From 109bb0fd93e5b4f45480aa719d68c8aad0b14ba8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 06:06:45 +0000 Subject: [PATCH 1/2] build(deps): bump actions/checkout from 6.0.0 to 6.0.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 6 +++--- .github/workflows/differential-shellcheck.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c60e4a4..ef7d2a7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,7 +17,7 @@ jobs: with: metric_frequency: 1 comment_on_pr: false - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - uses: ./.github/actions/setup with: arch: ${{ matrix.arch }} @@ -40,7 +40,7 @@ jobs: with: metric_frequency: 1 comment_on_pr: false - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: publish builder container images if: github.ref == 'refs/heads/main' run: | @@ -66,7 +66,7 @@ jobs: needs: push if: github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: tag latest run: | git tag --force latest diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml index 9751822..f5a989e 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # pin@v4.1.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # pin@v4.1.1 with: fetch-depth: 0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d74b74e..c5cb236 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' && github.event.inputs.component != '' steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 with: fetch-depth: 0 - run: echo Version Component to Increase is ${{ github.event.inputs.component }} From cdd3f9c1a33931c7f7e8534a78cf585486b9d007 Mon Sep 17 00:00:00 2001 From: Florian Wilhelm Date: Mon, 8 Dec 2025 10:34:56 +0100 Subject: [PATCH 2/2] Pin actions versions --- .github/workflows/build.yml | 18 +++++++++--------- .github/workflows/release.yml | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ef7d2a7..3304b3e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,11 +13,11 @@ jobs: run: shell: bash steps: - - uses: gardenlinux/workflow-telemetry-action@v2 + - uses: gardenlinux/workflow-telemetry-action@9742ad16c70308bc8fa5f850d6ee6b22f2cce076 # v2 with: metric_frequency: 1 comment_on_pr: false - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/setup with: arch: ${{ matrix.arch }} @@ -36,11 +36,11 @@ jobs: run: shell: bash steps: - - uses: gardenlinux/workflow-telemetry-action@v2 + - uses: gardenlinux/workflow-telemetry-action@9742ad16c70308bc8fa5f850d6ee6b22f2cce076 # v2 with: metric_frequency: 1 comment_on_pr: false - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: publish builder container images if: github.ref == 'refs/heads/main' run: | @@ -50,11 +50,11 @@ jobs: podman manifest add ghcr.io/${{ github.repository }}:${{ github.sha }} ghcr.io/${{ github.repository }}:arm64-${{ github.sha }} podman push ghcr.io/${{ github.repository }}:${{ github.sha }} sed -i 's|container_image=localhost/builder|container_image=ghcr.io/${{ github.repository }}:${{ github.sha }}|' build - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: build path: build - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: build.config path: build.config @@ -66,16 +66,16 @@ jobs: needs: push if: github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: tag latest run: | git tag --force latest git push --force origin latest - - uses: actions/download-artifact@v6 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: build path: download - - uses: actions/download-artifact@v6 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: build.config path: download diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c5cb236..5d1841f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' && github.event.inputs.component != '' steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - run: echo Version Component to Increase is ${{ github.event.inputs.component }}