From c60d9869da0e588365dc9b41c75f4e6043a35515 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Mar 2025 23:14:04 +0000 Subject: [PATCH] Bump the github-actions group across 2 directories with 6 updates Bumps the github-actions group with 1 update in the /.github/actions/prepare directory: [actions/setup-python](https://github.com/actions/setup-python). Bumps the github-actions group with 5 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [actions/cache](https://github.com/actions/cache) | `4.2.0` | `4.2.2` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.3.1` | `5.4.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.13.0` | `6.15.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.6.1` | `5.7.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.8` | `3.28.10` | Updates `actions/setup-python` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0b93645e9fea7318ecaed2b359559ac225c90a2b...42375524e23c412d93fb67b49958b491fce71c38) Updates `actions/cache` from 4.2.0 to 4.2.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/1bd1e32a3bdc45362d1e726936510720a7c30a57...d4323d4df104b026a6aa633fdb11d772146be0bf) Updates `codecov/codecov-action` from 5.3.1 to 5.4.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3...0565863a31f2c772f9f0395002a31e3f06189574) Updates `docker/build-push-action` from 6.13.0 to 6.15.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/ca877d9245402d1537745e0e356eab47c3520991...471d1dc4e07e5cdedd4c2171150001c434f0b7a4) Updates `docker/metadata-action` from 5.6.1 to 5.7.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/369eb591f429131d6889c46b94e711f089e6ca96...902fa8ec7d6ecbf8d84d538b9b233a880e428804) Updates `github/codeql-action` from 3.28.8 to 3.28.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/actions/prepare/action.yml | 2 +- .github/workflows/cicd.yml | 14 +++++++------- .github/workflows/codeql.yml | 6 +++--- .github/workflows/docker-rebuild.yml | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/actions/prepare/action.yml b/.github/actions/prepare/action.yml index e8ba0625..1fb38eca 100644 --- a/.github/actions/prepare/action.yml +++ b/.github/actions/prepare/action.yml @@ -23,7 +23,7 @@ runs: restore-keys: | poetry-installation-and-cache-${{ inputs.python-version }}-${{ inputs.poetry-version }}- - name: Set up Python ${{ inputs.python-version }} - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: ${{ inputs.python-version }} - name: Install Poetry diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 6ce71cb3..13a6829d 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -109,12 +109,12 @@ jobs: poetry run pytest --cov=./ --cov-report xml --cov-append -m slow fi - name: Upload coverage to Codecov - uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 + uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Save cache if: steps.prepare.outputs.cache-matched-key != format('poetry-installation-and-cache-{0}-{1}-{2}', matrix.python-version, env.POETRY_VERSION, hashFiles('**/poetry.lock')) - uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 with: path: | ~/.cache/pipx/venvs @@ -129,7 +129,7 @@ jobs: timeout-minutes: 15 steps: - name: "Build image for testing" - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: false tags: test-image @@ -152,13 +152,13 @@ jobs: password: ${{ secrets.YHTEENTOIMIVUUSPALVELUT_QUAY_IO_PASSWORD }} - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: quay.io/natlibfi/annif tags: | latest - name: Build and push to Quay.io - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: true tags: ${{ steps.meta.outputs.tags }} @@ -191,7 +191,7 @@ jobs: password: ${{ secrets.YHTEENTOIMIVUUSPALVELUT_QUAY_IO_PASSWORD }} - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: quay.io/natlibfi/annif tags: | @@ -199,7 +199,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - name: Build and push to Quay.io - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: true tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b26efe8d..26a2a791 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,15 +30,15 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/docker-rebuild.yml b/.github/workflows/docker-rebuild.yml index dbbc7aac..65860ac1 100644 --- a/.github/workflows/docker-rebuild.yml +++ b/.github/workflows/docker-rebuild.yml @@ -10,7 +10,7 @@ jobs: timeout-minutes: 15 steps: - name: "Build for testing" - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: false tags: test-image @@ -25,7 +25,7 @@ jobs: password: ${{ secrets.YHTEENTOIMIVUUSPALVELUT_QUAY_IO_PASSWORD }} - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: quay.io/natlibfi/annif flavor: | @@ -35,7 +35,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - name: Build and push to Quay.io - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: true tags: ${{ steps.meta.outputs.tags }}