camunda · renovate · Nov 16, 2024
diff --git a/.github/actions/generate-chart-matrix/action.yml b/.github/actions/generate-chart-matrix/action.yml
@@ -13,7 +13,7 @@ runs:
   steps:
     - name: Get changed dirs
       id: changed-files
-      uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c # v45
+      uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45
       with:
         dir_names: "true"
     - name: Generate matrix

diff --git a/.github/actions/gke-login/action.yml b/.github/actions/gke-login/action.yml
@@ -22,18 +22,18 @@ runs:
   steps:
   - name: Authenticate to Google Cloud - Workload Identity
     if: ${{ inputs.auth-method == 'workload-identity' }}
-    uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2
+    uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2
     with:
       token_format: 'access_token'
       workload_identity_provider: ${{ inputs.workload-identity-provider }}
       service_account: ${{ inputs.service-account }}
   - name: Authenticate to Google Cloud - Service Account Key
     if: ${{ inputs.auth-method == 'credentials-json' }}
-    uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2
+    uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2
     with:
       credentials_json: '${{ inputs.credentials-json }}'
   - name: Get GKE credentials
-    uses: google-github-actions/get-gke-credentials@6051de21ad50fbb1767bc93c11357a49082ad116 # v2
+    uses: google-github-actions/get-gke-credentials@206d64b64b0eba0a6e2f25113d044c31776ca8d6 # v2
     with:
       cluster_name: ${{ inputs.cluster-name }}
       location: ${{ inputs.cluster-location }}

diff --git a/.github/workflows/chart-public-files.yaml b/.github/workflows/chart-public-files.yaml
@@ -23,10 +23,10 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           ref: gh-pages
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           path: main
       - name: Copy files

diff --git a/.github/workflows/chart-release-chores.yml b/.github/workflows/chart-release-chores.yml
@@ -33,7 +33,7 @@ jobs:
           app_id: ${{ secrets.GH_APP_ID_DISTRO_CI }}
           private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }}
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
@@ -49,7 +49,7 @@ jobs:
       - name: Add Helm repos
         run: |
           make helm.repos-add
-      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
         with:
           path: |
             ~/.cache/go-build

diff --git a/.github/workflows/chart-release-template.yaml b/.github/workflows/chart-release-template.yaml
@@ -71,7 +71,7 @@ jobs:
       CHART_NAME: "camunda-platform"
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
           ref: ${{ inputs.branch }}
@@ -132,7 +132,7 @@ jobs:
       # Security signature.
       - name: Install Cosign CLI
         if: env.PUBLISH_ARTIFACT == 'true'
-        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
       - name: Sign Helm chart with Cosign
         if: env.PUBLISH_ARTIFACT == 'true'
         run: |
@@ -154,7 +154,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Install ORAS CLI
         if: env.PUBLISH_ARTIFACT == 'true'
-        uses: oras-project/setup-oras@ca28077386065e263c03428f4ae0c09024817c93 # v1
+        uses: oras-project/setup-oras@9c92598691bfef1424de2f8fae81941568f5889c # v1
       - name: Upload Helm chart Cosign bundle
         if: env.PUBLISH_ARTIFACT == 'true'
         run: |

diff --git a/.github/workflows/chart-release-update-config.yml b/.github/workflows/chart-release-update-config.yml
@@ -27,7 +27,7 @@ jobs:
           app_id: ${{ secrets.GH_APP_ID_DISTRO_CI }}
           private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }}
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
           token: ${{ steps.generate-github-token.outputs.token }}

diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml
@@ -29,7 +29,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
       - name: Install env dependencies
@@ -45,7 +45,7 @@ jobs:
           done
           echo "Dev comments removed:"
           git --no-pager diff
-      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
         with:
           path: |
             ~/.cache/go-build
@@ -73,7 +73,7 @@ jobs:
           chartPath="$(ct list-changed | tr '\n' ' ')" \
             make helm.dependency-update
       - name: cosign-installer
-        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
       - name: Tidy up
         run: |
           # Clean up badges from readme to avoid showing them in Artifact Hub.
@@ -171,7 +171,7 @@ jobs:
       issues: write
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           # The verification step happens in the release branch before merging into the "main" branch.
           fetch-depth: 0

diff --git a/.github/workflows/chart-update-readme-and-golden-files.yaml b/.github/workflows/chart-update-readme-and-golden-files.yaml
@@ -51,7 +51,7 @@ jobs:
           app_id: ${{ secrets.GH_APP_ID_DISTRO_CI }}
           private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }}
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
@@ -68,7 +68,7 @@ jobs:
       - name: Add Helm repos
         run: |
           make helm.repos-add
-      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
         with:
           path: |
             ~/.cache/go-build

diff --git a/.github/workflows/chart-validate-template.yaml b/.github/workflows/chart-validate-template.yaml
@@ -36,7 +36,7 @@ jobs:
           echo "${GITHUB_CONTEXT}"
       # Checkout.
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
           ref: "${{ inputs.camunda-helm-git-ref }}"
@@ -51,7 +51,7 @@ jobs:
         run: |
           echo "check-version-increment: false" >> .github/config/chart-testing.yaml
       # Dependencies.
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
         with:
           python-version: 3.7
       - name: Install dependencies

diff --git a/.github/workflows/renovate-config-check.yaml b/.github/workflows/renovate-config-check.yaml
@@ -17,7 +17,7 @@ jobs:
     name: Check renovate config 
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
     - name: Validate renovate config
       uses: docker://renovate/renovate
       with:

diff --git a/.github/workflows/renovate-post-upgrade.yaml b/.github/workflows/renovate-post-upgrade.yaml
@@ -31,7 +31,7 @@ jobs:
         with:
           app_id: ${{ secrets.GH_APP_ID_DISTRO_CI }}
           private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }}
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           token: '${{ steps.generate-github-token.outputs.token }}'
           repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -44,7 +44,7 @@ jobs:
         run: npm install -g @bitnami/readme-generator-for-helm
       - name: Install dependencies
         uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
-      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
         with:
           path: |
             ~/.cache/go-build

diff --git a/.github/workflows/sec-codeql.yml b/.github/workflows/sec-codeql.yml
@@ -44,11 +44,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@3c13be0632d1e2a15d39da6ede780272c022b84f
+      uses: github/codeql-action/init@a1695c562bbfa68dc5ab58c9b5e9f616b52bf5be
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -62,7 +62,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@3c13be0632d1e2a15d39da6ede780272c022b84f
+      uses: github/codeql-action/autobuild@a1695c562bbfa68dc5ab58c9b5e9f616b52bf5be
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -75,6 +75,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@3c13be0632d1e2a15d39da6ede780272c022b84f
+      uses: github/codeql-action/analyze@a1695c562bbfa68dc5ab58c9b5e9f616b52bf5be
       with:
         category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/sec-scorecard.yml b/.github/workflows/sec-scorecard.yml
@@ -63,6 +63,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/test-integration-cleanup-template.yaml b/.github/workflows/test-integration-cleanup-template.yaml
@@ -54,7 +54,7 @@ jobs:
         - distro:
             if: false
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       with:
         # This is needed to load repo GH composite actions if the workflow triggered by workflow_call.
         repository: camunda/camunda-platform-helm

diff --git a/.github/workflows/test-integration-rosa-cleanup.yml b/.github/workflows/test-integration-rosa-cleanup.yml
@@ -27,13 +27,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           ref: ${{ github.head_ref }}
           fetch-depth: 0
 
       - name: Checkout Repository rosa modules
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           repository: "camunda/camunda-tf-rosa"
           ref: "main"

diff --git a/.github/workflows/test-integration-rosa-template.yaml b/.github/workflows/test-integration-rosa-template.yaml
@@ -65,7 +65,7 @@ jobs:
     outputs:
       platform-matrix: ${{ steps.matrix.outputs.platform-matrix }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
 
@@ -101,7 +101,7 @@ jobs:
         distro: ${{ fromJson(needs.clusters-info.outputs.platform-matrix).distro }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
 
@@ -112,7 +112,7 @@ jobs:
           aws configure set aws_access_key_id ${{ secrets.DISTRO_CI_AWS_ACCESS_KEY }} --profile=${{ secrets.DISTRO_CI_AWS_PROFILE }}
 
       - name: Create ROSA cluster and login
-        uses: camunda/camunda-tf-rosa/.github/actions/rosa-create-cluster@d0471d28cb3eb13cd2212b63cc8e50d457d829c4 # main
+        uses: camunda/camunda-tf-rosa/.github/actions/rosa-create-cluster@e0020480a5c07f33569ec744723de897f6e4a215 # main
         timeout-minutes: 125
         env:
           AWS_PROFILE: ${{ secrets.DISTRO_CI_AWS_PROFILE }}
@@ -135,7 +135,7 @@ jobs:
           private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }}
 
       - name: Clone the distribution GitOps repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           repository: "camunda/distribution"
           ref: "main"
@@ -281,7 +281,7 @@ jobs:
           aws configure set aws_access_key_id ${{ secrets.DISTRO_CI_AWS_ACCESS_KEY }} --profile=${{ secrets.DISTRO_CI_AWS_PROFILE }}
 
       - name: Delete on-demand ROSA HCP Cluster
-        uses: camunda/camunda-tf-rosa/.github/actions/rosa-delete-cluster@d0471d28cb3eb13cd2212b63cc8e50d457d829c4 # main
+        uses: camunda/camunda-tf-rosa/.github/actions/rosa-delete-cluster@e0020480a5c07f33569ec744723de897f6e4a215 # main
         if: always()
         timeout-minutes: 125
         env:

diff --git a/.github/workflows/test-integration-template.yaml b/.github/workflows/test-integration-template.yaml
@@ -110,7 +110,7 @@ jobs:
     outputs:
       matrix: ${{ steps.generate-workflow-matrix.outputs.matrix }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           # This is needed if the workflow is triggered by workflow_call.
           repository: camunda/camunda-platform-helm
@@ -160,7 +160,7 @@ jobs:
           echo "${GITHUB_CONTEXT}" | jq '."extra-values" = "<Check below>"'
           echo "Workflow Inputs - Extra Values:"
           echo "${GITHUB_CONTEXT}" | jq -r '."extra-values"'
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           # This is needed to load repo GH composite actions if the workflow triggered by workflow_call.
           repository: camunda/camunda-platform-helm

diff --git a/.github/workflows/test-unit-template.yml b/.github/workflows/test-unit-template.yml
@@ -30,7 +30,7 @@ jobs:
     outputs:
       unitTestMatrix: ${{ steps.test-type-vars.outputs.unitTestMatrix }}
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       with:
         ref: "${{ inputs.camunda-helm-git-ref }}"
     - name: Get CI unit test matrix
@@ -57,10 +57,10 @@ jobs:
       run: |
         echo "Workflow Inputs:"
         echo "${GITHUB_CONTEXT}"
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
     - name: Install env dependencies
       uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
-    - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+    - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
       with:
         path: |
           ~/.cache/go-build

diff --git a/.github/workflows/test-version-maintenance.yaml b/.github/workflows/test-version-maintenance.yaml
@@ -30,7 +30,7 @@ jobs:
     outputs:
       matrix: ${{ steps.generate-chart-versions.outputs.matrix }}
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
     - name: Generate chart versions
       id: generate-chart-versions
       uses: ./.github/actions/generate-chart-matrix