From 3608cd05312549c0b2c6a5110cb8f574b436f729 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 09:50:07 +0000 Subject: [PATCH] chore(deps): bump the github-actions group across 1 directory with 4 updates Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [docker/build-push-action](https://github.com/docker/build-push-action), [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) and [docker/login-action](https://github.com/docker/login-action). Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `docker/build-push-action` from 6.18.0 to 6.19.2 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/263435318d21b8e681c14492fe198d362a7d2c83...10e90e3645eae34f1e60eeb005ba3a3d33f178e8) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/b6643a29fecd7f34b3597bc6acb0a98b03d33ff8...c1824fd6edce30d7ab345a9989de00bbd46ef284) Updates `docker/login-action` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/5e57cd118135c172c3672efd75eb46360885c0ef...c94ce9fb468520275223c153574b00df6fe4bcc9) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 6.19.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/baseos-build-publish.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/baseos-build-publish.yml b/.github/workflows/baseos-build-publish.yml index d3e0c59..d267c13 100644 --- a/.github/workflows/baseos-build-publish.yml +++ b/.github/workflows/baseos-build-publish.yml @@ -32,7 +32,7 @@ jobs: files: ${{ steps.list.outputs.files }} steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: List Dockerfiles id: list @@ -54,7 +54,7 @@ jobs: # 1) Checkout full history (needed for tag logic, SBOM provenance, etc.) # ----------------------------------------------------------------------------------------------- - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history needed for tags and provenance @@ -125,7 +125,7 @@ jobs: - name: Build (LOCAL ONLY) with Buildx id: build_local - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 env: DOCKER_BUILD_SUMMARY: false # Explicitly disable build reports/artifacts with: @@ -172,7 +172,7 @@ jobs: # Grype scan results are collected but do not fail the build # ----------------------------------------------------------------------------------------------- - name: Trivy scan - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1 + uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0 with: image-ref: ${{ env.LOCAL_IMAGE }} ignore-unfixed: true @@ -245,7 +245,7 @@ jobs: # 6) Login, push, generate SBOM & provenance **only if all previous steps succeeded** # ----------------------------------------------------------------------------------------------- - name: Login to GHCR - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ${{ env.DEFAULT_REGISTRY }} username: ${{ github.actor }} @@ -254,7 +254,7 @@ jobs: - name: Login to Docker Hub (best effort) if: success() continue-on-error: true - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 with: registry: docker.io username: ${{ github.actor }} @@ -263,7 +263,7 @@ jobs: - name: Re-build & PUSH image to GHCR with SBOM + provenance id: push_remote if: success() # <-- guard: only runs if every previous step succeeded - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 env: DOCKER_BUILD_SUMMARY: false # Explicitly disable build reports/artifacts with: