chore(deps): update mikefarah/yq action from v4.44.5 to v4.44.6 (.github/workflows/release-x-manual-helm-chart.yml)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
mikefarah/yq	action	patch	v4.44.5 -> v4.44.6

---

Release Notes

mikefarah/yq (mikefarah/yq)

v4.44.6

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dryrunsecurity]

DryRun Security Summary

The GitHub Actions workflow for releasing the DefectDojo Helm chart automates the process of updating dependencies, packaging the chart, creating a GitHub release, and updating the Helm repository index while demonstrating good security practices like version pinning and standardized release management.

Expand for full summary

Summary:

The code change provided is part of a GitHub Actions workflow responsible for releasing the DefectDojo Helm chart. The workflow performs several important tasks, including checking out the repository, installing Helm, configuring Helm repositories, updating the Helm chart version, packaging the Helm chart, creating a GitHub release, and updating the Helm repository index.

From an application security perspective, the workflow demonstrates several good security practices, such as dependency management, version pinning, and a standardized release process. The workflow updates the dependencies for the DefectDojo Helm chart, which helps ensure that the chart is using the latest versions of its dependencies. Additionally, the workflow pins the version of the mikefarah/yq action to a specific commit hash, preventing unintended changes to the workflow due to updates to the action. The release process, including the creation of a GitHub release and the update to the Helm repository index, is a standard and secure way of distributing the DefectDojo Helm chart, making it easy and secure for users to install the latest version.

Files Changed:

• .github/workflows/release-x-manual-helm-chart.yml: This file contains the GitHub Actions workflow responsible for releasing the DefectDojo Helm chart. The workflow performs the following tasks:
  1. Checks out the master branch of the repository and configures the Git user name and email for the release bot.
  2. Installs the Helm package manager, which is used to package and release the Helm chart.
  3. Adds the Bitnami Helm repository and updates the dependencies for the DefectDojo Helm chart.
  4. Uses the yq tool to update the tag value in the helm/defectdojo/values.yaml file to the release number specified in the workflow input.
  5. Packages the DefectDojo Helm chart and stores the resulting artifact in the build directory.
  6. Creates a new GitHub release with the specified release number, attaches the packaged Helm chart as a release asset, and marks the release as a draft.
  7. Updates the Helm repository index file (index.yaml) in the helm-charts branch of the repository, allowing users to easily install the new Helm chart version.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved