From 13edbb72dcde8c28aa5a223d27c7f31fb21b74bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 05:36:53 -0400 Subject: [PATCH 1/3] Bump actions/checkout from 4.2.0 to 4.2.1 (#694) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/d632683dd7b4114ad314bca15554477dd762a938...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/base-ci-goreleaser.yaml | 2 +- .github/workflows/base-release.yaml | 4 ++-- .github/workflows/builder-release.yaml | 4 ++-- .github/workflows/builder-testbuild.yaml | 4 ++-- .github/workflows/ci.yaml | 2 +- .github/workflows/package-tests.yaml | 2 +- .github/workflows/shellcheck.yml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/base-ci-goreleaser.yaml b/.github/workflows/base-ci-goreleaser.yaml index ba30186d..9f790a6a 100644 --- a/.github/workflows/base-ci-goreleaser.yaml +++ b/.github/workflows/base-ci-goreleaser.yaml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/base-release.yaml b/.github/workflows/base-release.yaml index 03e2506a..d2b3f129 100644 --- a/.github/workflows/base-release.yaml +++ b/.github/workflows/base-release.yaml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 @@ -111,7 +111,7 @@ jobs: contents: write steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/builder-release.yaml b/.github/workflows/builder-release.yaml index e9195b38..0b42fb36 100644 --- a/.github/workflows/builder-release.yaml +++ b/.github/workflows/builder-release.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Releases Repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - name: Push cmd/builder Tag @@ -21,7 +21,7 @@ jobs: git tag -a "${tag}" -m "${message}" git push origin "${tag}" - name: Checkout Core Repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 repository: "open-telemetry/opentelemetry-collector" diff --git a/.github/workflows/builder-testbuild.yaml b/.github/workflows/builder-testbuild.yaml index 4d081252..f9a1a79b 100644 --- a/.github/workflows/builder-testbuild.yaml +++ b/.github/workflows/builder-testbuild.yaml @@ -27,11 +27,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Releases Repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - name: Checkout Core Repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 repository: "open-telemetry/opentelemetry-collector" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 885baca3..85877c06 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/package-tests.yaml b/.github/workflows/package-tests.yaml index d6f227d7..9f7ca3fe 100644 --- a/.github/workflows/package-tests.yaml +++ b/.github/workflows/package-tests.yaml @@ -19,7 +19,7 @@ jobs: type: ${{ fromJSON(inputs.type) }} steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Download built artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 5fdd569a..3299b41c 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -10,7 +10,7 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run ShellCheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 env: From 60b1d3850c71bbd9ce134ca73e6da2cf38b2cfb3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 05:51:58 -0400 Subject: [PATCH 2/3] Bump anchore/sbom-action from 0.17.2 to 0.17.3 (#696) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.2 to 0.17.3. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/61119d458adab75f756bc0b9e4bde25725f86a7a...f5e124a5e5e1d497a692818ae907d3c45829d033) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/base-release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/base-release.yaml b/.github/workflows/base-release.yaml index d2b3f129..3c8a5918 100644 --- a/.github/workflows/base-release.yaml +++ b/.github/workflows/base-release.yaml @@ -41,7 +41,7 @@ jobs: - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - - uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2 + - uses: anchore/sbom-action/download-syft@f5e124a5e5e1d497a692818ae907d3c45829d033 # v0.17.3 - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: @@ -117,7 +117,7 @@ jobs: - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - - uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2 + - uses: anchore/sbom-action/download-syft@f5e124a5e5e1d497a692818ae907d3c45829d033 # v0.17.3 - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: From 38ce9018acb651a477a3f1e51f46ae33796f987c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 06:05:00 -0400 Subject: [PATCH 3/3] Bump actions/upload-artifact from 4.4.0 to 4.4.3 (#695) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.0 to 4.4.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/50769540e7f4bd5e21e526ee35c689e35e0d6874...b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/base-ci-goreleaser.yaml | 2 +- .github/workflows/base-release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/base-ci-goreleaser.yaml b/.github/workflows/base-ci-goreleaser.yaml index 9f790a6a..a0fad440 100644 --- a/.github/workflows/base-ci-goreleaser.yaml +++ b/.github/workflows/base-ci-goreleaser.yaml @@ -78,7 +78,7 @@ jobs: - name: Upload linux service packages if: ${{ matrix.GOOS == 'linux' && matrix.GOARCH == 'amd64' }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: linux-packages path: distributions/${{ inputs.distribution }}/dist/linux_amd64_v1/* diff --git a/.github/workflows/base-release.yaml b/.github/workflows/base-release.yaml index 3c8a5918..2e496721 100644 --- a/.github/workflows/base-release.yaml +++ b/.github/workflows/base-release.yaml @@ -94,7 +94,7 @@ jobs: COSIGN_YES: true GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} - - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: artifacts-${{ inputs.distribution }}-${{ matrix.GOOS }}-${{ matrix.GOARCH }} path: distributions/${{ inputs.distribution }}/dist/**/*