From a43f0efbdae4661f6d23e6ca7c3c20f23cc77436 Mon Sep 17 00:00:00 2001 From: Chris Bandy Date: Wed, 7 May 2025 16:18:19 -0500 Subject: [PATCH 1/3] Use Dependabot to update local composite actions The 'directory: /' configuration only looks at workflows. --- .github/dependabot.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 639a059edc..75a5bb6769 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,12 +2,14 @@ # https://docs.github.com/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates # # See: https://www.github.com/dependabot/dependabot-core/issues/4605 ---- # yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json +--- version: 2 updates: - package-ecosystem: github-actions - directory: / + directories: + - '/' + - '.github/actions/*' schedule: interval: weekly day: tuesday From 9be050c582d94ecf0ba4b4db07e11b1486148c77 Mon Sep 17 00:00:00 2001 From: Chris Bandy Date: Tue, 13 May 2025 23:15:47 -0500 Subject: [PATCH 2/3] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 75a5bb6769..e26c08b302 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,7 +12,7 @@ updates: - '.github/actions/*' schedule: interval: weekly - day: tuesday + day: wednesday groups: all-github-actions: patterns: ['*'] From 120fd6c0da98b427519fcc145ae0a1a4a593f0f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 May 2025 04:16:45 +0000 Subject: [PATCH 3/3] Bump the all-github-actions group across 2 directories with 2 updates Bumps the all-github-actions group with 1 update in the / directory: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Bumps the all-github-actions group with 1 update in the /.github/actions/trivy directory: [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy). Updates `golangci/golangci-lint-action` from 7 to 8 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v7...v8) Updates `aquasecurity/setup-trivy` from 0.2.2 to 0.2.3 - [Release notes](https://github.com/aquasecurity/setup-trivy/releases) - [Commits](https://github.com/aquasecurity/setup-trivy/compare/v0.2.2...v0.2.3) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: aquasecurity/setup-trivy dependency-version: 0.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] --- .github/actions/trivy/action.yaml | 2 +- .github/workflows/lint.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/trivy/action.yaml b/.github/actions/trivy/action.yaml index d5d51e0441..d1a5f4f6aa 100644 --- a/.github/actions/trivy/action.yaml +++ b/.github/actions/trivy/action.yaml @@ -54,7 +54,7 @@ runs: # Install Trivy as requested. - if: ${{ ! contains(fromJSON(steps.parsed.outputs.setup), 'none') }} - uses: aquasecurity/setup-trivy@v0.2.2 + uses: aquasecurity/setup-trivy@v0.2.3 with: cache: ${{ contains(fromJSON(steps.parsed.outputs.setup), 'cache') }} version: ${{ steps.parsed.outputs.version }} diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5f3670f574..f164e72a43 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -19,7 +19,7 @@ jobs: - uses: actions/setup-go@v5 with: { go-version: stable } - - uses: golangci/golangci-lint-action@v7 + - uses: golangci/golangci-lint-action@v8 with: version: latest args: --timeout=5m