Bump the github-actions group with 6 updates (#416)

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Giovanni Toraldo <[email protected]>
Alfresco · Nov 21, 2024 · c222d51 · c222d51
1 parent 8b98ec1
commit c222d51
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 15 deletions.
diff --git a/.checkov.yml b/.checkov.yml
@@ -10,6 +10,8 @@ skip-check:
   - CKV_K8S_35 # "Prefer using secrets as files over secrets as environment variables"
   - CKV_K8S_38 # "Ensure that Service Account Tokens are only mounted where necessary"
   - CKV_K8S_43 # "Image should use digest"
+soft-fail-on:
+  - CKV2_K8S_6 # NetworkPolicy OPSEXP-2965
 var-file: .checkov-values.yml
 skip-path:
   - charts/[^/]+/ci/

diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml
@@ -18,15 +18,15 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run checkov
-        uses: bridgecrewio/checkov-action@d0e41abbcc8c1103c6ae7e451681d071f05e1c20 # v12.2873.0
+        uses: bridgecrewio/checkov-action@06270f7ecf3b18a0a85f1f3356f141bc01872ca6 # v12.2913.0
         with:
           config_file: .checkov.yml
           output_format: cli,sarif
           output_file_path: console,results.sarif
           skip_download: true # Do not download any data from Bridgecrew's servers
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
 
         if: success() || failure()
         with:

diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
@@ -21,7 +21,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Run KICS Scan
-        uses: checkmarx/kics-github-action@530ac1f8efe6202b0f12c9a6e952597ae707b755 # v2.1.2
+        uses: checkmarx/kics-github-action@94469746ec2c43de89a42fb9d2a80070f5d25b16 # v2.1.3
         with:
           path: 'charts'
           ignore_on_exit: results
@@ -32,6 +32,6 @@ jobs:
           platform_type: 'kubernetes'
           disable_secrets: true
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.26.8
+        uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.26.8
         with:
           sarif_file: report-dir/results.sarif
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -17,20 +17,20 @@ jobs:
       contents: write
     steps:
       - name: Ensure SHA pinned actions
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b8f9a25a51fe633d9215ac7734854dc11cd299cb # v3.0.13
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@38608ef4fb69adae7f1eac6eeb88e67b7d083bfd # v3.0.16
         with:
           allowlist: |
             Alfresco/alfresco-build-tools/
 
       - name: Setup helm docs
-        uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@bd803ea1bf16464eaf9726560c0496b41d15c03f # v7.1.0
+        uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
 
       - name: Install kubeconform helm plugin
         run: |
           helm plugin install https://github.com/jtyr/kubeconform-helm --version v0.1.12
 
       - name: Run pre-commit
-        uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@bd803ea1bf16464eaf9726560c0496b41d15c03f # v7.1.0
+        uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
         with:
           # disable auto-commit for PRs from forks
           auto-commit: ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml
@@ -27,7 +27,7 @@ jobs:
           token: ${{ secrets.BOT_GITHUB_TOKEN }}
 
       - uses: >-
-          Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v7.1.0
+          Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.4.0
 
       - name: Login to quay.io
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
@@ -37,15 +37,15 @@ jobs:
           password: ${{ secrets.QUAY_PASSWORD }}
 
       - name: Install Updatecli
-        uses: updatecli/updatecli-action@92a13b95c2cd9f1c6742c965509203c6a5635ed7 # v2.68.0
+        uses: updatecli/updatecli-action@704a64517239e0993c5e3bf6749a063b8f950d9f # v2.70.0
 
       - run: updatecli apply
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
 
-      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@bd803ea1bf16464eaf9726560c0496b41d15c03f # v7.1.0
+      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
       - name: Regenerate helm docs if necessary
-        uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@bd803ea1bf16464eaf9726560c0496b41d15c03f # v7.1.0
+        uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
         with:
           pre-commit-args: helm-docs || true
           skip_checkout: "true"
@@ -71,7 +71,7 @@ jobs:
           token: ${{ secrets.BOT_GITHUB_TOKEN }}
 
       - uses: >-
-          Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v7.1.0
+          Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.4.0
 
       - name: Login to quay.io
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
@@ -81,7 +81,7 @@ jobs:
           password: ${{ secrets.QUAY_PASSWORD }}
 
       - name: Install Updatecli
-        uses: updatecli/updatecli-action@92a13b95c2cd9f1c6742c965509203c6a5635ed7 # v2.68.0
+        uses: updatecli/updatecli-action@704a64517239e0993c5e3bf6749a063b8f950d9f # v2.70.0
 
       - name: Checkout updatecli configs
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -101,9 +101,9 @@ jobs:
           QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
           UPDATECLI_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
 
-      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@bd803ea1bf16464eaf9726560c0496b41d15c03f # v7.1.0
+      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
       - name: Regenerate helm docs if necessary
-        uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@bd803ea1bf16464eaf9726560c0496b41d15c03f # v7.1.0
+        uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
         with:
           pre-commit-args: helm-docs || true
           skip_checkout: "true"