diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml index 52b4fc7..fbd0081 100644 --- a/.github/workflows/apply.yml +++ b/.github/workflows/apply.yml @@ -44,7 +44,7 @@ jobs: name: Lint + schema-check before apply runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: yamllint run: | python3 -m pip install --quiet yamllint @@ -75,7 +75,7 @@ jobs: needs: validate runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Confirm the APPLY phrase run: | @@ -86,7 +86,7 @@ jobs: echo "confirm phrase OK — proceeding." - name: Set up kubectl - uses: azure/setup-kubectl@v4 + uses: azure/setup-kubectl@v5 with: version: 'latest' diff --git a/.github/workflows/pin-prod-images.yml b/.github/workflows/pin-prod-images.yml index cb2be4b..8c74e0f 100644 --- a/.github/workflows/pin-prod-images.yml +++ b/.github/workflows/pin-prod-images.yml @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Validate tag matches production regex env: @@ -172,10 +172,10 @@ jobs: id-token: write # for cosign keyless signing steps: - name: Install syft - uses: anchore/sbom-action/download-syft@v0.17.0 + uses: anchore/sbom-action/download-syft@v0.24.0 - name: Install cosign - uses: sigstore/cosign-installer@v3.5.0 + uses: sigstore/cosign-installer@v4.1.2 - name: Log in to GHCR env: @@ -204,7 +204,7 @@ jobs: echo "::notice::SBOM attached to $IMAGE" - name: Upload SBOM as workflow artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-${{ inputs.package }}-${{ inputs.tag }} path: sbom.spdx.json diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 4af4b10..8e26b6f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: yamllint run: |