From 1bc70eb2f33f761d908a29acb92d61c6052db6b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jun 2026 06:18:46 +0000 Subject: [PATCH] ci: bump the github-actions-all group with 5 updates Bumps the github-actions-all group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5` | `7` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4.3.0` | `5.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [gradle/actions](https://github.com/gradle/actions) | `4` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5.0.0` | `7.0.1` | Updates `actions/checkout` from 5 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v5...v7) Updates `azure/setup-helm` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/b9e51907a09c216f16ebe8536097933489208112...dda3372f752e03dde6b3237bc9431cdc2f7a02a2) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `gradle/actions` from 4 to 6 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/v4...v6) Updates `actions/upload-artifact` from 5.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: azure/setup-helm dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: gradle/actions dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 28 ++++++++++++++-------------- .github/workflows/codeql.yml | 8 ++++---- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8d3ee92..e31d0dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: name: Lint workflows & Dockerfiles runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: actionlint (workflow 문법/표현식/SHA 검사) # 공식 액션 대신 동봉 스크립트로 핀-프리 설치 (자체 SHA 핀 불필요). run: | @@ -54,9 +54,9 @@ jobs: env: KUBECONFORM_VERSION: v0.6.7 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 with: version: v3.16.4 - name: Install kubeconform @@ -97,7 +97,7 @@ jobs: # SARIF 업로드에 필요. security-events: write steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Trivy config scan (Dockerfile / compose / helm IaC) uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 @@ -120,14 +120,14 @@ jobs: continue-on-error: true - name: Upload Trivy config SARIF - uses: github/codeql-action/upload-sarif@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 continue-on-error: true with: sarif_file: trivy-config.sarif category: trivy-config - name: Upload Trivy fs SARIF - uses: github/codeql-action/upload-sarif@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 continue-on-error: true with: sarif_file: trivy-fs.sarif @@ -137,7 +137,7 @@ jobs: name: Validate infra configs runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Validate docker-compose run: docker compose -f infra/docker-compose.yml config > /dev/null - name: Validate Prometheus config @@ -180,18 +180,18 @@ jobs: - correlation-mdc-starter - actuator-extras steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5 with: java-version: '21' distribution: 'temurin' - - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4 + - uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6.2.0 - name: Build & test working-directory: modules/${{ matrix.module }} run: ./gradlew build --no-daemon - name: Upload test report if: failure() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-report-${{ matrix.module }} path: modules/${{ matrix.module }}/build/reports/tests/ @@ -211,12 +211,12 @@ jobs: - payment-service - inventory-service steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5 with: java-version: '21' distribution: 'temurin' - - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4 + - uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6.2.0 - name: Build & test working-directory: services/${{ matrix.service }} # check 는 build 의 부분집합이지만 명시 — 새로운 verification task 가 추가되면 @@ -229,14 +229,14 @@ jobs: run: ./gradlew koverLog koverXmlReport koverHtmlReport --no-daemon - name: Upload coverage report if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage-${{ matrix.service }} path: services/${{ matrix.service }}/build/reports/kover/ if-no-files-found: ignore - name: Upload test report if: failure() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-report-${{ matrix.service }} path: services/${{ matrix.service }}/build/reports/tests/ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index adeadaa..864ff46 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,17 +26,17 @@ jobs: actions: read contents: read steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@v6 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: java-kotlin @@ -59,6 +59,6 @@ jobs: done - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: /language:java-kotlin