Bump the actions group across 1 directory with 7 updates

Bumps the actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `4.1.1` | `5.6.1` | | [Azure/setup-helm](https://github.com/azure/setup-helm) | `3` | `4` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.9` | `2.2.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `5` | | [RoadieHQ/backstage-entity-validator](https://github.com/roadiehq/backstage-entity-validator) | `0.3.11` | `0.5.0` | | [sonarsource/sonarcloud-github-action](https://github.com/sonarsource/sonarcloud-github-action) | `3.0.0` | `4.0.0` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) Updates `docker/metadata-action` from 4.1.1 to 5.6.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v4.1.1...v5.6.1) Updates `Azure/setup-helm` from 3 to 4 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](Azure/setup-helm@v3...v4) Updates `softprops/action-gh-release` from 2.0.9 to 2.2.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@e7a8f85...7b4da11) Updates `codecov/codecov-action` from 4 to 5 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4...v5) Updates `RoadieHQ/backstage-entity-validator` from 0.3.11 to 0.5.0 - [Release notes](https://github.com/roadiehq/backstage-entity-validator/releases) - [Commits](RoadieHQ/backstage-entity-validator@v0.3.11...v0.5.0) Updates `sonarsource/sonarcloud-github-action` from 3.0.0 to 4.0.0 - [Release notes](https://github.com/sonarsource/sonarcloud-github-action/releases) - [Commits](SonarSource/sonarcloud-github-action@v3.0.0...v4.0.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: Azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: RoadieHQ/backstage-entity-validator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: sonarsource/sonarcloud-github-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
DiamondLightSource · Dec 19, 2024 · 4316def · 4316def
1 parent 21a6cf5
commit 4316def
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 10 deletions.
diff --git a/.github/workflows/_container.yml b/.github/workflows/_container.yml
@@ -57,7 +57,7 @@ jobs:
 
       - name: Create tags for publishing image
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v5.6.1
         with:
           images: ghcr.io/${{ github.repository }}
           tags: |
@@ -85,10 +85,10 @@ jobs:
     needs: build_container
     steps:
       - name: checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: install helm
-        uses: Azure/setup-helm@v3
+        uses: Azure/setup-helm@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
         id: install
@@ -98,7 +98,7 @@ jobs:
           echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea
+        uses: docker/metadata-action@906ecf0fc0a80f9110f79d9e6c04b1080f4a2621
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |

diff --git a/.github/workflows/_release.yml b/.github/workflows/_release.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Create GitHub Release
         # We pin to the SHA, not the tag, for security reasons.
         # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
-        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
+        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
         with:
           prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }}
           files: "*"

diff --git a/.github/workflows/_test.yml b/.github/workflows/_test.yml
@@ -54,7 +54,7 @@ jobs:
         run: tox -e tests
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           name: ${{ inputs.python-version }}/${{ inputs.runs-on }}
           files: cov.xml

diff --git a/.github/workflows/asyncapi.yml b/.github/workflows/asyncapi.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: check asyncapi.yaml file
         uses: WaleedAshraf/asyncapi-github-action@v0.0.10
         with:

diff --git a/.github/workflows/backstage.yml b/.github/workflows/backstage.yml
@@ -10,8 +10,8 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: check catalog-info.yaml file
-        uses: RoadieHQ/backstage-entity-validator@v0.3.11
+        uses: RoadieHQ/backstage-entity-validator@v0.5.0
         with:
           path: "./catalog-info.yaml"
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -21,7 +21,7 @@ jobs:
       - name: SonarCloud Scan
         # Skip SonarCloud Scan if the pull request is from a forked repository
         if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
-        uses: sonarsource/sonarcloud-github-action@v3.0.0
+        uses: sonarsource/sonarcloud-github-action@v4.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_ORG_KEY: ${{ secrets.SONAR_ORG_KEY }}