🌱 Bump the github-actions group across 1 directory with 7 updates (#4538)

dependabot[bot] · web-flow · commit cb565cdceb47 · 2025-02-25T20:18:13.000Z
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -73,7 +73,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
       with:
         languages: ${{ matrix.language }}
         queries: +security-extended
@@ -85,7 +85,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -99,4 +99,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml
@@ -52,7 +52,7 @@ jobs:
           echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
       - name: Cache builds
         # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0
+        uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f #v4.2.1
         with:
           path: |
             ${{ steps.go-cache-paths.outputs.go-build }}
@@ -66,7 +66,7 @@ jobs:
             go mod download
 
       - name: Run GitLab tokenless E2E
-        uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082 # v3.0.1
+        uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
         if: github.event_name == 'pull_request'
         with:
           max_attempts: 3
@@ -75,7 +75,7 @@ jobs:
           command: make e2e-gitlab
 
       - name: Run GitLab PAT E2E  # skip if auth token is not available
-        uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082 # v3.0.1
+        uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
         if: ${{ github.event_name == 'push' && github.actor != 'dependabot[bot]' }}
         env:
           GITLAB_AUTH_TOKEN: ${{ secrets.GITLAB_TOKEN }}
diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml
@@ -74,7 +74,7 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
     with:
       base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
       upload-assets: true # upload to a new release
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -63,7 +63,7 @@ jobs:
           echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
       - name: Cache builds
         # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0
+        uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f #v4.2.1
         with:
           path: |
             ${{ steps.go-cache-paths.outputs.go-build }}
@@ -77,7 +77,7 @@ jobs:
             go mod download
 
       - name: Run GITHUB_TOKEN E2E  #using retry because the GitHub token is being throttled.
-        uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082 # v3.0.1
+        uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
         env:
           GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -54,7 +54,7 @@ jobs:
         echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0
+       uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f #v4.2.1
        with:
          path: |
           ${{ steps.go-cache-paths.outputs.go-build }}
@@ -73,7 +73,7 @@ jobs:
          files: ./unit-coverage.out
          verbose: true
      - name: Run PAT Token E2E  #using retry because the GitHub token is being throttled.
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08
        if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }}
        env:
           GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
@@ -106,7 +106,7 @@ jobs:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+       uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
        with:
          path: |
            ~/go/pkg/mod
@@ -127,7 +127,7 @@ jobs:
          check-latest: true
          cache: true
      - name: generate mocks
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08
        with:
           max_attempts: 3
           retry_on: error
@@ -155,7 +155,7 @@ jobs:
          check-latest: true
          cache: true
      - name: generate docs
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082 # v3.0.1
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
        with:
           max_attempts: 3
           retry_on: error
@@ -192,7 +192,7 @@ jobs:
          check-latest: true
          cache: true
      - name: build-proto
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08
        with:
           max_attempts: 3
           retry_on: error
@@ -226,7 +226,7 @@ jobs:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+       uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
        with:
          path: |
            ~/go/pkg/mod
@@ -245,7 +245,7 @@ jobs:
          check-latest: true
          cache: true
      - name: Run build
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082 # v3.0.1
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
        with:
           max_attempts: 3
           retry_on: error
@@ -266,7 +266,7 @@ jobs:
 
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+       uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
        with:
          path: |
            ~/go/pkg/mod
@@ -287,7 +287,7 @@ jobs:
          check-latest: true
          cache: true
      - name: Run build
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08
        with:
           max_attempts: 3
           retry_on: error
@@ -314,7 +314,7 @@ jobs:
          check-latest: true
          cache: true
      - name: Run build
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08
        with:
           max_attempts: 3
           retry_on: error
@@ -350,7 +350,7 @@ jobs:
          check-latest: true
          cache: true
      - name: Run build
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08
        with:
           max_attempts: 3
           retry_on: error
diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml
@@ -52,7 +52,7 @@ jobs:
      - name: install ko
        uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8
      - name: publishimage
-       uses: nick-invision/retry@c97818ca39074beaea45180dba704f92496a0082
+       uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08
        with:
           max_attempts: 3
           retry_on: error
@@ -62,7 +62,7 @@ jobs:
             make install
             make scorecard-ko
      - name: Install Cosign
-       uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e
+       uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
      - name: Sign image
        run: |
           cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v5:${{ github.sha }}
diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml
@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -42,7 +42,7 @@ jobs:
       # uploads of run results in SARIF format to the repository Actions tab.
       # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: SARIF file
           path: results.sarif
@@ -51,6 +51,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml
@@ -32,7 +32,7 @@ jobs:
       contents: write
       actions: read
     needs: args
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v2.0.0 #7f4fdb871876c23e455853d694197440c5a91506
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v2.1.0 #7f4fdb871876c23e455853d694197440c5a91506
     with:
       go-version: ${{ env.GO_VERSION }}
       evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}"
