Merge pull request eclipse-tractusx#368 from eclipse-tractusx/dependa…

…bot/github_actions/actions/checkout-4.1.6

chore(deps): bump actions/checkout from 4.1.1 to 4.1.6

.github/workflows/build-image-backend.yml

@@ -49,12 +49,12 @@ jobs:
 
         steps:
             -   name: Checkout
-                uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+                uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
             # Create SemVer or ref tags dependent of trigger event
             -   name: Docker meta
                 id: meta
-                uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0
+                uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
                 with:
                     images: |
                         ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
@@ -69,13 +69,13 @@ jobs:
 
             -   name: DockerHub login
                 if: github.event_name != 'pull_request'
-                uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
+                uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
                 with:
                     username: ${{ secrets.DOCKER_HUB_USER }}
                     password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
             -   name: Build and push
-                uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 #v5.1
+                uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
                 with:
                     context: ./backend
                     file: ./backend/Dockerfile
@@ -86,7 +86,7 @@ jobs:
             # https://github.com/peter-evans/dockerhub-description
             -   name: Update Docker Hub description
                 if: github.event_name != 'pull_request'
-                uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 #v3.4.2
+                uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2
                 with:
                     username: ${{ secrets.DOCKER_HUB_USER }}
                     password: ${{ secrets.DOCKER_HUB_TOKEN }}

.github/workflows/build-image-frontend.yml

@@ -49,12 +49,12 @@ jobs:
 
         steps:
             -   name: Checkout
-                uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+                uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
             # Create SemVer or ref tags dependent of trigger event
             -   name: Docker meta
                 id: meta
-                uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0
+                uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
                 with:
                     images: |
                         ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
@@ -69,13 +69,13 @@ jobs:
 
             -   name: DockerHub login
                 if: github.event_name != 'pull_request'
-                uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
+                uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
                 with:
                     username: ${{ secrets.DOCKER_HUB_USER }}
                     password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
             -   name: Build and push
-                uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 #v5.1
+                uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
                 with:
                     context: ./frontend
                     file: ./frontend/Dockerfile
@@ -86,7 +86,7 @@ jobs:
             # https://github.com/peter-evans/dockerhub-description
             -   name: Update Docker Hub description
                 if: github.event_name != 'pull_request'
-                uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 #v3.4.2
+                uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2
                 with:
                     username: ${{ secrets.DOCKER_HUB_USER }}
                     password: ${{ secrets.DOCKER_HUB_TOKEN }}

.github/workflows/chart-release.yaml

@@ -32,7 +32,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout
-              uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+              uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
               with:
                   fetch-depth: 0
 
@@ -42,11 +42,11 @@ jobs:
                   git config user.email "[email protected]"
 
             - name: Install Helm
-              uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 #v3.5
+              uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
               with:
                   version: v3.8.1
 
             - name: Run chart-releaser
-              uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 #v1.6.0
+              uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
               env:
                   CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/codeql.yml

@@ -65,7 +65,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/dash-dependency-check.yml

@@ -35,13 +35,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Run dash
         id: run-dash
         uses: eclipse-tractusx/sig-infra/.github/actions/run-dash@8ee6e411b82105c5f553a6115dd64fb9c6d4df2a #2023-11-17
         with:
-          dash_version: "1.0.2"
+          dash_version: "1.1.1"
           dash_input: "./frontend/package-lock.json"
           dependencies_file: "DEPENDENCIES_FRONTEND"
           fail_on_out_of_date: true
@@ -51,7 +51,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Set up JDK 17
         uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
@@ -66,7 +66,7 @@ jobs:
         id: run-dash
         uses: eclipse-tractusx/sig-infra/.github/actions/run-dash@8ee6e411b82105c5f553a6115dd64fb9c6d4df2a #2023-11-17
         with:
-          dash_version: "1.0.2"
+          dash_version: "1.1.1"
           dash_input: "./backend/maven.dependencies"
           dependencies_file: "DEPENDENCIES_BACKEND"
           fail_on_out_of_date: true

.github/workflows/helm-test.yml

@@ -53,46 +53,46 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             -   name: Checkout
-                uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+                uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
                 with:
                     fetch-depth: 0
 
             -   name: Kubernetes KinD Cluster
-                uses: container-tools/kind-action@7075d1458484493c6a92d4604cb27b87de0f8107 #v2.2
+                uses: container-tools/kind-action@0ad70e2299366b0e1552c7240f4e4567148f723e # v2.0.4
                 with:
                     # upgrade version, default (v0.17.0) uses node image v1.21.1 and doesn't work with more recent node image versions
                     version: v0.20.0
                     # default value for event_name != workflow_dispatch
                     node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }}
 
             -   name: Build Frontend image
-                uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 #v5.1
+                uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
                 with:
                     context: ./frontend
                     file: ./frontend/Dockerfile
                     push: true
                     tags: ${{ env.REGISTRY }}/${{ env.APP_FRONTEND_NAME }}:${{ env.TAG }}
 
             -   name: Build Backend image
-                uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 #v5.1
+                uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
                 with:
                     context: ./backend
                     file: ./backend/Dockerfile
                     push: true
                     tags: ${{ env.REGISTRY }}/${{ env.APP_BACKEND_NAME }}:${{ env.TAG }}
 
             -   name: Set up Helm
-                uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 #v3.5
+                uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
                 with:
                     version: ${{ github.event.inputs.helm_version || 'latest' }}
 
-            -   uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c #v5.0.0
+            -   uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
                 with:
                     python-version: '3.9'
                     check-latest: true
 
             -   name: Set up chart-testing
-                uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 #v2.6.1
+                uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
 
             -   name: Run chart-testing (list-changed)
                 id: list-changed

.github/workflows/kics.yml

@@ -47,7 +47,7 @@ jobs:
       security-events: write
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: KICS scan
         uses: checkmarx/kics-github-action@8a44970e3d2eca668be41abe9d4e06709c3b3609 # v1.7.0

.github/workflows/render-puml-to-svg.yml

@@ -42,7 +42,7 @@ jobs:
     needs: render-images
     steps:
       - name: checkout source repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: download generated svg file from job before
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
         id: download

.github/workflows/trivy.yml

@@ -37,10 +37,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # v0.14.0
+        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0
         with:
           image-ref: "tractusx/app-puris-frontend:latest"
           format: "sarif"