From a12e9dea762c004c254977235a963183a218ef91 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 May 2026 07:40:29 +0000 Subject: [PATCH] chore(ci): bump the github-actions group across 1 directory with 7 updates Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6.1.0` | `8.1.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.1.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` | | [actions/github-script](https://github.com/actions/github-script) | `8` | `9` | Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...v6.0.2) Updates `astral-sh/setup-uv` from 6.1.0 to 8.1.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/v6.1...v8.1.0) Updates `actions/setup-python` from 5.6.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.6.0...v6.2.0) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121) Updates `docker/build-push-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/d08e5c354a6adb9ed34480a06d141179aa583294...bcafcacb16a39f128d818304e6c9c0c18556b85f) Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6) Updates `actions/github-script` from 8 to 9 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v8...v9) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build-workspace-images.yml | 12 +++++----- .../workflows/claude-cli-version-check.yml | 4 ++-- .github/workflows/plugin-tag.yml | 2 +- .github/workflows/qa.yml | 24 +++++++++---------- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build-workspace-images.yml b/.github/workflows/build-workspace-images.yml index 91da2cc1..f3ec1f49 100644 --- a/.github/workflows/build-workspace-images.yml +++ b/.github/workflows/build-workspace-images.yml @@ -74,7 +74,7 @@ jobs: # Checkout # ------------------------------------------------------------------- - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 @@ -82,12 +82,12 @@ jobs: # Python + uv (for build-provider.py staging) # ------------------------------------------------------------------- - name: Install uv - uses: astral-sh/setup-uv@f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb # v6 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v6 with: enable-cache: true - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" @@ -146,7 +146,7 @@ jobs: # ------------------------------------------------------------------- - name: Log in to GHCR if: steps.version.outputs.should_push == 'true' - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -183,7 +183,7 @@ jobs: # ------------------------------------------------------------------- - name: Build and push image id: push - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: build/${{ matrix.provider }} file: build/${{ matrix.provider }}/Dockerfile @@ -201,7 +201,7 @@ jobs: # ------------------------------------------------------------------- - name: Install cosign if: steps.version.outputs.should_push == 'true' - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Sign image with cosign if: steps.version.outputs.should_push == 'true' diff --git a/.github/workflows/claude-cli-version-check.yml b/.github/workflows/claude-cli-version-check.yml index 693275a4..3c2e9c4f 100644 --- a/.github/workflows/claude-cli-version-check.yml +++ b/.github/workflows/claude-cli-version-check.yml @@ -14,7 +14,7 @@ jobs: check-version: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Get pinned version from Dockerfile id: pinned @@ -48,7 +48,7 @@ jobs: - name: Open issue if version changed if: steps.pinned.outputs.version != steps.latest.outputs.version - uses: actions/github-script@v8 + uses: actions/github-script@v9 with: script: | const pinned = '${{ steps.pinned.outputs.version }}'; diff --git a/.github/workflows/plugin-tag.yml b/.github/workflows/plugin-tag.yml index 2329fc38..521ec29a 100644 --- a/.github/workflows/plugin-tag.yml +++ b/.github/workflows/plugin-tag.yml @@ -12,7 +12,7 @@ jobs: name: Tag Plugin Versions runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 with: fetch-depth: 2 diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index 27d0c0cb..114aaf5d 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -41,16 +41,16 @@ jobs: steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Setup UV - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: enable-cache: true cache-dependency-glob: "${{ matrix.package.path }}/uv.lock" - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: ${{ matrix.package.python }} @@ -79,15 +79,15 @@ jobs: name: Python Hooks & Unit Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Setup UV - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: enable-cache: true - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: "3.12" @@ -107,16 +107,16 @@ jobs: name: Consumer Contract Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Setup UV - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: enable-cache: true cache-dependency-glob: "tests/consumer_contracts/uv.lock" - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: "3.12" @@ -136,10 +136,10 @@ jobs: name: Plugin Validation runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: "3.12" @@ -350,7 +350,7 @@ jobs: if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 with: fetch-depth: 0