From 98e07aaa61f0e72d4b0ff276ececc0a671346e03 Mon Sep 17 00:00:00 2001 From: "app-token-issuer-releng-renovate[bot]" <142360764+app-token-issuer-releng-renovate[bot]@users.noreply.github.com> Date: Fri, 17 Apr 2026 00:11:51 +0000 Subject: [PATCH] chore(deps): update minor-patch dependencies grouped by manager --- .github/workflows/pull-request-main.yml | 2 +- .github/workflows/run-e2e-tests.yml | 8 ++++---- .github/workflows/solidity-review-artifacts.yml | 8 ++++---- actions/branch-out-upload/action.yml | 2 +- actions/build-push-docker-manifest/action.yml | 8 ++++---- actions/build-push-docker/action.yml | 8 ++++---- actions/chip-schema-registration/action.yml | 2 +- actions/ci-beholder-validator/action.yml | 4 ++-- actions/ci-benchmarking/action.yml | 4 ++-- actions/ci-lint-charts/action.yml | 2 +- actions/ci-lint-misc/action.yml | 2 +- actions/ci-sonarqube-go/action.yml | 2 +- actions/ci-sonarqube-ts/action.yml | 2 +- actions/ci-test-sol/action.yml | 2 +- actions/cicd-build-publish-artifacts-go/action.yml | 14 +++++++------- actions/cicd-build-publish-artifacts-ts/action.yml | 8 ++++---- actions/cicd-build-publish-charts/action.yml | 4 ++-- actions/crib-deploy-environment/action.yml | 4 ++-- actions/ctf-build-test-image/action.yml | 10 +++++----- actions/ctf-fetch-aws-secret/action.yml | 2 +- actions/ctf-setup-run-tests-environment/action.yml | 8 ++++---- actions/docker-image-patch/action.yml | 6 +++--- actions/ecr-image-exists/action.yml | 4 ++-- actions/helm-version-bump-receiver/action.yml | 4 ++-- actions/k8s-tailscale-connect/action.yml | 2 +- actions/oci-image-bump/action.yml | 2 +- actions/parse-and-mask-test-secrets/action.yml | 2 +- actions/pr-quality-check/action.yml | 4 ++-- actions/pr-slack-alert/action.yml | 2 +- actions/promote-image-ecr/action.yaml | 10 +++++----- actions/pull-private-ecr-image/action.yml | 4 ++-- actions/setup-gap/action.yml | 2 +- actions/setup-github-token/action.yml | 2 +- actions/setup-nix-cache/action.yml | 2 +- actions/setup-renovate/action.yml | 2 +- actions/slack-notify-git-ref/action.yml | 2 +- 36 files changed, 78 insertions(+), 78 deletions(-) diff --git a/.github/workflows/pull-request-main.yml b/.github/workflows/pull-request-main.yml index 9a25bf39e..b91b515eb 100644 --- a/.github/workflows/pull-request-main.yml +++ b/.github/workflows/pull-request-main.yml @@ -87,7 +87,7 @@ jobs: run: pnpm nx run signed-commits:build - name: Commit back any changes - uses: planetscale/ghcommit-action@b68767a2e130a71926b365322e62b583404a5e09 # v0.1.43 + uses: planetscale/ghcommit-action@25309d8005ac7c3bcd61d3fe19b69e0fe47dbdde # v0.2.20 with: commit_message: "🤖 Update build" repo: ${{ github.repository }} diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 8bf3df334..882f4c685 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -433,7 +433,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v6 with: - go-version: "1.24.0" + go-version: "1.26.2" check-latest: true cache: false # disable caching as this job doesn't benefit from it @@ -1417,7 +1417,7 @@ jobs: test_results: ${{ steps.set_test_results.outputs.results }} steps: - name: Download all test result artifacts - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@v4.3.0 with: path: test_results pattern: test_result_${{ needs.load-test-configurations.outputs.workflow_id @@ -1468,7 +1468,7 @@ jobs: { echo "cl_ref=$cl_ref"; echo "cl_short_ref=$cl_short_ref"; echo "cl_ref_path=$cl_ref_path"; } >> "$GITHUB_OUTPUT" - name: Send Slack notification - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 if: ${{ inputs.slack_notification_after_tests == 'true' || inputs.slack_notification_after_tests == 'always' || (inputs.slack_notification_after_tests == 'on_failure' && @@ -1509,7 +1509,7 @@ jobs: contains(join(needs.*.result, ','), 'failure') && inputs.slack_notification_after_tests_notify_user_id_on_failure != '' }} - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 env: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} with: diff --git a/.github/workflows/solidity-review-artifacts.yml b/.github/workflows/solidity-review-artifacts.yml index f3499786a..13652866d 100644 --- a/.github/workflows/solidity-review-artifacts.yml +++ b/.github/workflows/solidity-review-artifacts.yml @@ -226,14 +226,14 @@ jobs: mkdir -p code-coverage - name: Install Foundry - uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0 + uses: foundry-rs/foundry-toolchain@8789b3e21e6c11b2697f5eb56eddae542f746c10 # v1.7.0 with: version: ${{ inputs.foundry_version }} # required for code coverage report generation - name: Setup LCOV if: ${{ inputs.generate_code_coverage == true }} - uses: hrishikesh-kadam/setup-lcov@f5da1b26b0dcf5d893077a3c4f29cf78079c841d # v1.0.0 + uses: hrishikesh-kadam/setup-lcov@6c1aa0cc9e1c02f9f58f01ac599f1064ccc83470 # v1.1.0 - name: Run Forge build for product contracts run: | @@ -329,7 +329,7 @@ jobs: pnpm-version: ^10.0.0 - name: Install Foundry - uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0 + uses: foundry-rs/foundry-toolchain@8789b3e21e6c11b2697f5eb56eddae542f746c10 # v1.7.0 with: version: ${{ inputs.foundry_version }} @@ -342,7 +342,7 @@ jobs: if: ${{ inputs.generate_slither_reports == true }} uses: actions/setup-python@v5.6.0 with: - python-version: "3.8" + python-version: "3.14" - name: Install solc-select and solc if: ${{ inputs.generate_slither_reports == true }} diff --git a/actions/branch-out-upload/action.yml b/actions/branch-out-upload/action.yml index 386e35e88..cfda0926e 100644 --- a/actions/branch-out-upload/action.yml +++ b/actions/branch-out-upload/action.yml @@ -183,7 +183,7 @@ runs: - name: Upload Test Results to Trunk.io id: upload-to-trunk - uses: trunk-io/analytics-uploader@293e9b144a101ef4b8fe3485a5afd0224fc48255 # v2.0.7 + uses: trunk-io/analytics-uploader@95a0fb8b29e45b6068304261fb518644b426a803 # v2.0.8 continue-on-error: ${{ inputs.trunk-upload-only == 'true' }} env: TRUNK_TELEMETRY: "off" diff --git a/actions/build-push-docker-manifest/action.yml b/actions/build-push-docker-manifest/action.yml index fbaed604a..ef4210810 100644 --- a/actions/build-push-docker-manifest/action.yml +++ b/actions/build-push-docker-manifest/action.yml @@ -164,12 +164,12 @@ runs: echo "name=${DOCKER_REGISTRY_URL}/${DOCKER_REPOSITORY_NAME}" | tee -a "$GITHUB_OUTPUT" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 with: version: v0.27.0 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.aws-role-arn }} role-duration-seconds: 900 @@ -178,7 +178,7 @@ runs: - name: Login to ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: registry-type: >- ${{ @@ -372,7 +372,7 @@ runs: - name: Install cosign if: inputs.docker-manifest-sign == 'true' - uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0 + uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 with: cosign-release: "v2.4.2" diff --git a/actions/build-push-docker/action.yml b/actions/build-push-docker/action.yml index de7efdea8..c092be7ec 100644 --- a/actions/build-push-docker/action.yml +++ b/actions/build-push-docker/action.yml @@ -194,7 +194,7 @@ runs: if: ${{ steps.dockerfile-ecr-parse.outputs.needs-ecr-login == 'true' || inputs.docker-push == 'true' }} - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.aws-role-arn }} role-duration-seconds: 900 @@ -203,14 +203,14 @@ runs: - name: Login to private ECR registries for base images if: ${{ steps.dockerfile-ecr-parse.outputs.needs-ecr-login == 'true' }} - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: registries: ${{ steps.dockerfile-ecr-parse.outputs.ecr-registries }} - name: Login to ECR for publishing if: ${{ inputs.docker-push == 'true' }} id: login-ecr - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: registry-type: >- ${{ @@ -340,7 +340,7 @@ runs: - name: Build & push image id: build-image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: true DOCKER_BUILD_SUMMARY: true diff --git a/actions/chip-schema-registration/action.yml b/actions/chip-schema-registration/action.yml index ff83ed802..f636db068 100644 --- a/actions/chip-schema-registration/action.yml +++ b/actions/chip-schema-registration/action.yml @@ -47,7 +47,7 @@ runs: - uses: actions/checkout@v6 - name: Login to ECR - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: registries: ${{ inputs.aws-account-id }} diff --git a/actions/ci-beholder-validator/action.yml b/actions/ci-beholder-validator/action.yml index dc75a8008..03154eb65 100644 --- a/actions/ci-beholder-validator/action.yml +++ b/actions/ci-beholder-validator/action.yml @@ -62,7 +62,7 @@ runs: docker compose -f "${{ env.ACTIONS_PATH }}/docker-compose.yml" up -d redpanda-console - name: Configure aws creds - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.aws-role-arn }} role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} @@ -71,7 +71,7 @@ runs: - name: Login to aws ecr id: login-ecr - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: registries: ${{ inputs.aws-account-number }} diff --git a/actions/ci-benchmarking/action.yml b/actions/ci-benchmarking/action.yml index de777b7f4..e3e7e9089 100644 --- a/actions/ci-benchmarking/action.yml +++ b/actions/ci-benchmarking/action.yml @@ -116,7 +116,7 @@ runs: - name: Run github-action-benchmark for PRs if: ${{ env.IS_PR == 'true' }} - uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29 # v1.20.3 + uses: benchmark-action/github-action-benchmark@a60cea5bc7b49e15c1f58f411161f99e0df48372 # v1.22.0 with: tool: "go" output-file-path: output.txt @@ -129,7 +129,7 @@ runs: - name: Run github-action-benchmark for Merges if: ${{ env.IS_MERGE == 'true' }} - uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29 # v1.20.3 + uses: benchmark-action/github-action-benchmark@a60cea5bc7b49e15c1f58f411161f99e0df48372 # v1.22.0 with: tool: "go" output-file-path: output.txt diff --git a/actions/ci-lint-charts/action.yml b/actions/ci-lint-charts/action.yml index 74a7c1082..cd0280eb6 100644 --- a/actions/ci-lint-charts/action.yml +++ b/actions/ci-lint-charts/action.yml @@ -46,7 +46,7 @@ runs: fi - name: Set up chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 - name: Run chart-testing (lint) shell: bash diff --git a/actions/ci-lint-misc/action.yml b/actions/ci-lint-misc/action.yml index 444667e9a..6f4cbb29c 100644 --- a/actions/ci-lint-misc/action.yml +++ b/actions/ci-lint-misc/action.yml @@ -26,7 +26,7 @@ runs: fetch-depth: ${{ inputs.checkout-repo-fetch-depth }} - name: Run actionlint - uses: reviewdog/action-actionlint@0d952c597ef8459f634d7145b0b044a9699e5e43 # v1.71.0 + uses: reviewdog/action-actionlint@6fb7acc99f4a1008869fa8a0f09cfca740837d9d # v1.72.0 - name: Run shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 diff --git a/actions/ci-sonarqube-go/action.yml b/actions/ci-sonarqube-go/action.yml index cb3401f15..a123e597d 100644 --- a/actions/ci-sonarqube-go/action.yml +++ b/actions/ci-sonarqube-go/action.yml @@ -90,7 +90,7 @@ runs: echo "SONARQUBE_ARGS=$ARGS" >> $GITHUB_ENV - name: SonarQube Scan - uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0 + uses: sonarsource/sonarqube-scan-action@299e4b793aaa83bf2aba7c9c14bedbb485688ec4 # v7.1.0 with: args: ${{ env.SONARQUBE_ARGS }} env: diff --git a/actions/ci-sonarqube-ts/action.yml b/actions/ci-sonarqube-ts/action.yml index a862d7a66..059333a8e 100644 --- a/actions/ci-sonarqube-ts/action.yml +++ b/actions/ci-sonarqube-ts/action.yml @@ -110,7 +110,7 @@ runs: steps.sonarqube_report_paths.outputs.sonarqube_lint_report_paths }} - name: SonarQube Scan - uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0 + uses: sonarsource/sonarqube-scan-action@299e4b793aaa83bf2aba7c9c14bedbb485688ec4 # v7.1.0 with: args: ${{ env.SONARQUBE_ARGS }} env: diff --git a/actions/ci-test-sol/action.yml b/actions/ci-test-sol/action.yml index a78c81a25..e27235e8f 100644 --- a/actions/ci-test-sol/action.yml +++ b/actions/ci-test-sol/action.yml @@ -68,7 +68,7 @@ runs: run-install: "true" - name: Setup foundry - uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0 + uses: foundry-rs/foundry-toolchain@8789b3e21e6c11b2697f5eb56eddae542f746c10 # v1.7.0 with: version: ${{ inputs.foundry-version }} diff --git a/actions/cicd-build-publish-artifacts-go/action.yml b/actions/cicd-build-publish-artifacts-go/action.yml index 402c7b3b3..16eed970b 100644 --- a/actions/cicd-build-publish-artifacts-go/action.yml +++ b/actions/cicd-build-publish-artifacts-go/action.yml @@ -135,15 +135,15 @@ runs: - name: Setup zig if: inputs.use-zig == 'true' - uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d5824358023be3a2802d # v2.2.0 + uses: goto-bus-stop/setup-zig@abea47f85e598557f500fa1fd2ab7464fcb39406 # v2.2.1 with: version: ${{ inputs.zig-version }} - name: Setup docker buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Set up qemu - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Process params shell: bash @@ -164,7 +164,7 @@ runs: fi - name: Configure aws creds - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 if: inputs.publish == 'true' && inputs.docker-registry == 'aws' with: role-to-assume: ${{ inputs.aws-role-arn }} @@ -174,20 +174,20 @@ runs: - name: Login to aws ecr if: inputs.publish == 'true' && inputs.docker-registry == 'aws' - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: registries: ${{ steps.process-params.outputs.aws-account-number }} - name: Update tag if: inputs.update-git-tag == 'true' - uses: richardsimko/update-tag@e173a8ef8f54ab526a91dad6139a25efed62424c # v1.0.11 + uses: richardsimko/update-tag@aab2434e9a5040687874aa39d1c6377ec0cb0d94 # v1.1.6 with: tag_name: v0.0.0-devel env: GITHUB_TOKEN: ${{ github.token }} # ${{ steps.get-gh-token.outputs.access-token }} - name: Run goreleaser release - uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 with: version: ${{ inputs.goreleaser-version }} distribution: ${{ inputs.goreleaser-dist }} diff --git a/actions/cicd-build-publish-artifacts-ts/action.yml b/actions/cicd-build-publish-artifacts-ts/action.yml index 502e07379..d1bb08260 100644 --- a/actions/cicd-build-publish-artifacts-ts/action.yml +++ b/actions/cicd-build-publish-artifacts-ts/action.yml @@ -85,11 +85,11 @@ runs: - name: Set up qemu if: inputs.setup-qemu == 'true' - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Setup foundry if: inputs.setup-foundry == 'true' - uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0 + uses: foundry-rs/foundry-toolchain@8789b3e21e6c11b2697f5eb56eddae542f746c10 # v1.7.0 with: version: ${{ inputs.foundry-version }} @@ -108,7 +108,7 @@ runs: - name: Upload artifacts to release if: inputs.publish-release == 'true' - uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # 2.9.0 + uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # 2.11.5 with: repo_token: ${{ github.token }} file: ${{ inputs.release-assets }} @@ -118,7 +118,7 @@ runs: - name: Upload artifacts to monorepo release if: inputs.publish-monorepo-release == 'true' - uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # 2.9.0 + uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # 2.11.5 with: repo_token: ${{ github.token }} file: diff --git a/actions/cicd-build-publish-charts/action.yml b/actions/cicd-build-publish-charts/action.yml index 1548381de..5a87add0f 100644 --- a/actions/cicd-build-publish-charts/action.yml +++ b/actions/cicd-build-publish-charts/action.yml @@ -53,7 +53,7 @@ runs: fetch-depth: ${{ inputs.checkout-repo-fetch-depth }} - name: Setup helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 with: version: v3.12.0 @@ -69,7 +69,7 @@ runs: - name: Configure aws creds if: inputs.publish == 'true' - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.aws-role-arn }} role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} diff --git a/actions/crib-deploy-environment/action.yml b/actions/crib-deploy-environment/action.yml index 9b8ed9e1e..7e23ad94e 100644 --- a/actions/crib-deploy-environment/action.yml +++ b/actions/crib-deploy-environment/action.yml @@ -232,7 +232,7 @@ runs: cli: './cli/**' - name: Login to AWS ECR for Helm - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 env: AWS_REGION: ${{ inputs.aws-region }} with: @@ -364,7 +364,7 @@ runs: failure() && inputs.crib-alert-slack-webhook != '' && inputs.send-alerts == 'true' id: slack - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 with: # For posting a rich message using Block Kit payload: ${{ steps.render-slack-template.outputs.result }} diff --git a/actions/ctf-build-test-image/action.yml b/actions/ctf-build-test-image/action.yml index 0c8efeb4b..4f7e5cad6 100644 --- a/actions/ctf-build-test-image/action.yml +++ b/actions/ctf-build-test-image/action.yml @@ -53,7 +53,7 @@ runs: # Base Test Image Logic - name: Get CTF Version id: version - uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/mod-version@fc3e0df622521019f50d772726d6bf8dc919dd38 # v2.3.19 + uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/mod-version@1ada5d85b0de3439a0ba238210d40605b5ed6704 # v2.3.32 with: go-project-path: ./integration-tests module-name: github.com/smartcontractkit/chainlink-testing-framework/lib @@ -90,7 +90,7 @@ runs: - name: Check if test base image exists if: steps.version.outputs.is_semantic == 'false' id: check-base-image - uses: smartcontractkit/chainlink-github-actions/docker/image-exists@75a9005952a9e905649cfb5a6971fd9429436acd # v2.3.25 + uses: smartcontractkit/chainlink-github-actions/docker/image-exists@1ada5d85b0de3439a0ba238210d40605b5ed6704 # v2.3.32 with: repository: test-base-image tag: ${{ steps.long_sha.outputs.long_sha }} @@ -102,7 +102,7 @@ runs: if: steps.version.outputs.is_semantic == 'false' && steps.check-base-image.outputs.exists == 'false' - uses: smartcontractkit/chainlink-github-actions/docker/build-push@75a9005952a9e905649cfb5a6971fd9429436acd # v2.3.25 + uses: smartcontractkit/chainlink-github-actions/docker/build-push@1ada5d85b0de3439a0ba238210d40605b5ed6704 # v2.3.32 env: BASE_IMAGE_NAME: ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION @@ -146,7 +146,7 @@ runs: - name: Check if image exists id: check-image - uses: smartcontractkit/chainlink-github-actions/docker/image-exists@75a9005952a9e905649cfb5a6971fd9429436acd # v2.3.25 + uses: smartcontractkit/chainlink-github-actions/docker/image-exists@1ada5d85b0de3439a0ba238210d40605b5ed6704 # v2.3.32 with: repository: ${{ inputs.repository }} tag: ${{ inputs.tag || steps.test_runner_hash.outputs.hash_value }} @@ -154,7 +154,7 @@ runs: AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }} - name: Build and Publish Test Runner if: steps.check-image.outputs.exists == 'false' - uses: smartcontractkit/chainlink-github-actions/docker/build-push@75a9005952a9e905649cfb5a6971fd9429436acd # v2.3.25 + uses: smartcontractkit/chainlink-github-actions/docker/build-push@1ada5d85b0de3439a0ba238210d40605b5ed6704 # v2.3.32 with: tags: | ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/${{ inputs.repository }}:${{ inputs.tag || steps.test_runner_hash.outputs.hash_value }} diff --git a/actions/ctf-fetch-aws-secret/action.yml b/actions/ctf-fetch-aws-secret/action.yml index d72363886..f39ffde31 100644 --- a/actions/ctf-fetch-aws-secret/action.yml +++ b/actions/ctf-fetch-aws-secret/action.yml @@ -25,7 +25,7 @@ runs: using: "composite" steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: ${{ inputs.aws_region }} role-to-assume: ${{ inputs.aws_role_to_assume }} diff --git a/actions/ctf-setup-run-tests-environment/action.yml b/actions/ctf-setup-run-tests-environment/action.yml index a1b77bc7d..fe2d5e7e4 100644 --- a/actions/ctf-setup-run-tests-environment/action.yml +++ b/actions/ctf-setup-run-tests-environment/action.yml @@ -195,7 +195,7 @@ runs: # Setup AWS cred and K8s context - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: ${{ inputs.QA_AWS_REGION }} role-to-assume: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }} @@ -220,7 +220,7 @@ runs: - name: Login to Amazon ECR if: inputs.aws_registries && inputs.QA_AWS_REGION id: login-ecr - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: registries: ${{ inputs.aws_registries }} env: @@ -229,13 +229,13 @@ runs: # To avoid rate limiting from Docker Hub, we can login with a paid user account. - name: Login to Docker Hub if: inputs.dockerhub_username && inputs.dockerhub_password - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: username: ${{ inputs.dockerhub_username }} password: ${{ inputs.dockerhub_password }} # Helm Setup - - uses: azure/setup-helm@29960d0f5f19214b88e1d9ba750a9914ab0f1a2f # v4.0.0 + - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 with: version: v3.13.1 - name: Add required helm charts including chainlink-qa diff --git a/actions/docker-image-patch/action.yml b/actions/docker-image-patch/action.yml index 3396ed74f..b6a75db22 100644 --- a/actions/docker-image-patch/action.yml +++ b/actions/docker-image-patch/action.yml @@ -129,7 +129,7 @@ runs: echo "::endgroup::" - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.aws-role-arn }} role-duration-seconds: 900 @@ -138,7 +138,7 @@ runs: - name: Login to ECR for source image id: login-ecr-src - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 env: AWS_REGION: ${{ steps.set-outputs.outputs.registry-src-type == 'public' && 'us-east-1' || inputs.aws-region }} with: @@ -175,7 +175,7 @@ runs: - name: Login to ECR for destination image id: login-ecr-dst - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 env: AWS_REGION: ${{ inputs.aws-region }} with: diff --git a/actions/ecr-image-exists/action.yml b/actions/ecr-image-exists/action.yml index f46333381..5ff7617af 100644 --- a/actions/ecr-image-exists/action.yml +++ b/actions/ecr-image-exists/action.yml @@ -33,7 +33,7 @@ runs: using: composite steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: ${{ inputs.aws-region }} role-to-assume: ${{ inputs.aws-role-arn }} @@ -42,7 +42,7 @@ runs: - name: Login to Amazon ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: mask-password: "true" diff --git a/actions/helm-version-bump-receiver/action.yml b/actions/helm-version-bump-receiver/action.yml index 7bc1ad205..05c4f1d88 100644 --- a/actions/helm-version-bump-receiver/action.yml +++ b/actions/helm-version-bump-receiver/action.yml @@ -96,7 +96,7 @@ runs: - name: Bump helm chart version id: bump-helm-chart-version - uses: mikefarah/yq@f15500b20a1c991c8729870ba60a4dc3524b6a94 # v4.44.2 + uses: mikefarah/yq@0f4fb8d35ec1a939d78dd6862f494d19ec589f19 # v4.52.5 env: AWS_SECRET_ACCESS_KEY: "" AWS_ACCESS_KEY_ID: "" @@ -110,7 +110,7 @@ runs: - name: Update helm chart repo if: inputs.helm-chart-repo-update == 'true' id: update-helm-chart-repo - uses: mikefarah/yq@f15500b20a1c991c8729870ba60a4dc3524b6a94 # v4.44.2 + uses: mikefarah/yq@0f4fb8d35ec1a939d78dd6862f494d19ec589f19 # v4.52.5 env: AWS_SECRET_ACCESS_KEY: "" AWS_ACCESS_KEY_ID: "" diff --git a/actions/k8s-tailscale-connect/action.yml b/actions/k8s-tailscale-connect/action.yml index 0aa196075..6a8355c4d 100644 --- a/actions/k8s-tailscale-connect/action.yml +++ b/actions/k8s-tailscale-connect/action.yml @@ -38,7 +38,7 @@ runs: tags: ${{ inputs.tailscale-tags }} - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.aws-oidc-role }} aws-region: ${{ inputs.aws-region }} diff --git a/actions/oci-image-bump/action.yml b/actions/oci-image-bump/action.yml index 14a3e6d41..ae012e69d 100644 --- a/actions/oci-image-bump/action.yml +++ b/actions/oci-image-bump/action.yml @@ -166,7 +166,7 @@ runs: # Commits, creates/pushes branch, and creates the PR. - name: Create PR id: create-pr - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 with: base: ${{ inputs.pr-base-branch }} branch: ${{ inputs.pr-head-branch }} diff --git a/actions/parse-and-mask-test-secrets/action.yml b/actions/parse-and-mask-test-secrets/action.yml index 8638a91a7..8ff31fa62 100644 --- a/actions/parse-and-mask-test-secrets/action.yml +++ b/actions/parse-and-mask-test-secrets/action.yml @@ -13,7 +13,7 @@ runs: - name: Setup Go uses: actions/setup-go@v6 with: - go-version: 1.21.3 + go-version: 1.26.2 - name: Parse and mask test secrets shell: bash diff --git a/actions/pr-quality-check/action.yml b/actions/pr-quality-check/action.yml index 616ad2fd4..4922777c0 100644 --- a/actions/pr-quality-check/action.yml +++ b/actions/pr-quality-check/action.yml @@ -104,7 +104,7 @@ runs: if: env.SHOULD_RUN == 'true' && github.event.action != 'closed' uses: actions/setup-python@v5 with: - python-version: "3.11" + python-version: "3.14" - name: Install dependencies if: env.SHOULD_RUN == 'true' && github.event.action != 'closed' @@ -326,7 +326,7 @@ runs: steps.check-claude.outputs.should-run-claude == 'true' && steps.check-fingerprint.outputs.fingerprint-changed == 'true' && github.event.pull_request.head.repo.full_name == github.repository - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c #v2.1.2 + uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2.1.13 with: credentials_json: ${{ inputs.claude-code-gcp-service-account-key }} create_credentials_file: true diff --git a/actions/pr-slack-alert/action.yml b/actions/pr-slack-alert/action.yml index 6ca19691a..719fef6ad 100644 --- a/actions/pr-slack-alert/action.yml +++ b/actions/pr-slack-alert/action.yml @@ -56,7 +56,7 @@ runs: - name: Send slack alert if: steps.filter.outputs.SKIP_SLACK != 'true' id: slack - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e #v1.26.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 with: channel-id: ${{ inputs.slack-channel-id }} # https://api.slack.com/surfaces/messages#payloads diff --git a/actions/promote-image-ecr/action.yaml b/actions/promote-image-ecr/action.yaml index 16298d7ad..57b4d717d 100644 --- a/actions/promote-image-ecr/action.yaml +++ b/actions/promote-image-ecr/action.yaml @@ -78,29 +78,29 @@ runs: using: "composite" steps: - name: Install cosign - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 with: cosign-release: "v3.0.2" - name: Configure AWS credentials (SOURCE) - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.source-role-arn }} aws-region: ${{ inputs.source-aws-region || inputs.aws-region }} - name: Login to Amazon ECR (SOURCE) id: src - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 - name: Configure AWS credentials (DESTINATION) - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.destination-role-arn }} aws-region: ${{ inputs.destination-aws-region || inputs.aws-region }} - name: Login to Amazon ECR (DESTINATION) id: dst - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 - name: Copy image shell: bash diff --git a/actions/pull-private-ecr-image/action.yml b/actions/pull-private-ecr-image/action.yml index 4e5bf3091..07b147773 100644 --- a/actions/pull-private-ecr-image/action.yml +++ b/actions/pull-private-ecr-image/action.yml @@ -68,7 +68,7 @@ runs: fi - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: ${{ inputs.aws-region }} role-to-assume: ${{ inputs.aws-role-arn }} @@ -76,7 +76,7 @@ runs: mask-aws-account-id: true - name: Login to Amazon ECR - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 + uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2.1.3 with: registries: ${{ inputs.aws-account-number }} diff --git a/actions/setup-gap/action.yml b/actions/setup-gap/action.yml index 74f0d030d..b01715796 100644 --- a/actions/setup-gap/action.yml +++ b/actions/setup-gap/action.yml @@ -159,7 +159,7 @@ runs: - name: Assume role # We only need to assume a role if we intend to use k8s API server access via the proxy if: inputs.use-k8s == 'true' - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.aws-role-arn }} role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} diff --git a/actions/setup-github-token/action.yml b/actions/setup-github-token/action.yml index 4831a1797..269ad47c3 100644 --- a/actions/setup-github-token/action.yml +++ b/actions/setup-github-token/action.yml @@ -47,7 +47,7 @@ runs: fi - name: Assume role capable of getting token from gati - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: ${{ inputs.aws-region }} mask-aws-account-id: true diff --git a/actions/setup-nix-cache/action.yml b/actions/setup-nix-cache/action.yml index 0c0f36b6e..35720ed02 100644 --- a/actions/setup-nix-cache/action.yml +++ b/actions/setup-nix-cache/action.yml @@ -42,7 +42,7 @@ runs: steps: # Step to configure AWS credentials for Nix cache - name: Configure AWS credentials for Nix cache - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.role-to-assume }} role-duration-seconds: ${{ inputs.role-duration-seconds }} diff --git a/actions/setup-renovate/action.yml b/actions/setup-renovate/action.yml index 76cd88c7b..bfbb7f882 100644 --- a/actions/setup-renovate/action.yml +++ b/actions/setup-renovate/action.yml @@ -62,7 +62,7 @@ runs: aws-role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} - name: Run renovate - uses: renovatebot/github-action@76d49712364696a06b60e8647df46b288fff0ddc # v40.2.4 + uses: renovatebot/github-action@0984fb80fc633b17e57f3e8b6c007fe0dc3e0d62 # v40.3.6 with: renovate-version: ${{ inputs.renovate-version }} token: ${{ steps.get-access-token.outputs.access-token }} diff --git a/actions/slack-notify-git-ref/action.yml b/actions/slack-notify-git-ref/action.yml index 2f1c20127..b983b99a0 100644 --- a/actions/slack-notify-git-ref/action.yml +++ b/actions/slack-notify-git-ref/action.yml @@ -141,7 +141,7 @@ runs: } >> $GITHUB_ENV - name: Notify slack - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 with: payload: ${{ env.payload }} channel-id: ${{ inputs.slack-channel-id }}