Skip to content

Commit

Permalink
chore(deps): update maru support dependencies (#128)
Browse files Browse the repository at this point in the history
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token)
| action | minor | `v1.10.3` -> `v1.11.0` |
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | patch | `v4.0.3` -> `v4.0.4` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | minor | `v4.3.4` -> `v4.4.0` |
| [anchore/sbom-action](https://redirect.github.com/anchore/sbom-action)
| action | minor | `v0.16.1` -> `v0.17.2` |
|
[docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action)
| action | minor | `v3.4.0` -> `n/a` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v3.25.12` -> `v3.26.8` |
| morphy/revive-action | docker | digest | `087d4e6` -> `540bffd` |
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | minor | `v2.3.3` -> `v2.4.0` |
|
[sigstore/cosign-installer](https://redirect.github.com/sigstore/cosign-installer)
| action | minor | `v3.5.0` -> `n/a` |
| [zarf-dev/zarf](https://redirect.github.com/zarf-dev/zarf) | | minor |
`v0.39.0` -> `v0.40.1` |

---

### Release Notes

<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>

###
[`v1.11.0`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.0)

[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.10.4...v1.11.0)

##### What's Changed

##### Features

- Allow repositories input to be comma or newline-separated by
[@&#8203;peter-evans](https://redirect.github.com/peter-evans) in
[https://github.com/actions/create-github-app-token/pull/169](https://redirect.github.com/actions/create-github-app-token/pull/169)

##### New Contributors

- [@&#8203;peter-evans](https://redirect.github.com/peter-evans) made
their first contribution in
[https://github.com/actions/create-github-app-token/pull/169](https://redirect.github.com/actions/create-github-app-token/pull/169)

**Full Changelog**:
actions/create-github-app-token@v1.10.4...v1.11.0

###
[`v1.10.4`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.10.4)

[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.10.3...v1.10.4)

##### Bug Fixes

- **deps:** bump the production-dependencies group across 1 directory
with 3 updates
([#&#8203;166](https://redirect.github.com/actions/create-github-app-token/issues/166))
([e177c20](https://redirect.github.com/actions/create-github-app-token/commit/e177c20e0f736e68f4a37ffee6aa32c73da13988)),
closes
[#&#8203;641](https://redirect.github.com/actions/create-github-app-token/issues/641)
[#&#8203;641](https://redirect.github.com/actions/create-github-app-token/issues/641)
[#&#8203;639](https://redirect.github.com/actions/create-github-app-token/issues/639)
[#&#8203;638](https://redirect.github.com/actions/create-github-app-token/issues/638)
[#&#8203;637](https://redirect.github.com/actions/create-github-app-token/issues/637)
[#&#8203;636](https://redirect.github.com/actions/create-github-app-token/issues/636)
[#&#8203;633](https://redirect.github.com/actions/create-github-app-token/issues/633)
[#&#8203;632](https://redirect.github.com/actions/create-github-app-token/issues/632)
[#&#8203;631](https://redirect.github.com/actions/create-github-app-token/issues/631)
[#&#8203;630](https://redirect.github.com/actions/create-github-app-token/issues/630)
[#&#8203;629](https://redirect.github.com/actions/create-github-app-token/issues/629)
[#&#8203;714](https://redirect.github.com/actions/create-github-app-token/issues/714)
[#&#8203;711](https://redirect.github.com/actions/create-github-app-token/issues/711)
[#&#8203;714](https://redirect.github.com/actions/create-github-app-token/issues/714)
[#&#8203;716](https://redirect.github.com/actions/create-github-app-token/issues/716)
[#&#8203;711](https://redirect.github.com/actions/create-github-app-token/issues/711)
[#&#8203;712](https://redirect.github.com/actions/create-github-app-token/issues/712)
[#&#8203;710](https://redirect.github.com/actions/create-github-app-token/issues/710)
[#&#8203;709](https://redirect.github.com/actions/create-github-app-token/issues/709)
[#&#8203;708](https://redirect.github.com/actions/create-github-app-token/issues/708)
[#&#8203;702](https://redirect.github.com/actions/create-github-app-token/issues/702)
[#&#8203;706](https://redirect.github.com/actions/create-github-app-token/issues/706)
[#&#8203;3458](https://redirect.github.com/actions/create-github-app-token/issues/3458)
[#&#8203;3461](https://redirect.github.com/actions/create-github-app-token/issues/3461)
[#&#8203;3460](https://redirect.github.com/actions/create-github-app-token/issues/3460)
[#&#8203;3454](https://redirect.github.com/actions/create-github-app-token/issues/3454)
[#&#8203;3450](https://redirect.github.com/actions/create-github-app-token/issues/3450)
[#&#8203;3445](https://redirect.github.com/actions/create-github-app-token/issues/3445)

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v4.0.4`](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4)

[Compare
Source](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)

###
[`v4.3.6`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

###
[`v4.3.5`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

</details>

<details>
<summary>anchore/sbom-action (anchore/sbom-action)</summary>

###
[`v0.17.2`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.2)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.1...v0.17.2)

#### Changes in v0.17.2

- Update Syft to v1.11.1
([#&#8203;485](https://redirect.github.com/anchore/sbom-action/issues/485))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

###
[`v0.17.1`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.1)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.0...v0.17.1)

#### Changes in v0.17.1

- chore(deps): update Syft to v1.11.0
([#&#8203;483](https://redirect.github.com/anchore/sbom-action/issues/483))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

###
[`v0.17.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.0)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.16.1...v0.17.0)

#### Changes in v0.17.0

- chore(deps): update Syft to v1.9.0
([#&#8203;479](https://redirect.github.com/anchore/sbom-action/issues/479))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

</details>

<details>
<summary>docker/setup-buildx-action
(docker/setup-buildx-action)</summary>

###
[`v3.6.1`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v3.6.1)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1)

- Check for malformed docker context by
[@&#8203;crazy-max](https://redirect.github.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/347](https://redirect.github.com/docker/setup-buildx-action/pull/347)

**Full Changelog**:
docker/setup-buildx-action@v3.6.0...v3.6.1

###
[`v3.6.0`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v3.6.0)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0)

- Create temp docker context if default one has TLS data loaded before
creating a container builder by
[@&#8203;crazy-max](https://redirect.github.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/341](https://redirect.github.com/docker/setup-buildx-action/pull/341)

**Full Changelog**:
docker/setup-buildx-action@v3.5.0...v3.6.0

###
[`v3.5.0`](https://redirect.github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.26.8`](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8)

###
[`v3.26.7`](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)

###
[`v3.26.6`](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)

###
[`v3.26.5`](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)

###
[`v3.26.4`](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4)

###
[`v3.26.3`](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3)

###
[`v3.26.2`](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2)

###
[`v3.26.1`](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1)

###
[`v3.26.0`](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0)

###
[`v3.25.15`](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14)

###
[`v3.25.13`](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0).
Of special note to Scorecard Action is the Maintainer Annotation
feature, which can be used to suppress some Code Scanning false
positives. Alerts will not be generated for any Scorecard Check with an
annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.6.0`](https://redirect.github.com/sigstore/cosign-installer/releases/tag/v3.6.0)

[Compare
Source](https://redirect.github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0)

#### What's Changed

- Bump actions/checkout from 4.1.2 to 4.1.3 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/161](https://redirect.github.com/sigstore/cosign-installer/pull/161)
- Bump actions/checkout from 4.1.3 to 4.1.4 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/162](https://redirect.github.com/sigstore/cosign-installer/pull/162)
- Bump actions/setup-go from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/163](https://redirect.github.com/sigstore/cosign-installer/pull/163)
- Bump actions/checkout from 4.1.4 to 4.1.5 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/164](https://redirect.github.com/sigstore/cosign-installer/pull/164)
- Bump actions/checkout from 4.1.5 to 4.1.6 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/165](https://redirect.github.com/sigstore/cosign-installer/pull/165)
- Bump actions/checkout from 4.1.6 to 4.1.7 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/166](https://redirect.github.com/sigstore/cosign-installer/pull/166)
- Bump actions/setup-go from 5.0.1 to 5.0.2 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/167](https://redirect.github.com/sigstore/cosign-installer/pull/167)
- pin public key used for verification by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/169](https://redirect.github.com/sigstore/cosign-installer/pull/169)
- bump default version to v2.4.0 release by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/168](https://redirect.github.com/sigstore/cosign-installer/pull/168)
- update readme for new release by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/170](https://redirect.github.com/sigstore/cosign-installer/pull/170)

**Full Changelog**:
sigstore/cosign-installer@v3...v3.6.0

</details>

<details>
<summary>zarf-dev/zarf (zarf-dev/zarf)</summary>

###
[`v0.40.1`](https://redirect.github.com/zarf-dev/zarf/compare/v0.40.0...v0.40.1)

[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.40.0...v0.40.1)

###
[`v0.40.0`](https://redirect.github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.0)

[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/maru-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzEuNCIsInVwZGF0ZWRJblZlciI6IjM4LjgwLjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <me@racer159.com>
  • Loading branch information
renovate[bot] and Racer159 authored Sep 20, 2024
1 parent d4fa708 commit 5062dc5
Show file tree
Hide file tree
Showing 8 changed files with 13 additions and 19 deletions.
10 changes: 2 additions & 8 deletions .github/actions/install-tools/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,5 @@ description: "Install pipeline tools"
runs:
using: composite
steps:
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0

- uses: anchore/sbom-action/download-syft@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1

- run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
shell: bash

- uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
# used by goreleaser to create SBOMs
- uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
2 changes: 1 addition & 1 deletion .github/actions/save-logs/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: "Save debug logs"
runs:
using: composite
steps:
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: debug-log
path: /tmp/maru-*.log
2 changes: 1 addition & 1 deletion .github/actions/zarf/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ runs:
- uses: defenseunicorns/setup-zarf@main
with:
# renovate: datasource=github-tags depName=zarf-dev/zarf
version: v0.39.0
version: v0.40.1
2 changes: 1 addition & 1 deletion .github/workflows/commitlint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4

- name: Install commitlint
run: npm install --save-dev @commitlint/{config-conventional,cli}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
# Upload the contents of the build directory for later stages to use
- name: Upload build artifacts
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: build-artifacts
path: build/
Expand Down Expand Up @@ -104,7 +104,7 @@ jobs:
- name: Get Brew tap repo token
id: brew-tap-token
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/scan-codeql.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
run: make build-cli-linux-amd

- name: Initialize CodeQL
uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
env:
CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
with:
Expand All @@ -54,6 +54,6 @@ jobs:


- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
with:
category: "/language:${{matrix.language}}"
2 changes: 1 addition & 1 deletion .github/workflows/scan-lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
extra_args: --all-files --verbose # pre-commit run --all-files --verbose

- name: Run Revive Action by pulling pre-built image
uses: docker://morphy/revive-action:v2@sha256:087d4e61077087755711ab7e9fae3cc899b7bb07ff8f6a30c3dfb240b1620ae8
uses: docker://morphy/revive-action:v2@sha256:540bffd78895d1525b034b861d29edcb96577bcb3b187a5199342dc8656034ee
with:
config: revive.toml
# Exclude patterns, separated by semicolons (optional)
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/scorecard.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
Expand All @@ -37,14 +37,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
with:
sarif_file: results.sarif

0 comments on commit 5062dc5

Please sign in to comment.