From e06c01f09c74075e1ddc6f0d72a30ba1d248a57d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 04:56:32 +0000 Subject: [PATCH 1/2] chore(deps): bump the actions group with 5 updates Bumps the actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.2.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.5.0` | `4.2.0` | | [docker/scout-action](https://github.com/docker/scout-action) | `1.20.4` | `1.21.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.36.0` | `4.36.0` | Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v4...v4.1.0) Updates `docker/build-push-action` from 6.19.2 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...f9f3042f7e2789586610d6e8b85c8f03e5195baf) Updates `docker/login-action` from 3.5.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/184bdaa0721073962dff0199f1fb9940f07167d1...650006c6eb7dba73a995cc03b0b2d7f5ca915bee) Updates `docker/scout-action` from 1.20.4 to 1.21.0 - [Release notes](https://github.com/docker/scout-action/releases) - [Commits](https://github.com/docker/scout-action/compare/bacf462e8d090c09660de30a6ccc718035f961e3...cd72f264beff1cd72735de31148b9d3244a0234a) Updates `github/codeql-action` from 3.36.0 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/03e4368ac7daa2bd82b3e85262f3bf87ee112f57...7211b7c8077ea37d8641b6271f6a365a22a5fbfa) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/scout-action dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/CI.yml | 2 +- .github/workflows/docker-scout.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 87a50a5..508a881 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -44,7 +44,7 @@ jobs: - uses: actions/checkout@v6.0.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4.0.0 + uses: docker/setup-buildx-action@v4.1.0 - name: Check formatting run: make install-deps && make lint diff --git a/.github/workflows/docker-scout.yml b/.github/workflows/docker-scout.yml index 252f452..8df41bc 100644 --- a/.github/workflows/docker-scout.yml +++ b/.github/workflows/docker-scout.yml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Build image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: file: Dockerfile build-args: | @@ -37,13 +37,13 @@ jobs: tags: xianpengshen/clang-tools:21 - name: Login to Docker Hub - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Docker Scout CVEs - uses: docker/scout-action@bacf462e8d090c09660de30a6ccc718035f961e3 # v1.20.4 + uses: docker/scout-action@cd72f264beff1cd72735de31148b9d3244a0234a # v1.21.0 with: command: cves image: xianpengshen/clang-tools:21 @@ -51,6 +51,6 @@ jobs: only-severities: critical,high - name: Upload SARIF to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@03e4368ac7daa2bd82b3e85262f3bf87ee112f57 # v3.35.1 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.35.1 with: sarif_file: scout.sarif From 40fa1828eb88e758df6e2b4ca60947f58549a858 Mon Sep 17 00:00:00 2001 From: Xianpeng Shen Date: Fri, 29 May 2026 08:06:51 +0300 Subject: [PATCH 2/2] Skip Docker actions for dependabot Added conditional checks to skip actions for dependabot. --- .github/workflows/docker-scout.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/docker-scout.yml b/.github/workflows/docker-scout.yml index 8df41bc..c148e6a 100644 --- a/.github/workflows/docker-scout.yml +++ b/.github/workflows/docker-scout.yml @@ -37,12 +37,14 @@ jobs: tags: xianpengshen/clang-tools:21 - name: Login to Docker Hub + if: github.actor != 'dependabot[bot]' uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Docker Scout CVEs + if: github.actor != 'dependabot[bot]' uses: docker/scout-action@cd72f264beff1cd72735de31148b9d3244a0234a # v1.21.0 with: command: cves @@ -51,6 +53,7 @@ jobs: only-severities: critical,high - name: Upload SARIF to GitHub Code Scanning + if: github.actor != 'dependabot[bot]' uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.35.1 with: sarif_file: scout.sarif