From 398b978b44c123f21df060834c700a969ee80aa7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 15:49:21 +0000 Subject: [PATCH] build(deps): bump the github-actions group with 8 updates Bumps the github-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `7` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `4` | `6` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5` | `7` | | [fossas/fossa-action](https://github.com/fossas/fossa-action) | `1.4.0` | `2.0.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` | Updates `actions/checkout` from 4 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v7) Updates `docker/metadata-action` from 4 to 6 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v4...v6) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) Updates `docker/build-push-action` from 5 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v7) Updates `fossas/fossa-action` from 1.4.0 to 2.0.0 - [Release notes](https://github.com/fossas/fossa-action/releases) - [Commits](https://github.com/fossas/fossa-action/compare/v1.4.0...v2.0.0) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: fossas/fossa-action dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 16 ++++++++-------- .github/workflows/fossa.yml | 4 ++-- .github/workflows/pull_request.yml | 8 ++++---- .github/workflows/release.yml | 16 ++++++++-------- .github/workflows/trivy-ci.yml | 10 +++++----- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7d3ade7..0ccce26 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,7 +30,7 @@ jobs: - image: alpine-bash steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v7 - name: Set Image Org # sets the default IMAGE_ORG to openebs @@ -54,7 +54,7 @@ jobs: - name: Docker meta id: docker_meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v6 with: # add each registry to which the image needs to be pushed here images: | @@ -70,38 +70,38 @@ jobs: echo "${{ steps.docker_meta.outputs.tags }}" - name: Setup QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 with: platforms: all - name: Setup Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: version: v0.13.1 - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to Quay - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_TOKEN }} - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build & Push Image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: true diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 35918d3..9cf18af 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -8,9 +8,9 @@ jobs: fossa-scan: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v7 with: submodules: recursive - - uses: fossas/fossa-action@v1.4.0 + - uses: fossas/fossa-action@v2.0.0 with: api-key: ${{ secrets.FOSSA_API_KEY }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 1c014e5..4984a41 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -33,21 +33,21 @@ jobs: - image: alpine-bash steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v7 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 with: platforms: all - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: version: v0.13.1 - name: Build Image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: false diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4e29cb4..5f7e802 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: - image: alpine-bash steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v7 - name: Set Image Org # sets the default IMAGE_ORG to openebs @@ -50,7 +50,7 @@ jobs: - name: Docker meta id: docker_meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v6 with: # add each registry to which the image needs to be pushed here images: | @@ -66,38 +66,38 @@ jobs: echo "RELEASE TAG: ${RELEASE_TAG}" - name: Setup QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 with: platforms: all - name: Setup Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: version: v0.13.1 - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to Quay - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_TOKEN }} - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build & Push Image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: true diff --git a/.github/workflows/trivy-ci.yml b/.github/workflows/trivy-ci.yml index 221439c..9535d59 100644 --- a/.github/workflows/trivy-ci.yml +++ b/.github/workflows/trivy-ci.yml @@ -21,21 +21,21 @@ jobs: - image: alpine-bash steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v7 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 with: platforms: all - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: version: v0.13.1 - name: Build Image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: false @@ -45,7 +45,7 @@ jobs: openebs/${{ matrix.image }}:ci - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@v0.35.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: 'openebs/${{ matrix.image }}:ci' format: 'sarif'