Skip to content

chore(deps): update github actions (feature/geti-inspect) #3163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
oep-renovate wants to merge 1 commit into
base: feature/geti-inspect
Choose a base branch
from
+84 −84
Open

chore(deps): update github actions (feature/geti-inspect) #3163

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/actions/pytest/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,14 +94,14 @@ runs:
steps:
# Set up Python with pip caching
- name: Set up Python environment
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6
with:
python-version: ${{ inputs.python-version }}
cache: ${{ inputs.enable-cache == 'true' && 'pip' || '' }}
cache-dependency-path: ${{ inputs.enable-cache == 'true' && 'pyproject.toml' || '' }}

- name: Set up uv
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5

# Create and configure virtual environment
- name: Configure virtual environment
Expand Down Expand Up @@ -189,7 +189,7 @@ runs:

- name: Upload test results
if: always() && steps.test-execution.outcome == 'failure'
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: pytest-results-${{ inputs.test-type }}
path: pytest_output.log
Expand Down
6 changes: 3 additions & 3 deletions .github/actions/security/bandit/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ runs:
using: composite
steps:
- name: Set up Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
with:
python-version: "3.10"

Expand Down Expand Up @@ -163,13 +163,13 @@ runs:
# Upload results after full scope analysis
- name: Upload reports
if: hashFiles('bandit-report.*') != '' # if any report is available
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: bandit-results
path: bandit-report.*
retention-days: 7
- name: Upload sarif
if: hashFiles('bandit-report.sarif') != '' # if SARIF is available, upload it
uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
with:
sarif_file: bandit-report.sarif
2 changes: 1 addition & 1 deletion .github/actions/security/clamav/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ runs:
# Upload results
- name: Upload reports
if: hashFiles('security-results/clamav*') != '' # if any report is available
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: clamav-results
path: security-results/clamav
Expand Down
4 changes: 2 additions & 2 deletions .github/actions/security/trivy/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,13 +220,13 @@ runs:
# Upload results after full scope analysis
- name: Upload reports
if: hashFiles('security-results/trivy/*') != '' # if any report is available
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: trivy-results
path: security-results/trivy
retention-days: 7
- name: Upload sarif
if: hashFiles('security-results/trivy/trivy-results.sarif') != '' # if SARIF is available, upload it
uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
with:
sarif_file: security-results/trivy/trivy-results.sarif
6 changes: 3 additions & 3 deletions .github/actions/security/zizmor/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ runs:
using: composite
steps:
- name: Install uv
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
with:
enable-cache: true
activate-environment: true
Expand Down Expand Up @@ -137,13 +137,13 @@ runs:
# Upload results after full scope analysis
- name: Upload reports
if: hashFiles('zizmor-report.*') != '' # if any report is available
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: zizmor-results
path: zizmor-report.*
retention-days: 7
- name: Upload sarif
if: hashFiles('zizmor-report.sarif') != '' # if SARIF is available, upload it
uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
with:
sarif_file: zizmor-report.sarif
6 changes: 3 additions & 3 deletions .github/workflows/_reusable-artifact-builder.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,10 +78,10 @@ jobs:
outputs:
artifact-name: ${{ steps.set-artifact-name.outputs.name }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false
- uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6
with:
python-version: ${{ inputs.python-version }}
- name: Build package
Expand All @@ -96,7 +96,7 @@ jobs:
- name: Set artifact name
id: set-artifact-name
run: echo "name=dist-$(date +%s)" >> $GITHUB_OUTPUT
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: ${{ steps.set-artifact-name.outputs.name }}
path: dist/
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/_reusable-code-quality.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,9 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
fetch-depth: 0
lfs: true
persist-credentials: false
- uses: j178/prek-action@ef075ff6f80a73aeb8facb7dd22f66f344b1d17a # v1
- uses: j178/prek-action@91fd7d7cf70ae1dee9f4f44e7dfa5d1073fe6623 # v1
4 changes: 2 additions & 2 deletions .github/workflows/_reusable-pr-title-check.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 +60,12 @@ jobs:
timeout-minutes: 5
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6
with:
python-version: ${{ inputs.python-version }}
cache: pip
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/_reusable-production-release-process.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,13 +92,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download artifacts
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
with:
name: ${{ inputs.artifact-name }}
path: dist

- name: Upload for production release
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: production-release-artifacts
path: dist/
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/_reusable-rc-release-process.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,27 +86,27 @@ jobs:
echo "url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_OUTPUT

- name: Download build artifacts
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
with:
name: ${{ inputs.artifact-name }}
path: dist

- name: Download test results
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
with:
pattern: "*-test-results"
merge-multiple: true
path: test-results

- name: Download security results
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
with:
pattern: "*-security-results"
merge-multiple: true
path: security-results

- name: Download quality results
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
with:
pattern: "*-quality-results"
merge-multiple: true
Expand Down Expand Up @@ -176,7 +176,7 @@ jobs:
EOF

- name: Upload technical review report
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: technical-review-report
path: technical-review-report.md
Expand All @@ -194,7 +194,7 @@ jobs:
echo "url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_OUTPUT

- name: Download technical review report
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
with:
name: technical-review-report
path: qa-review
Expand Down Expand Up @@ -224,7 +224,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download technical review report
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
with:
name: technical-review-report

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/_reusable-release-publisher.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,13 +85,13 @@ jobs:
contents: write # is required by action-gh-release
id-token: write # Required for OIDC authentication with PyPI
steps:
- uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
with:
name: ${{ inputs.artifact-name }}
path: dist
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
- uses: softprops/action-gh-release@62c96d0c4e8a889135c1f3a25910db8dbe0e85f7 # v2.3.4
- uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
with:
tag_name: ${{ inputs.version }}
name: Release ${{ inputs.version }}
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/_reusable-security-scan.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ jobs:
if: contains(inputs.tools, 'bandit')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false
- name: Run Bandit scan
Expand All @@ -94,12 +94,12 @@ jobs:
if: contains(inputs.tools, 'semgrep')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false
fetch-depth: 0
- name: Run Semgrep scan
uses: open-edge-platform/geti-ci/actions/semgrep@4ec90fb54c7be053e40b9e3ecdf399cf501596ca
uses: open-edge-platform/geti-ci/actions/semgrep@afe1729816efe6eb87b6b3a5643ad8aa44fba5ee
with:
scan-scope: ${{ inputs.scan-scope }}
severity: ${{ inputs.severity-level }}
Expand All @@ -109,7 +109,7 @@ jobs:
if: contains(inputs.tools, 'trivy')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
fetch-depth: 0 # Required for changed files detection
persist-credentials: false
Expand All @@ -131,7 +131,7 @@ jobs:
if: contains(inputs.tools, 'clamav')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false
- name: Run ClamAV scan
Expand All @@ -144,7 +144,7 @@ jobs:
if: contains(inputs.tools, 'zizmor')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false
- name: Run Zizmor scan
Expand Down Expand Up @@ -176,7 +176,7 @@ jobs:

# Download artifacts with error handling
- name: Download all results
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
continue-on-error: true # Don't fail if some tools didn't generate results
with:
pattern: "*-results"
Expand All @@ -186,7 +186,7 @@ jobs:
# Only upload if there are files
- name: Upload combined results
if: hashFiles('all-results/**/*') != ''
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: security-scan-results
path: all-results
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/_reusable-test-suite.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ jobs:
run: |
nvidia-smi || echo "::error::No GPU found"

- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false
- name: Run tests
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/_reusable-version-bump.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,14 +106,14 @@ jobs:
version-changed: ${{ steps.bump.outputs.version_changed }}
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
fetch-depth: 0
token: ${{ secrets.github-token }}
persist-credentials: true

- name: Set up Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6
with:
python-version: ${{ inputs.python-version }}
cache: pip
Expand Down Expand Up @@ -173,7 +173,7 @@ jobs:

- name: Create Pull Request
if: steps.check-bump.outputs.version_needs_bump == 'true' && inputs.create-pr && !inputs.dry-run
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
with:
token: ${{ secrets.github-token }}
commit-message: "chore(release): bump version to ${{ steps.bump.outputs.new_version }}"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/_reusable-version-check.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ jobs:
version: ${{ steps.get-version.outputs.version }}
is_prerelease: ${{ steps.check-prerelease.outputs.is_prerelease }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false
- name: Validate version
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,24 +31,24 @@ jobs:

steps:
- name: Harden the runner (audit all outbound calls)
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
queries: security-extended

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
with:
category: "/language:${{matrix.language}}"
Loading
Loading