dependabot) in [sigstore/cosign-installer#114 - Bump actions/checkout from 3.4.0 to 3.5.0 by [@dependabot](https://togithub.com/dependabot) in [sigstore/cosign-installer#116 - default cosign to v2.0.1 by [@cpanato](https://togithub.com/cpanato) in [sigstore/cosign-installer#117 ##### New Contributors - [@sebhoss](https://togithub.com/sebhoss) made their first contribution in [sigstore/cosign-installer#110 - [@ananos](https://togithub.com/ananos) made their first contribution in [sigstore/cosign-installer#113 **Full Changelog**: sigstore/cosign-installer@v3...v3.0.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/slsa-framework/slsa-github-generator).  Signed-off-by: Renovate Bot <bot@renovateapp.com>
slsa-framework · Apr 10, 2023 · 51bc20a · 51bc20a
1 parent 6899d7d
commit 51bc20a
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 7 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9
+        uses: github/codeql-action/init@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9
+        uses: github/codeql-action/autobuild@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
 
       # Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,7 +71,7 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9
+        uses: github/codeql-action/analyze@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
 
   # NOTE: Checks that the matrix job above completes successfully.
   # This is necessary because the matrix strategy generates new jobs with

diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml
@@ -146,7 +146,7 @@ jobs:
           service_account: ${{ inputs.gcp-service-account }}
 
       - id: cosign-install
-        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
+        uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 # v3.0.2
         with:
           cosign-release: v2.0.0
         continue-on-error: true

diff --git a/.github/workflows/pre-submit.base-images.yml b/.github/workflows/pre-submit.base-images.yml
@@ -16,6 +16,6 @@ jobs:
       - name: checkout
         uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
       - name: install cosign
-        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
+        uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 # v3.0.2
       - name: verify images
         run: ./.github/workflows/scripts/verify-base-images.sh
diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml
@@ -17,7 +17,7 @@ jobs:
   markdownlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 16

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9
+        uses: github/codeql-action/upload-sarif@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
         with:
           sarif_file: results.sarif