From 35e9d3eafed4ae1eb8df0c1343a049f73343eb1f Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 13 Jan 2025 01:56:36 +0100 Subject: [PATCH] chore(deps): update workflows (#1468) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.5.0` -> `v4.6.0` | | [docker/setup-qemu-action](https://redirect.github.com/docker/setup-qemu-action) | action | digest | `49b3bc8` -> `53851d1` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.28.0` -> `v3.28.1` | | [ruby/setup-ruby](https://redirect.github.com/ruby/setup-ruby) | action | minor | `v1.204.0` -> `v1.207.0` | | [shivammathur/setup-php](https://redirect.github.com/shivammathur/setup-php) | action | minor | `2.31.1` -> `2.32.0` | --- ### Release Notes
actions/upload-artifact (actions/upload-artifact) ### [`v4.6.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0) ##### What's Changed - Expose env vars to control concurrency and timeout by [@​yacaovsnc](https://redirect.github.com/yacaovsnc) in [https://github.com/actions/upload-artifact/pull/662](https://redirect.github.com/actions/upload-artifact/pull/662) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.6.0
github/codeql-action (github/codeql-action) ### [`v3.28.1`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.0...v3.28.1) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see [this changelog post](https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/). [#​2677](https://redirect.github.com/github/codeql-action/pull/2677) - Update default CodeQL bundle version to 2.20.1. [#​2678](https://redirect.github.com/github/codeql-action/pull/2678) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.1/CHANGELOG.md) for more information.
ruby/setup-ruby (ruby/setup-ruby) ### [`v1.207.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.207.0) [Compare Source](https://redirect.github.com/ruby/setup-ruby/compare/v1.206.0...v1.207.0) #### What's Changed - Update CRuby releases on Windows by [@​ruby-builder-bot](https://redirect.github.com/ruby-builder-bot) in [https://github.com/ruby/setup-ruby/pull/681](https://redirect.github.com/ruby/setup-ruby/pull/681) **Full Changelog**: https://github.com/ruby/setup-ruby/compare/v1.206.0...v1.207.0 ### [`v1.206.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.206.0) [Compare Source](https://redirect.github.com/ruby/setup-ruby/compare/v1.205.0...v1.206.0) #### What's Changed - Add ruby-3.4.0,ruby-3.4.1 by [@​ruby-builder-bot](https://redirect.github.com/ruby-builder-bot) in [https://github.com/ruby/setup-ruby/pull/679](https://redirect.github.com/ruby/setup-ruby/pull/679) **Full Changelog**: https://github.com/ruby/setup-ruby/compare/v1.205.0...v1.206.0 ### [`v1.205.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.205.0) [Compare Source](https://redirect.github.com/ruby/setup-ruby/compare/v1.204.0...v1.205.0) ##### What's Changed - Fixes the latest rubygems installation error with Ruby 3.0 by [@​Watson1978](https://redirect.github.com/Watson1978) in [https://github.com/ruby/setup-ruby/pull/676](https://redirect.github.com/ruby/setup-ruby/pull/676) ##### New Contributors - [@​Watson1978](https://redirect.github.com/Watson1978) made their first contribution in [https://github.com/ruby/setup-ruby/pull/676](https://redirect.github.com/ruby/setup-ruby/pull/676) **Full Changelog**: https://github.com/ruby/setup-ruby/compare/v1.204.0...v1.205.0
shivammathur/setup-php (shivammathur/setup-php) ### [`v2.32.0`](https://redirect.github.com/shivammathur/setup-php/releases/tag/2.32.0) [Compare Source](https://redirect.github.com/shivammathur/setup-php/compare/2.31.1...2.32.0) ##### Changelog - Added support for PHP 8.4 as the default stable PHP version. ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 ``` - Added support for PHP 8.5 as the nightly version. ([#​867](https://redirect.github.com/shivammathur/setup-php/issues/867)) ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.5' ``` - Added support for `pre-installed` in `php-version` input. ([#​872](https://redirect.github.com/shivammathur/setup-php/issues/872)) It will setup the pre-installed PHP version on the runner as per the docs here https://github.com/shivammathur/setup-php?tab=readme-ov-file#github-hosted-runners. If the runner does not have a pre-installed PHP version, it will fail. Please note: It is not recommended to use this unless you are doing something trivial, the pre-installed PHP versions on GitHub hosted runners are old patch versions. ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: pre-installed ``` - Added support for `.tool-versions` file format in `php-version-file` input. ([#​883](https://redirect.github.com/shivammathur/setup-php/issues/883)) If you have an asdf .tool-versions file in your project. For example, you can specify `.tool-versions` now in the `php-version-file` input and the action would setup the correct PHP version. ```txt ruby 3.4 php 8.4 nodejs 23.5 ``` ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version-file: .tool-versions ``` - Added support for to specify the path for composer file in the project to read the PHP version using `COMPOSER_PROJECT_DIR` env value. ([#​894](https://redirect.github.com/shivammathur/setup-php/issues/894)) ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 env: COMPOSER_PROJECT_DIR: php ``` - Added support for `macos-15` GitHub hosted environment. - Added support for `windows-2025` GitHub hosted environment. - Added support for composer-dependency-analyser tool ([#​859](https://redirect.github.com/shivammathur/setup-php/issues/859), [#​897](https://redirect.github.com/shivammathur/setup-php/issues/897)) ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' tools: composer-dependency-analyser ``` - Added support for relay extension for PHP 8.4 and 8.5. ([#​892](https://redirect.github.com/shivammathur/setup-php/issues/892)) ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' extensions: relay ``` - Added information on how an extension is loaded in the wiki extension lists. ([#​887](https://redirect.github.com/shivammathur/setup-php/issues/887)) https://github.com/shivammathur/setup-php/wiki - Fixed support for debug builds. ([#​880](https://redirect.github.com/shivammathur/setup-php/issues/880)) ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' env: debug: true ``` - Fixed support for zts buids on self-hosted runners. ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' env: phpts: ts ``` - Fixed support for oci extensions for PHP 8.4 and PHP 8.5. ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' extensions: pdo_oci, oci8 ``` - Fixed support for zephir_parser extension. ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' extensions: zephir_parser ``` - Fixed support for couchbase extension on old PHP versions. ```yml - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '7.1' extensions: couchbase ``` - Fixed support for pdo_firebird extension on macos-15. ```yml ##### runs-on: macos-15 - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.4' extensions: pdo_firebird ``` - Improved support to install tools in a multi-user self-hosted environment. - Dropped support for `macos-12` GitHub hosted environments. - Dropped support for Debian 10 based self-hosted environments. - Update Node.js dependencies. Thanks [@​janedbal](https://redirect.github.com/janedbal), [@​alexmerlin](https://redirect.github.com/alexmerlin) and [@​tillkruss](https://redirect.github.com/tillkruss) for the contributions 🎉 Thanks [@​desrosj](https://redirect.github.com/desrosj), [@​bloodynumen](https://redirect.github.com/bloodynumen) and [@​eliashaeussler](https://redirect.github.com/eliashaeussler) for the sponsorship ❤ī¸ For the complete list of changes, please refer to the [Full Changelog](https://redirect.github.com/shivammathur/setup-php/compare/2.31.1...2.32.0)

Follow for updates

setup-php reddit setup-php twitter setup-php status

--- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). đŸšĻ **Automerge**: Disabled by config. Please merge this manually once you are satisfied. â™ģ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. đŸ‘ģ **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv-scanner). --- .github/workflows/checks.yml | 2 +- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/goreleaser.yml | 2 +- .github/workflows/osv-scanner-reusable-pr.yml | 8 ++++---- .github/workflows/osv-scanner-reusable.yml | 4 ++-- .github/workflows/prerelease-check.yml | 2 +- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/semantic.yml | 18 +++++++++--------- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 18f2218309..6fe9333a90 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -80,7 +80,7 @@ jobs: with: persist-credentials: false - run: scripts/build_test_images.sh - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }} path: internal/image/fixtures/*.tar diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 595271319d..3cf835d2ba 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,7 +48,7 @@ jobs: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -59,7 +59,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -73,4 +73,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 731e3ec4b4..4265da3dcf 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -30,7 +30,7 @@ jobs: with: go-version: stable check-latest: true - - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: ghcr-login uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml index d03422d3f5..f08296a1d3 100644 --- a/.github/workflows/osv-scanner-reusable-pr.yml +++ b/.github/workflows/osv-scanner-reusable-pr.yml @@ -86,21 +86,21 @@ jobs: # format to the repository Actions tab. - name: "Upload artifact" if: "!cancelled()" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: ${{ inputs.results-file-name }} retention-days: 5 - name: "Upload old scan json results" if: "!cancelled()" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: old-json-results path: old-results.json retention-days: 5 - name: "Upload new scan json results" if: "!cancelled()" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: new-json-results path: new-results.json @@ -108,6 +108,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: ${{ !cancelled() && inputs.upload-sarif == true }} - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: ${{ inputs.results-file-name }} diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml index 387290256c..cab5210cdc 100644 --- a/.github/workflows/osv-scanner-reusable.yml +++ b/.github/workflows/osv-scanner-reusable.yml @@ -83,7 +83,7 @@ jobs: # format to the repository Actions tab. - name: "Upload artifact" if: "!cancelled()" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: ${{ inputs.results-file-name }} @@ -91,6 +91,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: "${{ !cancelled() && inputs.upload-sarif == true }}" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: ${{ inputs.results-file-name }} diff --git a/.github/workflows/prerelease-check.yml b/.github/workflows/prerelease-check.yml index 633fdd99e2..2cab7a8c55 100644 --- a/.github/workflows/prerelease-check.yml +++ b/.github/workflows/prerelease-check.yml @@ -70,7 +70,7 @@ jobs: with: persist-credentials: false - run: scripts/build_test_images.sh - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }} path: internal/image/fixtures/*.tar diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b4fa838947..ce01c3863c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml index 39d897345f..22f2757ac7 100644 --- a/.github/workflows/semantic.yml +++ b/.github/workflows/semantic.yml @@ -49,7 +49,7 @@ jobs: - run: python3 scripts/generators/generate-debian-versions.py - run: git status - run: stat debian-db.zip - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-debian-versions path: internal/semantic/fixtures/debian-versions-generated.txt @@ -82,7 +82,7 @@ jobs: - run: python3 scripts/generators/generate-redhat-versions.py - run: git status - run: stat redhat-db.zip - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-redhat-versions path: internal/semantic/fixtures/redhat-versions-generated.txt @@ -100,13 +100,13 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # 2.31.1 + - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0 with: php-version: "8.2" extensions: zip - run: php scripts/generators/generate-packagist-versions.php - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-packagist-versions path: internal/semantic/fixtures/packagist-versions-generated.txt @@ -126,7 +126,7 @@ jobs: run: pip install packaging==21.3 - run: python3 scripts/generators/generate-pypi-versions.py - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-pypi-versions path: internal/semantic/fixtures/pypi-versions-generated.txt @@ -139,14 +139,14 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0 + - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0 with: ruby-version: "3.1" - name: setup dependencies run: gem install rubyzip - run: ruby scripts/generators/generate-rubygems-versions.rb - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-rubygems-versions path: internal/semantic/fixtures/rubygems-versions-generated.txt @@ -172,7 +172,7 @@ jobs: -o scripts/generators/lib/maven-artifact-3.8.5.jar - run: java -cp 'scripts/generators/lib/*' scripts/generators/GenerateMavenVersions.java - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-maven-versions path: internal/semantic/fixtures/maven-versions-generated.txt @@ -190,7 +190,7 @@ jobs: r-version: "3.5.3" - run: Rscript scripts/generators/generate-cran-versions.R - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-cran-versions path: internal/semantic/fixtures/cran-versions-generated.txt