Skip to content

Commit

Permalink
chore(deps): update workflows (major) (#897)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action)
| action | major | `v5.3.0` -> `v6.0.1` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | major | `v1.10.0` -> `v2.0.0` |

---

### Release Notes

<details>
<summary>golangci/golangci-lint-action
(golangci/golangci-lint-action)</summary>

###
[`v6.0.1`](https://togithub.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1)

[Compare
Source](https://togithub.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1)

###
[`v6.0.0`](https://togithub.com/golangci/golangci-lint-action/releases/tag/v6.0.0)

[Compare
Source](https://togithub.com/golangci/golangci-lint-action/compare/v5.3.0...v6.0.0)

<!-- Release notes generated using configuration in .github/release.yml
at v6.0.0 -->

#### What's Changed

This version removes `annotations` option (because it was useless), and
removes the default output format (`github-actions`).
The annotations are still produced but with another approach.

##### Changes

- feat: rewrite format handling by
[@&#8203;ldez](https://togithub.com/ldez) in
[https://github.com/golangci/golangci-lint-action/pull/1038](https://togithub.com/golangci/golangci-lint-action/pull/1038)

##### Dependencies

- build(deps-dev): bump
[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)
from 7.7.1 to 7.8.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1034](https://togithub.com/golangci/golangci-lint-action/pull/1034)
- build(deps): bump
[@&#8203;types/node](https://togithub.com/types/node) from 20.12.7 to
20.12.8 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1036](https://togithub.com/golangci/golangci-lint-action/pull/1036)
- build(deps-dev): bump
[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
from 7.7.1 to 7.8.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1035](https://togithub.com/golangci/golangci-lint-action/pull/1035)

**Full Changelog**:
golangci/golangci-lint-action@v5.3.0...v6.0.0

</details>

<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>

###
[`v2.0.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v200)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0)

##### v2.0.0: Breaking Change: upload-artifact and download-artifact

- Our workflows now use the new `@v4`s of `actions/upload-artifact` and
`actions/download-artifact`, which are incompatiblle with the prior
`@v3`. See Our docs on the [generic
generator](./internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact)
for more information and how to upgrade.

##### v2.0.0: Breaking Change: attestation-name Workflow Input and
Output

- `attestation-name` as a workflow input to
`.github/workflows/generator_generic_slsa3.yml` is now removed. Use
`provenance-name` instead.

##### v2.0.0: DSSE Rekor Type

- When uploading signed provenance to the log, the entry created in the
log is now
a DSSE Rekor type. This fixes a bug where the current intoto type does
not
persist provenance signatures. The attestation will no longer be
persisted
in Rekor
([#&#8203;3299](https://togithub.com/slsa-framework/slsa-github-generator/issues/3299))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM0MC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
  • Loading branch information
renovate-bot authored May 27, 2024
1 parent b178a88 commit 804589a
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ jobs:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
upload-assets: true # upload to a new release
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint-action/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ runs:
using: composite
steps:
- name: Run golangci-lint
uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.56.2

0 comments on commit 804589a

Please sign in to comment.