From b6cf18fce3ef97c8d8e4f63215ed06b4f3ae7387 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 05:39:29 +0000 Subject: [PATCH] chore(deps): Bump actions/upload-artifact from 4.4.3 to 4.5.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.3 to 4.5.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...6f51ac03b9356f520e9adb1b1b7802705f340c2b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/phase_1_keycloak.yml | 16 ++++++++-------- .github/workflows/phase_1_python.yml | 12 ++++++------ .github/workflows/phase_2_kubectl.yml | 16 ++++++++-------- .github/workflows/scorecard.yml | 2 +- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/phase_1_keycloak.yml b/.github/workflows/phase_1_keycloak.yml index 6b8998c..05cea9f 100644 --- a/.github/workflows/phase_1_keycloak.yml +++ b/.github/workflows/phase_1_keycloak.yml @@ -50,13 +50,13 @@ jobs: keycloak-${KEYCLOAK_TAG} - name: Upload Generated CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: generated-keycloak-sbom-cyclonedx path: "/tmp/generated-keycloak-sbom.cdx.json" - name: Upload Generated SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: generated-keycloak-sbom-spdx path: "/tmp/generated-keycloak-sbom.spdx.json" @@ -115,13 +115,13 @@ jobs: augmented_keycloak-sbom.cdx.json > /tmp/augmented_keycloak-sbom.cdx.json - name: Upload Augmented SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: augmented-keycloak-sbom-spdx path: "/tmp/augmented_keycloak-sbom.spdx.json" - name: Upload Augmented CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: augmented-keycloak-sbom-cyclonedx path: "/tmp/augmented_keycloak-sbom.cdx.json" @@ -152,13 +152,13 @@ jobs: augmented-keycloak-sbom-spdx/augmented_keycloak-sbom.spdx.json > /tmp/enriched_keycloak-sbom.spdx.json - name: Upload Enriched SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: enriched-keycloak-sbom-spdx path: "/tmp/enriched_keycloak-sbom.spdx.json" - name: Upload Enriched CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: enriched-keycloak-sbom-cyclonedx path: "/tmp/enriched_keycloak-sbom.cdx.json" @@ -169,13 +169,13 @@ jobs: cp /tmp/enriched_keycloak-sbom.cdx.json /tmp/final_keycloak-sbom.cdx.json - name: Upload Final SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: final-keycloak-sbom-spdx path: "/tmp/final_keycloak-sbom.spdx.json" - name: Upload Final CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: final-keycloak-sbom-cyclonedx path: "/tmp/final_keycloak-sbom.cdx.json" diff --git a/.github/workflows/phase_1_python.yml b/.github/workflows/phase_1_python.yml index cd4d36a..f04320a 100644 --- a/.github/workflows/phase_1_python.yml +++ b/.github/workflows/phase_1_python.yml @@ -53,13 +53,13 @@ jobs: phase-1-python - name: Upload CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: container-sbom-cyclonedx path: "/tmp/container-sbom.cdx.json" - name: Upload SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: container-sbom-spdx path: "/tmp/container-sbom.spdx.json" @@ -94,13 +94,13 @@ jobs: requirements.txt - name: Upload CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: application-sbom-cyclonedx path: "/tmp/application-sbom.cdx.json" - name: Upload SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: application-sbom-spdx path: "/tmp/application-sbom.spdx.json" @@ -212,7 +212,7 @@ jobs: /tmp/augmented_application-sbom.spdx.tmp > /tmp/augmented_application-sbom.spdx.json - name: Upload Augmented SBOMs - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: augmented-sboms path: "/tmp/augmented_*.json" @@ -249,7 +249,7 @@ jobs: augmented-sboms/augmented_application-sbom.spdx.json > /tmp/enriched_application-sbom.spdx.json - name: Upload Enriched SBOMs - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: enriched-sboms path: "/tmp/enriched_*.json" diff --git a/.github/workflows/phase_2_kubectl.yml b/.github/workflows/phase_2_kubectl.yml index f0b635e..ac19a43 100644 --- a/.github/workflows/phase_2_kubectl.yml +++ b/.github/workflows/phase_2_kubectl.yml @@ -50,13 +50,13 @@ jobs: kubectl-${KUBECTL_TAG} - name: Upload Generated CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: generated-kubectl-sbom-cyclonedx path: "/tmp/generated-kubectl-sbom.cdx.json" - name: Upload Generated SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: generated-kubectl-sbom-spdx path: "/tmp/generated-kubectl-sbom.spdx.json" @@ -115,13 +115,13 @@ jobs: augmented_kubectl-sbom.cdx.json > /tmp/augmented_kubectl-sbom.cdx.json - name: Upload Augmented SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: augmented-kubectl-sbom-spdx path: "/tmp/augmented_kubectl-sbom.spdx.json" - name: Upload Augmented CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: augmented-kubectl-sbom-cyclonedx path: "/tmp/augmented_kubectl-sbom.cdx.json" @@ -152,13 +152,13 @@ jobs: augmented-kubectl-sbom-spdx/augmented_kubectl-sbom.spdx.json > /tmp/enriched_kubectl-sbom.spdx.json - name: Upload Enriched SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: enriched-kubectl-sbom-spdx path: "/tmp/enriched_kubectl-sbom.spdx.json" - name: Upload Enriched CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: enriched-kubectl-sbom-cyclonedx path: "/tmp/enriched_kubectl-sbom.cdx.json" @@ -169,13 +169,13 @@ jobs: cp /tmp/enriched_kubectl-sbom.cdx.json /tmp/final_kubectl-sbom.cdx.json - name: Upload Final SPDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: final-kubectl-sbom-spdx path: "/tmp/final_kubectl-sbom.spdx.json" - name: Upload Final CycloneDX SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: final-kubectl-sbom-cyclonedx path: "/tmp/final_kubectl-sbom.cdx.json" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 891b6da..93b964a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v3.pre.node20 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v3.pre.node20 with: name: SARIF file path: results.sarif