Bump the actions group across 1 directory with 8 updates (#5548)

Bumps the actions group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.2` | `2.1.3` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.19.0` | `0.20.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.3` | `3.25.5` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.3.1` | `4.4.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5.0.0` | `5.1.0` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.0.0` | `6.0.1` |
| [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.45.0` | `1.46.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.3.3` |



Updates `google-github-actions/auth` from 2.1.2 to 2.1.3
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/auth@55bd3a7...71fee32)

Updates `aquasecurity/trivy-action` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@d710430...b2933f5)

Updates `github/codeql-action` from 3.25.3 to 3.25.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@d39d31e...b7cec75)

Updates `codecov/codecov-action` from 4.3.1 to 4.4.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@5ecb98a...6d79887)

Updates `goreleaser/goreleaser-action` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@7ec5c2b...5742e2a)

Updates `golangci/golangci-lint-action` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@23faadf...a4f60bb)

Updates `reviewdog/action-actionlint` from 1.45.0 to 1.46.0
- [Release notes](https://github.com/reviewdog/action-actionlint/releases)
- [Commits](reviewdog/action-actionlint@51bfb04...89a03f6)

Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@0864cf1...dc50aa9)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: reviewdog/action-actionlint
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jakub Jarosz <[email protected]>

.github/workflows/build-base-images.yml

@@ -64,7 +64,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -130,7 +130,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -205,7 +205,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/build-oss.yml

@@ -103,7 +103,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -224,7 +224,7 @@ jobs:
  if: ${{ github.ref_type == 'tag' && contains(inputs.image, 'ubi') }}
 
  - name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+ uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0
  continue-on-error: true
  with:
  image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
@@ -233,7 +233,7 @@ jobs:
  ignore-unfixed: "true"
 
  - name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
  continue-on-error: true
  with:
  sarif_file: "trivy-results-${{ inputs.image }}.sarif"

.github/workflows/build-plus.yml

@@ -74,7 +74,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -254,7 +254,7 @@ jobs:
  if: ${{ inputs.publish-image }}
 
  - name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+ uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0
  continue-on-error: true
  with:
  image-ref: ${{ steps.trivy-tag.outputs.tag }}
@@ -264,7 +264,7 @@ jobs:
  if: ${{ inputs.publish-image }}
 
  - name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
  continue-on-error: true
  with:
  sarif_file: "trivy-results-${{ inputs.image }}.sarif"

.github/workflows/build-test-image.yml

@@ -35,7 +35,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/ci.yml

@@ -155,7 +155,7 @@ jobs:
  run: make cover
  if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }}
  - name: Upload coverage to Codecov
- uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
+ uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0
  with:
  files: ./coverage.txt
  token: ${{ secrets.CODECOV_TOKEN }} # required
@@ -227,7 +227,7 @@ jobs:
  if: github.ref_type == 'tag'
 
  - name: Build binaries
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+ uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
  with:
  version: latest
  args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' || '' }} --clean
@@ -298,7 +298,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -433,7 +433,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -501,7 +501,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/codeql-analysis.yml

@@ -70,7 +70,7 @@ jobs:
 
  # Initializes the CodeQL tools for scanning.
  - name: Initialize CodeQL
- uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
  with:
  languages: ${{ matrix.language }}
  # If you wish to specify custom queries, you can do so here or in a config file.
@@ -89,7 +89,7 @@ jobs:
  # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
  # If this step fails, then you should remove it and run the build manually (see below)
  - name: Autobuild
- uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
 
  # ℹ️ Command-line programs to run using the OS shell.
  # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -102,6 +102,6 @@ jobs:
  # ./location_of_script_within_repo/buildscript.sh
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
  with:
  category: "/language:${{matrix.language}}"

.github/workflows/lint-format.yml

@@ -52,7 +52,7 @@ jobs:
  go-version-file: go.mod
 
  - name: Lint Code
- uses: golangci/golangci-lint-action@23faadfdeb23a6f9e511beaba149bb123b5b145a # v6.0.0
+ uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
  with:
  only-new-issues: true
 
@@ -63,7 +63,7 @@ jobs:
  - name: Checkout Repository
  uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
- - uses: reviewdog/action-actionlint@51bfb044ddaed55059d16f14daedbe05a9937dc1 # v1.45.0
+ - uses: reviewdog/action-actionlint@89a03f6ba8c0a9fd238e82c075ffb34b86e40291 # v1.46.0
  with:
  actionlint_flags: -shellcheck ""
 

.github/workflows/oss-release.yml

@@ -81,7 +81,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -123,7 +123,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -176,7 +176,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -224,7 +224,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -273,7 +273,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/patch-image.yml

@@ -56,7 +56,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/plus-release.yml

@@ -81,7 +81,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -123,7 +123,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -180,15 +180,15 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-priv-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
  service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }}
 
  - name: Authenticate to Google Cloud Marketplace
  id: gcr-mktpl-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY_MKTPL }}
@@ -225,7 +225,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -275,7 +275,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/retag-images.yml

@@ -44,7 +44,7 @@ jobs:
 
  - name: Authenticate to Google Cloud
  id: gcr-auth
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
  with:
  token_format: access_token
  workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/scorecards.yml

@@ -34,7 +34,7 @@ jobs:
  persist-credentials: false
 
  - name: "Run analysis"
- uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+ uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
  with:
  results_file: results.sarif
  results_format: sarif
@@ -57,6 +57,6 @@ jobs:
 
  # Upload the results to GitHub's code scanning dashboard.
  - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
  with:
  sarif_file: results.sarif