From e030cb091c3aba1b5fffdcb452fbb19c84dee597 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 14 Jul 2024 22:18:45 +0000 Subject: [PATCH] build: bump the github-actions group with 2 updates Bumps the github-actions group with 2 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action). Updates `actions/attest-build-provenance` from 1.3.2 to 1.3.3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/bdd51370e0416ac948727f861e03c2f05d32d78e...5e9cb68e95676991667494a6a4e59b8a2f13e1d0) Updates `docker/setup-buildx-action` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/d70bba72b1f3fd22344832f00baa16ece964efeb...4fd812986e6c8c2a69e18311145f9371337f27d4) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/release-step-3.yml | 6 +++--- .github/workflows/snapshot.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-step-3.yml b/.github/workflows/release-step-3.yml index 53ff9477..da82331b 100644 --- a/.github/workflows/release-step-3.yml +++ b/.github/workflows/release-step-3.yml @@ -101,7 +101,7 @@ jobs: run: tar xvf ${{ env.TARBALL_FILE }} - name: generate build provenance - uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2 + uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3 with: subject-path: "${{ github.workspace }}/**/*.jar" @@ -144,7 +144,7 @@ jobs: run: echo "LATEST_TAG=$(git tag --list --sort=version:refname "v*" | grep -v RC | sed s/^v// | tail -n 1)" >> "${GITHUB_ENV}" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 - name: Log in to the Elastic Container registry uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 @@ -182,7 +182,7 @@ jobs: EXTENSION_JAR_FILE=elastic-otel-agentextension.jar - name: generate build provenance (containers) - uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2 + uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3 with: subject-name: "${{ env.DOCKER_IMAGE_NAME }}" subject-digest: ${{ steps.push.outputs.digest }} diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index d88c22f6..5daea767 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -74,7 +74,7 @@ jobs: run: tar xvf ${{ env.TARBALL_FILE }} - name: generate build provenance - uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2 + uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3 with: subject-path: "${{ github.workspace }}/**/*.jar"