chore(deps): update github-actions (#53)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | digest | `b4ffde6` -> `692973e` | | [aquaproj/aqua-installer](https://togithub.com/aquaproj/aqua-installer) | action | minor | `v2.0.2` -> `v2.3.2` | | [docker/login-action](https://togithub.com/docker/login-action) | action | digest | `343f7c4` -> `0d4c9c5` | --- ### Release Notes <details> <summary>aquaproj/aqua-installer (aquaproj/aqua-installer)</summary> ### [`v2.3.2`](https://togithub.com/aquaproj/aqua-installer/releases/tag/v2.3.2) [Compare Source](https://togithub.com/aquaproj/aqua-installer/compare/v2.3.1...v2.3.2) [#607](https://togithub.com/aquaproj/aqua-installer/issues/607) export environment variable `AQUA_DISABLE_COSIGN` and `AQUA_DISABLE_SLSA` [https://github.com/aquaproj/aqua/issues/2759](https://togithub.com/aquaproj/aqua/issues/2759) To disable Cosign and slsa-verifier on subsequent steps. ### [`v2.3.1`](https://togithub.com/aquaproj/aqua-installer/releases/tag/v2.3.1) [Compare Source](https://togithub.com/aquaproj/aqua-installer/compare/v2.3.0...v2.3.1) [#605](https://togithub.com/aquaproj/aqua-installer/issues/605) Disable Cosign and slsa-verifier Until we will finish upgrading Cosign to v2, we disable Cosign and slsa-verifier. [https://github.com/aquaproj/aqua/issues/1665#issuecomment-2008588288](https://togithub.com/aquaproj/aqua/issues/1665#issuecomment-2008588288) ### [`v2.3.0`](https://togithub.com/aquaproj/aqua-installer/releases/tag/v2.3.0) [Compare Source](https://togithub.com/aquaproj/aqua-installer/compare/v2.2.0...v2.3.0) [Issues](https://togithub.com/aquaproj/aqua-installer/issues?q=is%3Aissue+milestone%3Av2.3.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-installer/pulls?q=is%3Apr+milestone%3Av2.3.0) | aquaproj/aqua-installer@v2.2.0...v2.3.0 #### Features [#580](https://togithub.com/aquaproj/aqua-installer/issues/580) Support disabling the verification with Cosign and SLSA Provenance > \[!CAUTION] > This feature is for users who can't use Cosign and slsa-verifier. > Most users can use them, so most users don't need this feature. > aqua installs Cosign and slsa-verifier internally, so you don't need to install them yourself. > If you can use Cosign and slsa-verifier, you should not disable them because they are important for security. The bootstrap version is updated to [aqua v2.22.0](https://togithub.com/aquaproj/aqua/releases/tag/v2.22.0). From this version, [aqua supports disabling the verification with Cosign and SLSA Provenance](https://aquaproj.github.io/docs/reference/security/cosign-slsa#disable-the-verification-with-cosign-and-slsa-provenance). To disable the verification with Cosign and SLSA Provenance when you install aqua with aqua-installer, please set the environment variables `AQUA_DISABLE_COSIGN` and `AQUA_DISABLE_SLSA`. ```sh export AQUA_DISABLE_COSIGN=true export AQUA_DISABLE_SLSA=true ./aqua-installer ``` ```yaml - uses: aquaproj/[email protected] with: aqua_version: v2.22.0 env: AQUA_DISABLE_COSIGN: "true" AQUA_DISABLE_SLSA: "true" ``` ### [`v2.2.0`](https://togithub.com/aquaproj/aqua-installer/releases/tag/v2.2.0) [Compare Source](https://togithub.com/aquaproj/aqua-installer/compare/v2.1.3...v2.2.0) [Issues](https://togithub.com/aquaproj/aqua-installer/issues?q=is%3Aissue+milestone%3Av2.2.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-installer/pulls?q=is%3Apr+milestone%3Av2.2.0) | aquaproj/aqua-installer@v2.1.3...v2.2.0 ##### Features [#365](https://togithub.com/aquaproj/aqua-installer/issues/365) [#550](https://togithub.com/aquaproj/aqua-installer/issues/550) [#551](https://togithub.com/aquaproj/aqua-installer/issues/551) Output the guide to set the environment variable `PATH` `aqua-installer` outputs the following guide. =============================================================== [INFO] aqua is installed into /root/.local/share/aquaproj-aqua/bin/aqua [INFO] Please add the path to the environment variable "PATH" [INFO] export PATH=${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH =============================================================== [#551](https://togithub.com/aquaproj/aqua-installer/issues/551) Use wget if curl isn't found ### [`v2.1.3`](https://togithub.com/aquaproj/aqua-installer/releases/tag/v2.1.3) [Compare Source](https://togithub.com/aquaproj/aqua-installer/compare/v2.1.2...v2.1.3) [Issues](https://togithub.com/aquaproj/aqua-installer/issues?q=is%3Aissue+milestone%3Av2.1.3) | [Pull Requests](https://togithub.com/aquaproj/aqua-installer/pulls?q=is%3Apr+milestone%3Av2.1.3) | aquaproj/aqua-installer@v2.1.2...v2.1.3 [#545](https://togithub.com/aquaproj/aqua-installer/issues/545) Update the bootstrap version to v2.16.4 To support aqua v2.17.0 or later on Windows. https://github.com/aquaproj/aqua/releases/tag/v2.16.1 > To upgrade aqua to v2.17.0 or later on Windows, you need to upgrade aqua to v2.16.1 or later first. ### [`v2.1.2`](https://togithub.com/aquaproj/aqua-installer/releases/tag/v2.1.2) [Compare Source](https://togithub.com/aquaproj/aqua-installer/compare/v2.1.1...v2.1.2) [Issues](https://togithub.com/aquaproj/aqua-installer/issues?q=is%3Aissue+milestone%3Av2.1.2) | [Pull Requests](https://togithub.com/aquaproj/aqua-installer/pulls?q=is%3Apr+milestone%3Av2.1.2) | aquaproj/aqua-installer@v2.1.1...v2.1.2 ##### Fixes [#432](https://togithub.com/aquaproj/aqua-installer/issues/432) Fix typo [#461](https://togithub.com/aquaproj/aqua-installer/issues/461) [#463](https://togithub.com/aquaproj/aqua-installer/issues/463) Fix a bug that action doesn't work in a container ##### Fix a bug that action doesn't work in a container [#461](https://togithub.com/aquaproj/aqua-installer/issues/461) [#463](https://togithub.com/aquaproj/aqua-installer/issues/463) GitHub Actions supports running a job in a container. https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container But in a container the variable `${{ github.action_path }}` is wrong, so action can't access the script `aqua-installer`. This is a known issue of GitHub Actions. - [https://github.com/actions/runner/issues/2185](https://togithub.com/actions/runner/issues/2185) To solve the issue, we copy the content of the script `aqua-installer` into action itself, then action don't have to access the script `aqua-installer`. ### [`v2.1.1`](https://togithub.com/aquaproj/aqua-installer/releases/tag/v2.1.1) [Compare Source](https://togithub.com/aquaproj/aqua-installer/compare/v2.1.0...v2.1.1) [Issues](https://togithub.com/aquaproj/aqua-installer/issues?q=is%3Aissue+milestone%3Av2.1.1) | [Pull Requests](https://togithub.com/aquaproj/aqua-installer/pulls?q=is%3Apr+milestone%3Av2.1.1) | aquaproj/aqua-installer@v2.1.0...v2.1.1 ##### Others [#411](https://togithub.com/aquaproj/aqua-installer/issues/411) Update the bootstrapping aqua v1.26.2 to v2.2.3 This update enables to verify prerelease versions by Cosign and slsa-verifier. ref. https://aquaproj.github.io/docs/reference/upgrade-guide/v2/change-semver ### [`v2.1.0`](https://togithub.com/aquaproj/aqua-installer/releases/tag/v2.1.0) [Compare Source](https://togithub.com/aquaproj/aqua-installer/compare/v2.0.2...v2.1.0) [Issues](https://togithub.com/aquaproj/aqua-installer/issues?q=is%3Aissue+milestone%3Av2.1.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-installer/pulls?q=is%3Apr+milestone%3Av2.1.0) | aquaproj/aqua-installer@v2.0.2...v2.1.0 #### Features [#403](https://togithub.com/aquaproj/aqua-installer/issues/403) Add an input `policy_allow` to run `aqua policy allow` aqua >= v2.3.0 If `policy_allow` is `true`, `aqua policy allow` command is run. If a Policy file path is set, `aqua policy allow "${{inputs.policy_allow}}"` is run. ##### See also - [Tutorial](https://aquaproj.github.io/docs/guides/policy-as-code) - [Reference](https://aquaproj.github.io/docs/reference/security/policy-as-code) - [Reference - Git Repository root's policy file and policy commands](https://aquaproj.github.io/docs/reference/security/policy-as-code/git-policy) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/DelineaXPM/dsv-github-action).  --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Sheldon Hull <[email protected]>
DelineaXPM · Jul 18, 2024 · 6263997 · 6263997
1 parent ba74631
commit 6263997
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 23 deletions.
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -26,7 +26,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - id: dsv
         # If using as a template outside of the actual repo, you sould reference like this instead:
         # uses: DelineaXPM/dsv-github-action@v1 # renovate: tag=v1

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,15 +14,15 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
       # https://github.com/magnetikonline/action-golang-cache
       - name: Setup Golang with cache
         uses: magnetikonline/action-golang-cache@777394c89f8ed6fcf1649505277c46c1cd06494d # v4
         with:
           go-version-file: go.mod
       # https://github.com/magnetikonline/action-golang-
-      - uses: aquaproj/aqua-installer@61e2563dfe7674cbf74fe6ec212e444198a3bb00 # tag=v2.0.2
+      - uses: aquaproj/aqua-installer@fd2089d1f56724d6456f24d58605e6964deae124 # v2.3.2
         with:
           aqua_version: v2.21.3
           enable_aqua_install: true
@@ -36,7 +36,7 @@ jobs:
           version: latest
           args: init
       - name: docker-login
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
         with:
           username: ${{ secrets.DSV_DOCKER_USERNAME }}
           password: ${{ secrets.DSV_DOCKER_PASSWORD }}

diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -10,42 +10,49 @@ version: 0.1
 runtimes:
   enabled:
     - [email protected]
-    - python@3.11
+    - python@3.12.2
     - [email protected] # make sure this matches what's in go.mod for this to work correctly.
 cli:
-  version: 1.19.0
+  version: 1.22.2
 plugins:
   sources:
     - id: trunk
-      ref: v1.2.1
+      ref: v1.6.1
       uri: https://github.com/trunk-io/plugins
 lint:
   enabled:
-    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
     - git-diff-check@SYSTEM
-    - [email protected].1
-    - gofmt@1.16.7
-    - golangci-lint@1.55.2
+    - [email protected].4
+    - gofmt@1.20.4
+    - golangci-lint@1.59.1
     - [email protected]
-    - markdownlint@0.38.0
-    - prettier@3.2.4
-    - shellcheck@0.9.0
-    - shfmt@3.5.0
-    - taplo@0.8.1
-    - yamllint@1.28.0
+    - markdownlint@0.41.0
+    - prettier@3.3.3
+    - shellcheck@0.10.0
+    - shfmt@3.6.0
+    - taplo@0.9.2
+    - yamllint@1.35.1
   threshold:
     - linters: [markdownlint]
       level: high
   ignore:
     - linters: [ALL]
       paths:
-        - .devcontainer/library-scripts
         - .devcontainer/init
-        - vendor/*
-    - linters: [markdownlint]
-      paths:
-        # in progress changelog notes
-        - .changes/*.md
+        - vendor/**
+        - '**/*/mage_output_file.go'
+        - .artifacts/**
+        - .cache/**
     - linters: [yamllint]
       paths:
         - .changes/unreleased/*.yaml
+    - linters: [checkov, trufflehog, trivy]
+      paths:
+        - .changes/**
+        - .trunk/**