Skip to content

Commit 13d4f8d

Browse files
chore(deps): update github actions (#865)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 5cb782e commit 13d4f8d

8 files changed

Lines changed: 42 additions & 42 deletions

File tree

.github/workflows/deployment.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ jobs:
9191
# Also build the diracx metapackage
9292
python -m build --outdir $PWD/dist .
9393
- name: 'Upload Artifact'
94-
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
94+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
9595
with:
9696
name: diracx-whl
9797
path: dist/diracx*.whl
@@ -100,7 +100,7 @@ jobs:
100100
# https://docs.pypi.org/trusted-publishers/
101101
- name: Publish package on PyPI
102102
if: steps.check-tag.outputs.create-release == 'true'
103-
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
103+
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
104104
with:
105105
# Generate and upload PEP 740 attestations (build provenance) for the wheels.
106106
attestations: true
@@ -120,19 +120,19 @@ jobs:
120120
with:
121121
persist-credentials: false
122122
- name: Set up QEMU
123-
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
123+
uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
124124
- name: Set up Docker Buildx
125-
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
125+
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
126126
- name: Login to GitHub container registry
127-
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
127+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
128128
with:
129129
registry: ghcr.io
130130
username: ${{ github.actor }}
131131
password: ${{ secrets.GITHUB_TOKEN }}
132132

133133
- name: Build and push services (release)
134134
id: build-services-release
135-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
135+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
136136
if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
137137
with:
138138
context: .
@@ -150,7 +150,7 @@ jobs:
150150
push-to-registry: true
151151
- name: Build and push tasks (release)
152152
id: build-tasks-release
153-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
153+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
154154
if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
155155
with:
156156
context: .
@@ -168,7 +168,7 @@ jobs:
168168
push-to-registry: true
169169
- name: Build and push client (release)
170170
id: build-client-release
171-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
171+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
172172
if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
173173
with:
174174
context: .
@@ -186,7 +186,7 @@ jobs:
186186
push-to-registry: true
187187

188188
- name: Build and push services (dev)
189-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
189+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
190190
with:
191191
context: .
192192
file: containers/Dockerfile
@@ -195,7 +195,7 @@ jobs:
195195
tags: ghcr.io/diracgrid/diracx/services:dev
196196
platforms: linux/amd64,linux/arm64
197197
- name: Build and push tasks (dev)
198-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
198+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
199199
with:
200200
context: .
201201
file: containers/Dockerfile
@@ -204,7 +204,7 @@ jobs:
204204
tags: ghcr.io/diracgrid/diracx/tasks:dev
205205
platforms: linux/amd64,linux/arm64
206206
- name: Build and push client (dev)
207-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
207+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
208208
with:
209209
context: .
210210
file: containers/Dockerfile
@@ -262,7 +262,7 @@ jobs:
262262
echo "current_chart_version=$CURRENT_CHART_VERSION" >> $GITHUB_OUTPUT
263263
echo "new_chart_version=$NEW_CHART_VERSION" >> $GITHUB_OUTPUT
264264
echo "diracx_version=$VERSION" >> $GITHUB_OUTPUT
265-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
265+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
266266
with:
267267
working-directory: ./diracx-charts
268268
- name: Run pre-commit to update README

.github/workflows/draft-on-changes-requested.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626

2727
draft:
2828
needs: get-pr
29-
uses: DIRACGrid/.github/.github/workflows/draft-on-changes-requested.yml@eab297d50d33cf7eabf0b388ac57d1f91e36d14c # main
29+
uses: DIRACGrid/.github/.github/workflows/draft-on-changes-requested.yml@a599200da5df9e3ea9104a6b9b99eb5bf83754a3 # main
3030
with:
3131
pr_number: ${{ fromJSON(needs.get-pr.outputs.pr_number) }}
3232
secrets:

.github/workflows/integration.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ jobs:
9595
echo "::group::DIRAC server logs"
9696
cd /tmp/DIRACRepo && ./integration_tests.py logs --no-follow --lines 1000 2>&1 | tee /tmp/service-logs/dirac.log || true
9797
echo "::endgroup::"
98-
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
98+
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
9999
if: ${{ failure() }}
100100
with:
101101
name: service-logs-${{ github.job }}

.github/workflows/main.yml

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -33,11 +33,11 @@ jobs:
3333
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
3434
with:
3535
persist-credentials: false
36-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
36+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
3737
with:
3838
run-install: false
3939
post-cleanup: false
40-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
40+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
4141
with:
4242
cache: false
4343
environments: shellcheck
@@ -70,7 +70,7 @@ jobs:
7070
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
7171
with:
7272
persist-credentials: false
73-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
73+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
7474
with:
7575
run-install: false
7676
post-cleanup: false
@@ -81,7 +81,7 @@ jobs:
8181
rm pixi.toml.bak
8282
# Show any changes
8383
git diff
84-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
84+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
8585
with:
8686
cache: false
8787
environments: ${{ matrix.package }}
@@ -123,7 +123,7 @@ jobs:
123123
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
124124
with:
125125
persist-credentials: false
126-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
126+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
127127
with:
128128
run-install: false
129129
post-cleanup: false
@@ -134,14 +134,14 @@ jobs:
134134
rm pixi.toml.bak
135135
# Show any changes
136136
git diff
137-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
137+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
138138
with:
139139
cache: false
140140
environments: ${{ matrix.extension == 'diracx' && 'default' || 'default-gubbins' }}
141141
- name: Set up Docker Buildx
142-
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
142+
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
143143
- name: Build services image
144-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
144+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
145145
with:
146146
context: .
147147
file: containers/Dockerfile
@@ -150,7 +150,7 @@ jobs:
150150
tags: ghcr.io/${{ matrix.extension == 'diracx' && 'diracgrid/diracx' || 'gubbins' }}/services:dev
151151
outputs: type=docker,dest=/tmp/services_image.tar
152152
- name: Build tasks image
153-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
153+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
154154
with:
155155
context: .
156156
file: containers/Dockerfile
@@ -159,7 +159,7 @@ jobs:
159159
tags: ghcr.io/${{ matrix.extension == 'diracx' && 'diracgrid/diracx' || 'gubbins' }}/tasks:dev
160160
outputs: type=docker,dest=/tmp/tasks_image.tar
161161
- name: Build client image
162-
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
162+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
163163
with:
164164
context: .
165165
file: containers/Dockerfile
@@ -247,11 +247,11 @@ jobs:
247247
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
248248
with:
249249
persist-credentials: false
250-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
250+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
251251
with:
252252
run-install: false
253253
post-cleanup: false
254-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
254+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
255255
with:
256256
cache: false
257257
locked: false
@@ -270,11 +270,11 @@ jobs:
270270
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
271271
with:
272272
persist-credentials: false
273-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
273+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
274274
with:
275275
run-install: false
276276
post-cleanup: false
277-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
277+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
278278
with:
279279
cache: false
280280
environments: pre-commit

.github/workflows/record-changes-requested.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
runs-on: ubuntu-latest
1313
steps:
1414
- run: echo "${{ github.event.pull_request.number }}" > pr_number.txt
15-
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
15+
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
1616
with:
1717
name: pr-info
1818
path: pr_number.txt

.github/workflows/update_security_txt_expiry.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ jobs:
7676

7777
- name: Create Pull Request
7878
if: steps.update_script.outputs.changes_made == 'true'
79-
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
79+
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
8080
with:
8181
token: ${{ secrets.GITHUB_TOKEN }}
8282
commit-message: "chore(security): Update security.txt expiry date"

.github/workflows/vulnerabilities.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -22,28 +22,28 @@ jobs:
2222
tags: true
2323
persist-credentials: false
2424
- name: Run Trivy (client:dev)
25-
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
25+
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
2626
with:
2727
image-ref: "ghcr.io/diracgrid/diracx/client:dev"
2828
format: "sarif"
2929
output: "client-dev-vulnerability-report.sarif"
3030

3131
- name: Upload SARIF to GitHub Security (client:dev)
32-
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
32+
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
3333
with:
3434
sarif_file: "client-dev-vulnerability-report.sarif"
3535
category: "client-dev"
3636

3737
- name: Run Trivy (services:dev)
38-
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
38+
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
3939
with:
4040
image-ref: "ghcr.io/diracgrid/diracx/services:dev"
4141
format: "sarif"
4242
output: "services-dev-vulnerability-report.sarif"
4343
skip-setup-trivy: true
4444

4545
- name: Upload SARIF to GitHub Security (services:dev)
46-
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
46+
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
4747
with:
4848
sarif_file: "services-dev-vulnerability-report.sarif"
4949
category: "services-dev"
@@ -61,7 +61,7 @@ jobs:
6161
6262
- name: Run Trivy (client:release)
6363
if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }}
64-
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
64+
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
6565
with:
6666
image-ref: "ghcr.io/diracgrid/diracx/client:${{ steps.get-latest-tag.outputs.latest_tag }}"
6767
format: "sarif"
@@ -70,14 +70,14 @@ jobs:
7070

7171
- name: Upload SARIF to GitHub Security (client:rel)
7272
if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }}
73-
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
73+
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
7474
with:
7575
sarif_file: "client-rel-vulnerability-report.sarif"
7676
category: "client-rel"
7777

7878
- name: Run Trivy (services:release)
7979
if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }}
80-
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
80+
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
8181
with:
8282
image-ref: "ghcr.io/diracgrid/diracx/services:${{ steps.get-latest-tag.outputs.latest_tag }}"
8383
format: "sarif"
@@ -86,7 +86,7 @@ jobs:
8686

8787
- name: Upload SARIF to GitHub Security (services:rel)
8888
if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }}
89-
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
89+
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
9090
with:
9191
sarif_file: "services-rel-vulnerability-report.sarif"
9292
category: "services-rel"

extensions/gubbins/.github/workflows/main.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
with:
3232
persist-credentials: false
3333

34-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
34+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
3535
with:
3636
run-install: false
3737
post-cleanup: false
@@ -42,7 +42,7 @@ jobs:
4242
rm pixi.toml.bak
4343
# Show any changes
4444
git diff
45-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
45+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
4646
with:
4747
environments: ${{ matrix.package }}
4848
- name: Run pytest
@@ -58,11 +58,11 @@ jobs:
5858
with:
5959
persist-credentials: false
6060

61-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
61+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
6262
with:
6363
run-install: false
6464
post-cleanup: false
65-
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
65+
- uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6
6666
with:
6767
environments: generate-client
6868
- name: Run autorest

0 commit comments

Comments
 (0)