From c72c9d8dd8d4965655b4a31df10ada93425abc0f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Dec 2025 15:40:46 +0000 Subject: [PATCH 1/2] [#patch](deps): Bump the actions-deps group with 4 updates Bumps the actions-deps group with 4 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [github/codeql-action](https://github.com/github/codeql-action), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [actions/cache](https://github.com/actions/cache). Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/e468171a9de216ec08956ac3ada2f0791b6bd435...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f) Updates `github/codeql-action` from 4.31.5 to 4.31.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...5d4e8d1aca955e8d8589aabd499c5cae939e33c7) Updates `astral-sh/setup-uv` from 7.1.4 to 7.1.6 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/1e862dfacbd1d6d858c55d9b792c756523627244...681c641aba71e4a1c380be3ab5e12ad51f415867) Updates `actions/cache` from 4.3.0 to 5.0.1 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: astral-sh/setup-uv dependency-version: 7.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: actions/cache dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-build-and-push.yml | 4 ++-- .github/workflows/go-security-scan.yml | 2 +- .github/workflows/infra-security-scan.yml | 6 +++--- .github/workflows/pulumi-preview.yml | 8 ++++---- .github/workflows/pulumi-up.yml | 8 ++++---- .github/workflows/python-ci.yml | 6 +++--- .github/workflows/rust-ci.yml | 2 +- .github/workflows/sast.yml | 2 +- .github/workflows/terraform-ci.yml | 6 +++--- 9 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 9d8250c..c0f9e78 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -103,7 +103,7 @@ jobs: with: persist-credentials: false - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 with: cache-binary: false - name: Log in to the Container registry @@ -206,7 +206,7 @@ jobs: echo -n "$(cat ./trivy_results.sarif)" | reviewdog -reporter=github-check -f=sarif -level=warning -diff="git diff FETCH_HEAD" - name: Upload results if: ${{ inputs.scan-image && inputs.upload-sarif }} - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: ${{ inputs.working-directory }}/trivy_results.sarif category: container-security diff --git a/.github/workflows/go-security-scan.yml b/.github/workflows/go-security-scan.yml index 526bc1f..e994b41 100644 --- a/.github/workflows/go-security-scan.yml +++ b/.github/workflows/go-security-scan.yml @@ -61,7 +61,7 @@ jobs: run: | echo -n "$(cat ./gosec-results.sarif)" | reviewdog -reporter=github-check -f=sarif -level=error -diff="git diff FETCH_HEAD" - name: Upload results - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: '${{ inputs.working-directory }}/gosec-results.sarif' category: sast diff --git a/.github/workflows/infra-security-scan.yml b/.github/workflows/infra-security-scan.yml index fd586e1..7c23429 100644 --- a/.github/workflows/infra-security-scan.yml +++ b/.github/workflows/infra-security-scan.yml @@ -64,7 +64,7 @@ jobs: enable_jobs_summary: true comments_with_queries: true - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: ${{ inputs.working-directory }}/kics_results.sarif category: devops @@ -100,7 +100,7 @@ jobs: filter_mode: nofilter tool_name: actionlint - name: Install uv - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 with: enable-cache: true - name: Run zizmor @@ -117,7 +117,7 @@ jobs: run: | echo -n "$(cat ./zizmor_results.sarif)" | reviewdog -reporter=github-check -f=sarif -level=warning -diff="git diff FETCH_HEAD" - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: zizmor_results.sarif category: github-actions diff --git a/.github/workflows/pulumi-preview.yml b/.github/workflows/pulumi-preview.yml index 3b30d90..c42cbc3 100644 --- a/.github/workflows/pulumi-preview.yml +++ b/.github/workflows/pulumi-preview.yml @@ -74,7 +74,7 @@ jobs: python-version: ${{ inputs.python-version }} # ----- Poetry ----- - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }} with: path: ~/.local/bin/ @@ -88,12 +88,12 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 + - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true - id: cache-deps - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: | ${{ inputs.working-directory }}/.venv @@ -110,7 +110,7 @@ jobs: # kics-scan ignore-line requested-token-type: urn:pulumi:token-type:access_token:personal scope: user:notdodo - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: ${{ env.PULUMI_HOME }}/plugins key: python-${{ inputs.python-version }}-venv-${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory), format('{0}/uv.lock', inputs.working-directory)) }} diff --git a/.github/workflows/pulumi-up.yml b/.github/workflows/pulumi-up.yml index acd18f2..e6d1d21 100644 --- a/.github/workflows/pulumi-up.yml +++ b/.github/workflows/pulumi-up.yml @@ -73,7 +73,7 @@ jobs: python-version: ${{ inputs.python-version }} # ----- Poetry ----- - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }} with: path: ~/.local/bin/ @@ -87,12 +87,12 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 + - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true - id: cache-deps - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: | ${{ inputs.working-directory }}/.venv @@ -109,7 +109,7 @@ jobs: # kics-scan ignore-line requested-token-type: urn:pulumi:token-type:access_token:personal scope: user:notdodo - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: ${{ env.PULUMI_HOME }}/plugins key: python-${{ inputs.python-version }}-venv-${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory), format('{0}/uv.lock', inputs.working-directory)) }} diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 97602b8..d6f8b5b 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -52,7 +52,7 @@ jobs: python-version: ${{ inputs.python-version }} # ----- Poetry ----- - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }} with: path: ~/.local/bin/ @@ -66,12 +66,12 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 + - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true - id: cache-deps - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: | ${{ inputs.working-directory }}/.venv diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 34f2a15..b6eb2ca 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -153,7 +153,7 @@ jobs: run: | echo -n "$(cat ./clippy-results.sarif)" | reviewdog -reporter=github-check -f=sarif -level=warning -diff="git diff FETCH_HEAD" - name: Upload results - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: ${{ inputs.working-directory }}/clippy-results.sarif category: sast diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index 24b68d7..1ca0d7d 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -54,7 +54,7 @@ jobs: run: | echo -n "$(cat ./sast-output.sarif)" | reviewdog -reporter=github-check -f=sarif -level=error -diff="git diff FETCH_HEAD" - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: ./sast-output.sarif category: sast diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml index 0e3768e..045f463 100644 --- a/.github/workflows/terraform-ci.yml +++ b/.github/workflows/terraform-ci.yml @@ -66,7 +66,7 @@ jobs: - run: | echo "plugin_cache_dir = '$HOME/.terraform.d/plugin-cache'" > ~/.terraformrc mkdir -p ~/.terraform.d/plugin-cache - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb with: path: ~/.terraform.d/plugin-cache key: terraform-providers-${{ hashFiles('**/.terraform.lock.hcl') }} @@ -117,7 +117,7 @@ jobs: run: | echo -n "$(cat ./trivy_results.sarif)" | reviewdog -reporter=github-check -f=sarif -level=error -diff="git diff FETCH_HEAD" - name: Upload results - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: ${{ inputs.working-directory }}/trivy_results.sarif category: devops @@ -153,7 +153,7 @@ jobs: - run: | echo "plugin_cache_dir = '$HOME/.terraform.d/plugin-cache'" > ~/.terraformrc mkdir -p ~/.terraform.d/plugin-cache - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb with: path: ~/.terraform.d/plugin-cache key: terraform-providers-${{ hashFiles('**/.terraform.lock.hcl') }} From 88f6791bc83a5991cfee215572dc18f9b23aa002 Mon Sep 17 00:00:00 2001 From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com> Date: Wed, 24 Dec 2025 16:46:11 +0100 Subject: [PATCH 2/2] version --- .github/workflows/terraform-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml index 045f463..6b530c6 100644 --- a/.github/workflows/terraform-ci.yml +++ b/.github/workflows/terraform-ci.yml @@ -66,7 +66,7 @@ jobs: - run: | echo "plugin_cache_dir = '$HOME/.terraform.d/plugin-cache'" > ~/.terraformrc mkdir -p ~/.terraform.d/plugin-cache - - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: ~/.terraform.d/plugin-cache key: terraform-providers-${{ hashFiles('**/.terraform.lock.hcl') }} @@ -153,7 +153,7 @@ jobs: - run: | echo "plugin_cache_dir = '$HOME/.terraform.d/plugin-cache'" > ~/.terraformrc mkdir -p ~/.terraform.d/plugin-cache - - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: ~/.terraform.d/plugin-cache key: terraform-providers-${{ hashFiles('**/.terraform.lock.hcl') }}