🌱 Bump the github-actions group with 9 updates

Bumps the github-actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.1.2` | `2.3.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.0` | `4.3.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.2.4` | `3.24.10` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `4` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `2` | `3` | | [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools) | `0.3.0` | `0.4.3` | | [actions/setup-python](https://github.com/actions/setup-python) | `4` | `5` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `1` | `2` | | [actions/stale](https://github.com/actions/stale) | `8` | `9` | Updates `ossf/scorecard-action` from 2.1.2 to 2.3.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@e38b190...0864cf1) Updates `actions/upload-artifact` from 3.1.0 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@3cea537...5d5d22a) Updates `github/codeql-action` from 2.2.4 to 3.24.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@17573ee...4355270) Updates `codecov/codecov-action` from 3 to 4 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3...v4) Updates `peter-evans/repository-dispatch` from 2 to 3 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](peter-evans/repository-dispatch@v2...v3) Updates `kubernetes-sigs/kubebuilder-release-tools` from 0.3.0 to 0.4.3 - [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases) - [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md) - [Commits](kubernetes-sigs/kubebuilder-release-tools@v0.3.0...v0.4.3) Updates `actions/setup-python` from 4 to 5 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) Updates `softprops/action-gh-release` from 1 to 2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v1...v2) Updates `actions/stale` from 8 to 9 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v8...v9) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/repository-dispatch dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: kubernetes-sigs/kubebuilder-release-tools dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>
open-cluster-management-io · Apr 8, 2024 · 9a8db78 · 9a8db78
1 parent e8f593e
commit 9a8db78
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 10 deletions.
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -59,14 +59,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/post.yml b/.github/workflows/post.yml
@@ -33,7 +33,7 @@ jobs:
       - name: unit
         run: make test
       - name: report coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           files: ./coverage.out
           flags: unit
@@ -139,7 +139,7 @@ jobs:
     name: trigger clusteradm e2e
     runs-on: ubuntu-latest
     steps:
-      - uses: peter-evans/repository-dispatch@v2
+      - uses: peter-evans/repository-dispatch@v3
         with:
           token: ${{ secrets.OCM_BOT_PAT }}
           repository: open-cluster-management-io/clusteradm

diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml
@@ -21,6 +21,6 @@ jobs:
     steps:
       - name: Verifier action
         id: verifier
-        uses: kubernetes-sigs/kubebuilder-release-tools@v0.3.0
+        uses: kubernetes-sigs/kubebuilder-release-tools@v0.4.3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pre.yml b/.github/workflows/pre.yml
@@ -63,7 +63,7 @@ jobs:
       - name: unit
         run: make test
       - name: report coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           files: ./coverage.out
           flags: unit

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -50,7 +50,7 @@ jobs:
           fetch-depth: 1
           path: go/src/open-cluster-management.io/ocm
       - name: Set up Python 3.x
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           # Semantic version range syntax or exact version of a Python version
           python-version: '3.x'
@@ -64,7 +64,7 @@ jobs:
           cat /home/runner/work/changelog.txt
       - name: publish release
         if: github.event_name != 'pull_request'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/.github/workflows/stable.yaml b/.github/workflows/stable.yaml
@@ -15,7 +15,7 @@ jobs:
       pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v8
+      - uses: actions/stale@v9
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. After 14 days of inactivity, it will be closed. Remove the `stable` label to prevent this issue from being closed.'