From fc31b8f4ff7cb3dabe1fcb9e44e7be746e6561da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Nov 2023 09:07:51 +0000 Subject: [PATCH] chore(deps): bump the github-actions group with 11 updates Bumps the github-actions group with 11 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `2` | `3` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2` | `3` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `4.6.0` | `5.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `2` | `3` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `4` | `5` | | [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) | `2.3.0` | `2.3.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.1.1` | `3.2.0` | | [crazy-max/ghaction-upx](https://github.com/crazy-max/ghaction-upx) | `2` | `3` | | [cachix/install-nix-action](https://github.com/cachix/install-nix-action) | `22` | `23` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `4` | `5` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) Updates `docker/setup-qemu-action` from 2 to 3 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3) Updates `docker/setup-buildx-action` from 2 to 3 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) Updates `docker/metadata-action` from 4.6.0 to 5.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/docker/metadata-action/compare/v4.6.0...v5.0.0) Updates `docker/login-action` from 2 to 3 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2...v3) Updates `docker/build-push-action` from 4 to 5 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4...v5) Updates `contributor-assistant/github-action` from 2.3.0 to 2.3.1 - [Release notes](https://github.com/contributor-assistant/github-action/releases) - [Commits](https://github.com/contributor-assistant/github-action/compare/v2.3.0...v2.3.1) Updates `sigstore/cosign-installer` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.1.1...v3.2.0) Updates `crazy-max/ghaction-upx` from 2 to 3 - [Release notes](https://github.com/crazy-max/ghaction-upx/releases) - [Commits](https://github.com/crazy-max/ghaction-upx/compare/v2...v3) Updates `cachix/install-nix-action` from 22 to 23 - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v22...v23) Updates `goreleaser/goreleaser-action` from 4 to 5 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: contributor-assistant/github-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: crazy-max/ghaction-upx dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-assign-issue.yml | 2 +- .github/workflows/auto-gh-pr.yml | 2 +- .github/workflows/auto-tag.yml | 2 +- .github/workflows/build-docker-image.yml | 36 ++++++++++++------------ .github/workflows/chatci.yml | 2 +- .github/workflows/check-coverage.yml | 2 +- .github/workflows/cla.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/depsreview.yaml | 2 +- .github/workflows/docker-buildx.yml | 16 +++++------ .github/workflows/gosec.yml | 2 +- .github/workflows/release.yml | 20 ++++++------- .github/workflows/scripts-test.yml | 2 +- .github/workflows/sync-release.yml | 2 +- .github/workflows/sync.yml | 2 +- 15 files changed, 48 insertions(+), 48 deletions(-) diff --git a/.github/workflows/auto-assign-issue.yml b/.github/workflows/auto-assign-issue.yml index d87a571d..d92fc968 100644 --- a/.github/workflows/auto-assign-issue.yml +++ b/.github/workflows/auto-assign-issue.yml @@ -27,7 +27,7 @@ jobs: issues: write steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Assign the issue run: | diff --git a/.github/workflows/auto-gh-pr.yml b/.github/workflows/auto-gh-pr.yml index 0913655c..d6ea7494 100644 --- a/.github/workflows/auto-gh-pr.yml +++ b/.github/workflows/auto-gh-pr.yml @@ -29,7 +29,7 @@ jobs: if: github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/auto-tag.yml b/.github/workflows/auto-tag.yml index e50ab4ed..69d88c2c 100644 --- a/.github/workflows/auto-tag.yml +++ b/.github/workflows/auto-tag.yml @@ -26,7 +26,7 @@ jobs: if: startsWith(github.event.comment.body, '/create tag') steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Validate version number and get comment id: validate diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml index e7af04f2..eabe3a93 100644 --- a/.github/workflows/build-docker-image.yml +++ b/.github/workflows/build-docker-image.yml @@ -32,16 +32,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 # docker.io/openim/openim-chat:latest - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@v5.0.0 with: images: openim/openim-chat # generate Docker tags based on the following events/attributes @@ -55,13 +55,13 @@ jobs: type=sha - name: Log in to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push Docker image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . # linux/ppc64le,linux/s390x @@ -74,27 +74,27 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 # registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-chat:latest - name: Extract metadata (tags, labels) for Docker id: meta2 - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@v5.0.0 with: images: registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-chat - name: Log in to AliYun Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: registry.cn-hangzhou.aliyuncs.com username: ${{ secrets.ALIREGISTRY_USERNAME }} password: ${{ secrets.ALIREGISTRY_TOKEN }} - name: Build and push Docker image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . # linux/ppc64le,linux/s390x @@ -107,27 +107,27 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 # ghcr.io/openimsdk/openim-chat:latest - name: Extract metadata (tags, labels) for Docker id: meta3 - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@v5.0.0 with: images: ghcr.io/openimsdk/openim-chat - name: Log in to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . # linux/ppc64le,linux/s390x diff --git a/.github/workflows/chatci.yml b/.github/workflows/chatci.yml index 7f707246..93ff1ea2 100644 --- a/.github/workflows/chatci.yml +++ b/.github/workflows/chatci.yml @@ -58,7 +58,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run go modules tidy run: | diff --git a/.github/workflows/check-coverage.yml b/.github/workflows/check-coverage.yml index 7080ef7b..c875b7a9 100644 --- a/.github/workflows/check-coverage.yml +++ b/.github/workflows/check-coverage.yml @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Golang with cache uses: magnetikonline/action-golang-cache@v4 diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index 3f658284..4d2a1605 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -41,7 +41,7 @@ jobs: steps: - name: "CLA Assistant" if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@v2.3.0 + uses: contributor-assistant/github-action@v2.3.1 env: GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} PERSONAL_ACCESS_TOKEN: ${{ secrets.REDBOT_GITHUB_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6233ffca..b5bc72b1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml index c95afb84..7b70595a 100644 --- a/.github/workflows/depsreview.yaml +++ b/.github/workflows/depsreview.yaml @@ -13,6 +13,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: 'Dependency Review' uses: actions/dependency-review-action@v3 \ No newline at end of file diff --git a/.github/workflows/docker-buildx.yml b/.github/workflows/docker-buildx.yml index b40aa6fe..f19fbda4 100644 --- a/.github/workflows/docker-buildx.yml +++ b/.github/workflows/docker-buildx.yml @@ -68,7 +68,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker chat-api-admin id: meta1 - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@v5.0.0 with: images: | ghcr.io/openimsdk/chat-api-admin @@ -76,7 +76,7 @@ jobs: registry.cn-hangzhou.aliyuncs.com/openimsdk/chat-api-admin - name: Build and push Docker image for chat-api-admin - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./build/images/api-admin/Dockerfile @@ -87,7 +87,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker chat-api-chat id: meta2 - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@v5.0.0 with: images: | ghcr.io/openimsdk/chat-api-chat @@ -95,7 +95,7 @@ jobs: registry.cn-hangzhou.aliyuncs.com/openimsdk/chat-api-chat - name: Build and push Docker image for chat-api-chat - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./build/images/api-chat/Dockerfile @@ -106,7 +106,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker chat-rpc-admin id: meta3 - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@v5.0.0 with: images: | ghcr.io/openimsdk/chat-rpc-admin @@ -114,7 +114,7 @@ jobs: registry.cn-hangzhou.aliyuncs.com/openimsdk/chat-rpc-admin - name: Build and push Docker image for chat-rpc-admin - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./build/images/rpc-admin/Dockerfile @@ -125,7 +125,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker chat-rpc-chat id: meta4 - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@v5.0.0 with: images: | ghcr.io/openimsdk/chat-rpc-chat @@ -133,7 +133,7 @@ jobs: registry.cn-hangzhou.aliyuncs.com/openimsdk/chat-rpc-chat - name: Build and push Docker image for chat-rpc-chat - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./build/images/rpc-chat/Dockerfile diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml index 708eca4f..b99330c0 100644 --- a/.github/workflows/gosec.yml +++ b/.github/workflows/gosec.yml @@ -37,7 +37,7 @@ jobs: GO111MODULE: on steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Gosec Security Scanner uses: securego/gosec@master with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d133b9d0..afb0bc84 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -49,26 +49,26 @@ jobs: go-version: stable - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Log in to AliYun Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: registry.cn-hangzhou.aliyuncs.com username: ${{ secrets.ALIREGISTRY_USERNAME }} @@ -83,12 +83,12 @@ jobs: ./_output/dist/*.apk key: ${{ github.ref }} - - uses: sigstore/cosign-installer@v3.1.1 + - uses: sigstore/cosign-installer@v3.2.0 - uses: anchore/sbom-action/download-syft@v0.14.3 - - uses: crazy-max/ghaction-upx@v2 + - uses: crazy-max/ghaction-upx@v3 with: install-only: true - - uses: cachix/install-nix-action@v22 + - uses: cachix/install-nix-action@v23 with: github_access_token: ${{ secrets.GITHUB_TOKEN }} # - name: snapcraft-login @@ -97,7 +97,7 @@ jobs: # More assembly might be required: Docker logins, GPG, etc. It all depends # on your needs. - - uses: goreleaser/goreleaser-action@v4 + - uses: goreleaser/goreleaser-action@v5 with: # either 'goreleaser' (default) or 'goreleaser-pro': distribution: goreleaser diff --git a/.github/workflows/scripts-test.yml b/.github/workflows/scripts-test.yml index 55381fc9..c8c65a5b 100644 --- a/.github/workflows/scripts-test.yml +++ b/.github/workflows/scripts-test.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build Chat run: | diff --git a/.github/workflows/sync-release.yml b/.github/workflows/sync-release.yml index 868f4258..e358b101 100644 --- a/.github/workflows/sync-release.yml +++ b/.github/workflows/sync-release.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run GitHub File Sync uses: BetaHuhn/repo-file-sync-action@latest diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml index 153ba5b0..baf10796 100644 --- a/.github/workflows/sync.yml +++ b/.github/workflows/sync.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run GitHub File Sync uses: BetaHuhn/repo-file-sync-action@latest