Skip to content

deps: update github actions #3907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

deps: update github actions #3907

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Apr 20, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change Pending
actions/cache action digest d4323d4 -> 0057852
actions/checkout action minor v4.2.2 -> v4.3.0
actions/download-artifact action digest cc20338 -> d3f86a1
actions/github-script action digest 60a0d83 -> f28e40c
actions/setup-go action digest f111f33 -> d35c59a
actions/setup-node action minor v4.3.0 -> v4.4.0
anchore/sbom-action action minor v0.18.0 -> v0.20.9
aquasecurity/trivy-action action minor 0.30.0 -> 0.33.1
docker/build-push-action action minor v6.15.0 -> v6.18.0
docker/login-action action minor v3.3.0 -> v3.6.0
docker/setup-buildx-action action digest b5ca514 -> e468171
github/codeql-action action minor v3.28.11 -> v3.31.2
golangci/golangci-lint-action action digest 4696ba8 -> 55c2c14
googleapis/release-please-action action minor v4.2.0 -> v4.4.0
helm/kind-action action minor v1.12.0 -> v1.13.0
sigstore/cosign-installer action minor v3.8.1 -> v3.10.1
softprops/action-gh-release action minor v2.2.1 -> v2.4.1 v2.4.2

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

What's Changed
Bug fixes:
Enhancement:
Dependency update:
New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

anchore/sbom-action (anchore/sbom-action)

v0.20.9

Compare Source

Changes in v0.20.9

v0.20.8

Compare Source

Changes in v0.20.8

v0.20.7

Compare Source

Changes in v0.20.7

  • chore(deps): update Syft to v1.34.1 (#​544)

v0.20.6

Compare Source

Changes in v0.20.6

v0.20.5

Compare Source

Changes in v0.20.5

v0.20.4

Compare Source

Changes in v0.20.4

  • chore: update Syft to v1.29.0 (#​529)

v0.20.3

Compare Source

Changes in v0.20.3

v0.20.2

Compare Source

Changes in v0.20.2

v0.20.1

Compare Source

Changes in v0.20.1

v0.20.0

Compare Source

Changes in v0.20.0

  • chore(deps): update Syft to v1.24.0 (#​522)

v0.19.0

Compare Source

Changes in v0.19.0

  • chore(deps): update Syft to v1.23.0 (#​521)
  • chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 (#​519)
  • chore(deps): bump cross-spawn (#​514)
aquasecurity/trivy-action (aquasecurity/trivy-action)

v0.33.1

Compare Source

What's Changed

Full Changelog: aquasecurity/trivy-action@0.33.0...0.33.1

v0.33.0

Compare Source

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@0.32.0...0.33.0

v0.32.0

Compare Source

What's Changed

Full Changelog: aquasecurity/trivy-action@0.31.0...0.32.0

v0.31.0

Compare Source

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@0.30.0...0.31.0

docker/build-push-action (docker/build-push-action)

v6.18.0

Compare Source

[!NOTE]
Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Compare Source

[!NOTE]
Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

Compare Source

Full Changelog: docker/build-push-action@v6.15.0...v6.16.0

docker/login-action (docker/login-action)

v3.6.0

Compare Source

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Compare Source

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Compare Source

Full Changelog: docker/login-action@v3.3.0...v3.4.0

github/codeql-action (github/codeql-action)

v3.31.2

Compare Source

v3.31.1

Compare Source

v3.31.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.0 - 24 Oct 2025
  • Bump minimum CodeQL bundle version to 2.17.6. #​3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #​3222

See the full CHANGELOG.md for more information.

v3.30.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.9 - 17 Oct 2025
  • Update default CodeQL bundle version to 2.23.3. #​3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204

See the full CHANGELOG.md for more information.

v3.30.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.7 - 06 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #​3168

See the full CHANGELOG.md for more information.

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
  • Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #​3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

v3.29.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #​3044

See the full CHANGELOG.md for more information.

v3.29.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.9 - 12 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #​3015

See the full CHANGELOG.md for more information.

v3.29.7

Compare Source

This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.

v3.29.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #​2999
  • Update default CodeQL bundle version to 2.22.3. #​3000

See the full CHANGELOG.md for more information.

v3.29.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #​2986

See the full CHANGELOG.md for more information.

v3.29.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.4 - 23 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.3 - 21 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​2935

See the full CHANGELOG.md for more information.

v3.29.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #​2938
  • Update default CodeQL bundle version to 2.22.1. #​2950

See the full CHANGELOG.md for more information.

v3.29.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.0 - 11 Jun 2025

  • Update default CodeQL bundle version to 2.22.0. #​2925
  • Bump minimum CodeQL bundle version to 2.16.6. #​2912

See the full CHANGELOG.md for more information.

v3.28.21

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.21 - 28 July 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.20

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.20 - 21 July 2025

See the full CHANGELOG.md for more information.

v3.28.19

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.19 - 03 Jun 2025

  • The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview.
    The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned
    your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
    actions analysis.
  • Update default CodeQL bundle version to 2.21.4. #​2910

See the full CHANGELOG.md for more information.

v3.28.18

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.18 - 16 May 2025

  • Update default CodeQL bundle version to 2.21.3. #​2893
  • Skip validating SARIF produced by CodeQL for improved performance. #​2894
  • The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment variables override the threads and ram inputs respectively. #​2891

See the full CHANGELOG.md for more information.

v3.28.17

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.17 - 02 May 2025

  • Update default CodeQL bundle version to 2.21.2. #​2872

See the full CHANGELOG.md for more information.

v3.28.16

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.16 - 23 Apr 2025

  • Update default CodeQL bundle version to 2.21.1. #​2863

See the full CHANGELOG.md for more information.

v3.28.15

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.15 - 07 Apr 2025

  • Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #​2842

See the full CHANGELOG.md for more information.

v3.28.14

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.14 - 07 Apr 2025

  • Update default CodeQL bundle version to 2.21.0. #​2838

See the full CHANGELOG.md for more information.

v3.28.13

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.13 - 24 Mar 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.12

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.12 - 19 Mar 2025

  • Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
  • Update default CodeQL bundle version to 2.20.7. #​2810

See the full CHANGELOG.md for more information.

googleapis/release-please-action (googleapis/release-please-action)

v4.4.0

Compare Source

Features
  • add ability to select versioning-strategy and release-as (#​1121) (ee0f5ba)
Bug Fixes
  • changelog-host parameter ignored when using manifest configuration (#​1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#​1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#​1158) (66fbfe9)

v4.3.0

Compare Source

Features
  • deps: update release-please to 17.1.2 (f07192c)
helm/kind-action (helm/kind-action)

v1.13.0

Compare Source

What's Changed

New Contributors

Full Changelog: helm/kind-action@v1...v1.13.0

sigstore/cosign-installer (sigstore/cosign-installer)

v3.10.1

Compare Source

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#​203)

v3.10.0

Compare Source

What's Changed

  • Bump default Cosign to v2.6.0 in #​200

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

Compare Source

What's Changed

  • not fail fast and setup permissions in #​195
  • drop old unsupported versions <v2.0.0 in #​192
  • Update default to v2.5.3 in #​196

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

v3.9.1

Compare Source

What's Changed

Full Changelog: sigstore/cosign-installer@v3.9.0...v3.9.1

v3.9.0

Compare Source

What's Changed

Full Changelog: sigstore/cosign-installer@v3...v3.9.0

v3.8.2

Compare Source

What's Changed

  • install cosign v2 from main in #​186

Full Changelog: sigstore/cosign-installer@v3...v3.8.2

softprops/action-gh-release (s

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) in timezone Europe/Vienna, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner April 20, 2025 22:24
@github-actions github-actions bot added the ops label Apr 20, 2025
@codecov
Copy link

codecov bot commented Apr 20, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.76%. Comparing base (40e195d) to head (e9f8c6e).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3907      +/-   ##
==========================================
+ Coverage   77.37%   77.76%   +0.38%     
==========================================
  Files         220      220              
  Lines       11708     9736    -1972     
==========================================
- Hits         9059     7571    -1488     
+ Misses       2281     1797     -484     
  Partials      368      368

see 154 files with indirect coverage changes

Flag Coverage Δ
certificate-operator 47.20% <ø> (-0.25%) ⬇️
component-tests 58.27% <ø> (+1.19%) ⬆️
lifecycle-operator 80.20% <ø> (+0.52%) ⬆️
metrics-operator 75.43% <ø> (+0.50%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot force-pushed the renovate/github-actions branch 3 times, most recently from 679d7e4 to ea45ebb Compare April 27, 2025 21:54
@renovate renovate bot force-pushed the renovate/github-actions branch from ea45ebb to 7ffd86c Compare May 8, 2025 08:54
@renovate renovate bot force-pushed the renovate/github-actions branch 2 times, most recently from d3d56dd to 3cea30d Compare May 18, 2025 10:08
thschue
thschue previously approved these changes May 19, 2025
View reviewed changes
Copy link
Contributor

@thschue thschue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@renovate renovate bot force-pushed the renovate/github-actions branch from 3cea30d to b15bd74 Compare May 30, 2025 18:13
@renovate renovate bot force-pushed the renovate/github-actions branch 3 times, most recently from 2923d4f to e6d83b6 Compare June 13, 2025 22:08
@renovate renovate bot force-pushed the renovate/github-actions branch 5 times, most recently from f263292 to 36c4a51 Compare June 20, 2025 17:10
@renovate renovate bot force-pushed the renovate/github-actions branch 3 times, most recently from 0008bf7 to 05a1203 Compare July 3, 2025 16:15
@renovate renovate bot force-pushed the renovate/github-actions branch 2 times, most recently from 5184f42 to 3a0ee3c Compare July 7, 2025 06:56
@renovate renovate bot force-pushed the renovate/github-actions branch 3 times, most recently from 47c3007 to f1d2393 Compare July 24, 2025 13:07
@renovate renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from dbd3bfc to 2654d70 Compare September 10, 2025 05:07
@renovate renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from e616e73 to b1a2402 Compare September 18, 2025 23:04
@renovate renovate bot force-pushed the renovate/github-actions branch 3 times, most recently from 3f35970 to 583a15d Compare September 29, 2025 22:15
@renovate renovate bot force-pushed the renovate/github-actions branch 3 times, most recently from d0d54e2 to 227185f Compare October 6, 2025 21:27
@renovate renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from 7b42754 to 2e49449 Compare October 14, 2025 16:44
@renovate renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from 3c9e578 to 711a7e9 Compare October 20, 2025 23:04
@renovate renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from c9fe1c1 to de9d7c3 Compare November 2, 2025 12:52
@renovate renovate bot force-pushed the renovate/github-actions branch from de9d7c3 to 0361add Compare November 2, 2025 18:02
@renovate
deps: update github actions
e9f8c6e 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/github-actions branch from 0361add to e9f8c6e Compare November 6, 2025 15:44
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 6, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thschue thschue thschue left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies github_actions ops

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thschue