From 6cf230728124fe69ed603003b63ea622c8719c6f Mon Sep 17 00:00:00 2001 From: "oep-renovate[bot]" <212772560+oep-renovate[bot]@users.noreply.github.com> Date: Wed, 4 Feb 2026 02:59:22 +0000 Subject: [PATCH] chore(deps): update github actions Signed-off-by: oep-renovate[bot] <212772560+oep-renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/collect-sbom-library.yaml | 2 +- .github/workflows/docs.yml | 8 ++++---- .github/workflows/pre_commit.yml | 12 ++++++------ .github/workflows/publish.yaml | 4 ++-- .github/workflows/renovate-config-validator.yml | 2 +- .github/workflows/renovate.yml | 4 ++-- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/security-scan.yml | 12 ++++++------ 9 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bd9cdcfc..c7f5a234 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,19 +26,19 @@ jobs: - language: python steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/init@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 with: languages: ${{ matrix.language }} build-mode: none queries: security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/analyze@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/collect-sbom-library.yaml b/.github/workflows/collect-sbom-library.yaml index dc221eb0..995ce68f 100644 --- a/.github/workflows/collect-sbom-library.yaml +++ b/.github/workflows/collect-sbom-library.yaml @@ -13,7 +13,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index bc59d7ec..427a132c 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,19 +15,19 @@ jobs: contents: write steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: ".python-version" - name: Install uv - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 + uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 with: - version: "0.9.27" + version: "0.9.29" - name: Install dependencies run: | diff --git a/.github/workflows/pre_commit.yml b/.github/workflows/pre_commit.yml index cc225a14..cfaffc0d 100644 --- a/.github/workflows/pre_commit.yml +++ b/.github/workflows/pre_commit.yml @@ -19,20 +19,20 @@ jobs: steps: - &checkout name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: ".python-version" - name: Install uv - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 + uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 with: enable-cache: false - version: "0.9.27" + version: "0.9.29" - name: Install dependencies run: uv sync --locked --all-extras @@ -58,11 +58,11 @@ jobs: - &matrix-setup-uv name: Install uv - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 + uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 with: enable-cache: false python-version: ${{ matrix.python-version }} - version: "0.9.27" + version: "0.9.29" - &install-dependencies name: Install dependencies diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index a67a1b33..f706a442 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -13,12 +13,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: ".python-version" diff --git a/.github/workflows/renovate-config-validator.yml b/.github/workflows/renovate-config-validator.yml index d5347fa4..d77173af 100644 --- a/.github/workflows/renovate-config-validator.yml +++ b/.github/workflows/renovate-config-validator.yml @@ -30,7 +30,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 9558709c..65a5ead5 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -58,7 +58,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -70,7 +70,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PEM }} - name: Self-hosted Renovate - uses: renovatebot/github-action@8b7941943a108b2cc2150730963164aa8baeab8c # v44.2.2 + uses: renovatebot/github-action@3c68caaa9db5ff24332596591dc7c4fed8de16ce # v46.0.1 with: configurationFile: .github/renovate.json5 token: "${{ steps.get-github-app-token.outputs.token }}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6035bbb0..fde969e5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -36,6 +36,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 with: sarif_file: results.sarif diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 04911b09..c930642f 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -32,12 +32,12 @@ jobs: steps: - &checkout name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Run Zizmor scan - uses: open-edge-platform/geti-ci/actions/zizmor@d30e32248aa6bd06adeda7129b50a38bdbceca12 + uses: open-edge-platform/geti-ci/actions/zizmor@eee8dda846963533ec8b4498086f4432e3adea59 with: scan-scope: ${{ github.event_name == 'pull_request' && 'changed' || 'all' }} severity-level: "LOW" @@ -53,7 +53,7 @@ jobs: - *checkout - name: Run Bandit scan - uses: open-edge-platform/geti-ci/actions/bandit@d30e32248aa6bd06adeda7129b50a38bdbceca12 + uses: open-edge-platform/geti-ci/actions/bandit@eee8dda846963533ec8b4498086f4432e3adea59 with: scan-scope: ${{ github.event_name == 'pull_request' && 'changed' || 'all' }} severity-level: "LOW" @@ -71,7 +71,7 @@ jobs: - *checkout - name: Run Trivy scan - uses: open-edge-platform/geti-ci/actions/trivy@d30e32248aa6bd06adeda7129b50a38bdbceca12 + uses: open-edge-platform/geti-ci/actions/trivy@eee8dda846963533ec8b4498086f4432e3adea59 with: scan_type: "fs" scan-scope: all @@ -88,13 +88,13 @@ jobs: security-events: write # Needed to upload the results to code-scanning dashboard steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false fetch-depth: 0 - name: Run Semgrep scan - uses: open-edge-platform/geti-ci/actions/semgrep@d30e32248aa6bd06adeda7129b50a38bdbceca12 + uses: open-edge-platform/geti-ci/actions/semgrep@eee8dda846963533ec8b4498086f4432e3adea59 with: scan-scope: ${{ github.event_name == 'pull_request' && 'changed' || 'all' }} severity: "LOW"