diff --git a/.github/workflows/check-actions.yaml b/.github/workflows/check-actions.yaml
index 4335d5c..3f256de 100644
--- a/.github/workflows/check-actions.yaml
+++ b/.github/workflows/check-actions.yaml
@@ -16,7 +16,7 @@ jobs:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Ensure SHA pinned actions
- uses: zgosalvez/github-actions-ensure-sha-pinned-actions@25ed13d0628a1601b4b44048e63cc4328ed03633 # v3.0.22
+ uses: zgosalvez/github-actions-ensure-sha-pinned-actions@4830be28ce81da52ec70d65c552a7403821d98d4 # v3.0.23
with:
# slsa-github-generator requires using a semver tag for reusable workflows.
# See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index fcc4179..d3a7821 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -29,11 +29,11 @@ jobs:
steps:
- name: Checkout Source
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+ - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
with:
go-version-file: 'go.mod'
- name: Run Gosec Security Scanner
- uses: securego/gosec@136f6c00402b11775d4f4a45d5a21e2f6dd99db2 # v2.22.2
+ uses: securego/gosec@955a68d0d19f4afb7503068f95059f7d0c529017 # v2.22.3
with:
args: '-no-fail -fmt sarif -out gosec.sarif ./...'
- name: Upload SARIF file
@@ -46,7 +46,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+ - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
with:
go-version-file: 'go.mod'
- name: Unit Test
@@ -58,7 +58,7 @@ jobs:
value: ${{ secrets.CODECOV_TOKEN }}
- name: Upload Report to Codecov
if: ${{ steps.checksecret.outputs.result == 'true' }}
- uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+ uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: projectcapsule/cortex-proxy
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 73aca1c..77db008 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -27,7 +27,7 @@ jobs:
- name: ko build
run: VERSION=${{ github.sha }} make ko-build-all
- name: Trivy Scan Image
- uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
+ uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # 0.30.0
with:
scan-type: 'fs'
ignore-unfixed: true
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 38a1b44..db7a379 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -26,7 +26,7 @@ jobs:
echo "Extracted version: $VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Install Cosign
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+ uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
- name: Publish with KO
id: publish
uses: peak-scale/github-actions/make-ko-publish@a441cca016861c546ab7e065277e40ce41a3eb84 # v0.2.0
diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml
index c95423f..bd57e46 100644
--- a/.github/workflows/helm-publish.yml
+++ b/.github/workflows/helm-publish.yml
@@ -15,7 +15,7 @@ jobs:
chart-digest: ${{ steps.helm_publish.outputs.digest }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+ - uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
- name: "Extract Version"
id: extract_version
run: |
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 02b2f68..4e479fc 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -25,7 +25,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+ - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
with:
go-version-file: 'go.mod'
- name: Run golangci-lint
diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml
index 5fac20e..83ca041 100644
--- a/.github/workflows/releaser.yml
+++ b/.github/workflows/releaser.yml
@@ -22,9 +22,9 @@ jobs:
- uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
- uses: anchore/sbom-action/download-syft@79202aee38a39bd2039be442e58d731b63baf740
- name: Install Cosign
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+ uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
- name: Run GoReleaser
- uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
+ uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
with:
version: latest
args: release --clean --timeout 90m
diff --git a/e2e/objects/distro/capsule.flux.yaml b/e2e/objects/distro/capsule.flux.yaml
index 7211c2d..8de66c3 100644
--- a/e2e/objects/distro/capsule.flux.yaml
+++ b/e2e/objects/distro/capsule.flux.yaml
@@ -19,7 +19,7 @@ spec:
chart:
spec:
chart: capsule
- version: "0.7.4"
+ version: "0.8.2"
sourceRef:
kind: HelmRepository
name: projectcapsule