From b95b15b578464271f9f6217d2510efbd6337abc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 23:29:47 +0000 Subject: [PATCH 1/5] Bump docker/metadata-action from 4 to 5 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4 to 5. - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/docker/metadata-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 68daf2d81..26b3aa4fb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -22,7 +22,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: line/promgen tags: | From e938a53bb84ef74e7b69dbbb8b4705b7aa50ed16 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 23:29:33 +0000 Subject: [PATCH 2/5] Bump docker/login-action from 2 to 3 Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 26b3aa4fb..3e931908a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -33,7 +33,7 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} From 1c6d6a30e6b689c033b152566dcda3cc2c8027ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 23:29:52 +0000 Subject: [PATCH 3/5] Bump docker/build-push-action from 4 to 5 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 3e931908a..28ca410c3 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -39,7 +39,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . push: ${{ github.event_name != 'pull_request' }} From e56aa7ad4203d1552da1b1b81acc576751426086 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 23:29:42 +0000 Subject: [PATCH 4/5] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/django.yml | 2 +- .github/workflows/docker.yml | 2 +- .github/workflows/sphinx.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/django.yml b/.github/workflows/django.yml index df1613519..f769c7585 100644 --- a/.github/workflows/django.yml +++ b/.github/workflows/django.yml @@ -36,7 +36,7 @@ jobs: --health-retries=3 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 28ca410c3..d69e1e5b9 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Docker meta id: meta diff --git a/.github/workflows/sphinx.yml b/.github/workflows/sphinx.yml index e905b22fe..1a5f77f7c 100644 --- a/.github/workflows/sphinx.yml +++ b/.github/workflows/sphinx.yml @@ -21,7 +21,7 @@ jobs: python-version: ["3.9"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} From 1e1d5d60f80c7921ce3d9e44b3acecddc643722a Mon Sep 17 00:00:00 2001 From: Paul Traylor Date: Wed, 8 Nov 2023 15:46:42 +0900 Subject: [PATCH 5/5] Be a bit more strict with actions version To be very secure, we should pin all to a commit SHA [1] but I think this might be a reasonable compromise since we're only using actions from well known organizations. [1]: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions --- .github/workflows/django.yml | 4 ++-- .github/workflows/docker.yml | 8 ++++---- .github/workflows/sphinx.yml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/django.yml b/.github/workflows/django.yml index f769c7585..78107a9b0 100644 --- a/.github/workflows/django.yml +++ b/.github/workflows/django.yml @@ -36,8 +36,8 @@ jobs: --health-retries=3 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4.1.1 + - uses: actions/setup-python@v4.7.1 with: python-version: ${{ matrix.python-version }} cache: pip diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d69e1e5b9..bd80a125c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -18,11 +18,11 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v5.0.0 with: images: line/promgen tags: | @@ -33,13 +33,13 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v3.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v5.0.0 with: context: . push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/sphinx.yml b/.github/workflows/sphinx.yml index 1a5f77f7c..18c0504e8 100644 --- a/.github/workflows/sphinx.yml +++ b/.github/workflows/sphinx.yml @@ -21,8 +21,8 @@ jobs: python-version: ["3.9"] steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4.1.1 + - uses: actions/setup-python@v4.7.1 with: python-version: ${{ matrix.python-version }} cache: pip @@ -40,7 +40,7 @@ jobs: SECRET_KEY: github-actions - name: Upload pages artifact - uses: actions/upload-pages-artifact@v2 + uses: actions/upload-pages-artifact@v2.0.0 with: path: 'dist/html' @@ -59,4 +59,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v2 + uses: actions/deploy-pages@v2.0.4