From cb4d8a1e7e6b8da87dbddd2f6302a44d6789a9e7 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 27 May 2024 04:29:05 +0200 Subject: [PATCH] chore(deps): update workflows (major) (#897) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | major | `v5.3.0` -> `v6.0.1` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | major | `v1.10.0` -> `v2.0.0` | --- ### Release Notes
golangci/golangci-lint-action (golangci/golangci-lint-action) ### [`v6.0.1`](https://togithub.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1) [Compare Source](https://togithub.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1) ### [`v6.0.0`](https://togithub.com/golangci/golangci-lint-action/releases/tag/v6.0.0) [Compare Source](https://togithub.com/golangci/golangci-lint-action/compare/v5.3.0...v6.0.0) #### What's Changed This version removes `annotations` option (because it was useless), and removes the default output format (`github-actions`). The annotations are still produced but with another approach. ##### Changes - feat: rewrite format handling by [@​ldez](https://togithub.com/ldez) in [https://github.com/golangci/golangci-lint-action/pull/1038](https://togithub.com/golangci/golangci-lint-action/pull/1038) ##### Dependencies - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 7.7.1 to 7.8.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1034](https://togithub.com/golangci/golangci-lint-action/pull/1034) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.12.7 to 20.12.8 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1036](https://togithub.com/golangci/golangci-lint-action/pull/1036) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.7.1 to 7.8.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1035](https://togithub.com/golangci/golangci-lint-action/pull/1035) **Full Changelog**: https://github.com/golangci/golangci-lint-action/compare/v5.3.0...v6.0.0
slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator) ### [`v2.0.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v200) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0) ##### v2.0.0: Breaking Change: upload-artifact and download-artifact - Our workflows now use the new `@v4`s of `actions/upload-artifact` and `actions/download-artifact`, which are incompatiblle with the prior `@v3`. See Our docs on the [generic generator](./internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact) for more information and how to upgrade. ##### v2.0.0: Breaking Change: attestation-name Workflow Input and Output - `attestation-name` as a workflow input to `.github/workflows/generator_generic_slsa3.yml` is now removed. Use `provenance-name` instead. ##### v2.0.0: DSSE Rekor Type - When uploading signed provenance to the log, the entry created in the log is now a DSSE Rekor type. This fixes a bug where the current intoto type does not persist provenance signatures. The attestation will no longer be persisted in Rekor ([#​3299](https://togithub.com/slsa-framework/slsa-github-generator/issues/3299))
--- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). --- .github/workflows/goreleaser.yml | 2 +- .github/workflows/lint-action/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index abfccf9cbab..72ac495e345 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -61,7 +61,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release diff --git a/.github/workflows/lint-action/action.yml b/.github/workflows/lint-action/action.yml index 4b627e8c176..c4ebd6494a8 100644 --- a/.github/workflows/lint-action/action.yml +++ b/.github/workflows/lint-action/action.yml @@ -19,7 +19,7 @@ runs: using: composite steps: - name: Run golangci-lint - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version version: v1.56.2