From 5ba884d946a5aaada208a0d89a847a5279cd1fc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 10 May 2026 16:33:52 +0000 Subject: [PATCH 01/14] build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.3 to 4.35.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...68bde559dea0fdcac2102bfdf6230c5f70eb485e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/zizmor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 8b08911..4c0b71c 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -174,7 +174,7 @@ jobs: - name: Upload SARIF report if: ${{ always() && steps.zizmor.outputs.sarif-path != '' }} - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 with: sarif_file: ${{ steps.zizmor.outputs.sarif-path }} category: zizmor From 1318bd272b5342b6e2992f0bc5529fb59439857e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 May 2026 13:27:06 +0000 Subject: [PATCH 02/14] build(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 3.1.1 to 3.2.0. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/zizmor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 4c0b71c..c7337f7 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -81,7 +81,7 @@ jobs: name: Create GitHub App token id: app-token if: ${{ steps.github-app-auth.outputs.enabled == 'true' }} - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: client-id: ${{ inputs.github-app-client-id }} private-key: ${{ secrets.github-app-private-key }} From 89d33063a44f48b45df08267b670008ec6ca0ef6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 May 2026 19:34:28 +0000 Subject: [PATCH 03/14] build(deps): bump docker/login-action from 4.1.0 to 4.2.0 Bumps [docker/login-action](https://github.com/docker/login-action) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/.test.yml b/.github/workflows/.test.yml index 4e88721..7aa63e5 100644 --- a/.github/workflows/.test.yml +++ b/.github/workflows/.test.yml @@ -291,7 +291,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Login to Docker Hub - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} From 019230333aabebcfb1a11601d3077bf72e256753 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 May 2026 19:34:47 +0000 Subject: [PATCH 04/14] build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/.test.yml b/.github/workflows/.test.yml index 4e88721..291744a 100644 --- a/.github/workflows/.test.yml +++ b/.github/workflows/.test.yml @@ -146,7 +146,7 @@ jobs: uses: ./.github/actions/install-k3s - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 with: driver: kubernetes driver-opts: qemu.install=true From c8e3dffe7e96c781ede9ed8747e1aa9489b384ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 01:49:48 +0000 Subject: [PATCH 05/14] build(deps): bump actions/checkout from 6.0.2 to 6.0.3 Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/.test.yml | 14 +++++++------- .github/workflows/zizmor.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/.test.yml b/.github/workflows/.test.yml index 4e88721..0b99ce0 100644 --- a/.github/workflows/.test.yml +++ b/.github/workflows/.test.yml @@ -140,7 +140,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Install k3s uses: ./.github/actions/install-k3s @@ -168,7 +168,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ matrix.commit }} @@ -177,7 +177,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Run container run: | @@ -195,7 +195,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Run container run: | @@ -222,7 +222,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Run container run: | @@ -249,7 +249,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Init swarm run: | @@ -288,7 +288,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Login to Docker Hub uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 4c0b71c..c3d875a 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -53,7 +53,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - From de2b71ab55a24db63779b86f2ef7da9acb1b0698 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 01:51:03 +0000 Subject: [PATCH 06/14] build(deps): bump github/codeql-action from 4.35.4 to 4.36.1 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...87557b9c84dde89fdd9b10e88954ac2f4248e463) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/zizmor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 4c0b71c..d1cad2a 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -174,7 +174,7 @@ jobs: - name: Upload SARIF report if: ${{ always() && steps.zizmor.outputs.sarif-path != '' }} - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 with: sarif_file: ${{ steps.zizmor.outputs.sarif-path }} category: zizmor From e28ec54468f4843793aa59b1c4c7f8b4cf6ae50b Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 4 Jun 2026 18:55:29 +0200 Subject: [PATCH 07/14] container-logs-check: fix logs ordering --- .../actions/container-logs-check/action.yml | 88 +++++++++++++------ .github/workflows/.test.yml | 49 +++++++++-- 2 files changed, 106 insertions(+), 31 deletions(-) diff --git a/.github/actions/container-logs-check/action.yml b/.github/actions/container-logs-check/action.yml index 34a12bd..a8010b1 100644 --- a/.github/actions/container-logs-check/action.yml +++ b/.github/actions/container-logs-check/action.yml @@ -107,47 +107,85 @@ runs: const statusLabel = type === 'service' ? 'service' : 'container'; const statusCheck = type === 'service' ? checkServiceStatus : checkContainerStatus; const logArgs = type === 'service' ? ['service', 'logs', '-f', name] : ['logs', '-f', name]; - const childProcess = spawn('docker', logArgs); + const childProcess = spawn('sh', ['-c', 'exec docker "$@" 2>&1', 'docker', ...logArgs]); - let matchFound = false; + let settled = false; let intervalId; + let logBuffer = ''; + + function cleanup() { + clearInterval(intervalId); + clearTimeout(timeoutId); + childProcess.stdout.off('data', handleStdoutData); + childProcess.stdout.destroy(); + childProcess.kill(); + } + + function resolveOnce(message) { + if (settled) { + return; + } + settled = true; + cleanup(); + resolve(message); + } + + function rejectOnce(error) { + if (settled) { + return; + } + settled = true; + cleanup(); + reject(error); + } const timeoutId = setTimeout(() => { - if (!matchFound) { - clearInterval(intervalId); - childProcess.kill(); - reject(`String "${searchString}" not found in ${statusLabel} logs within ${timeout / 1000} seconds`); + if (!settled) { + rejectOnce(`String "${searchString}" not found in ${statusLabel} logs within ${timeout / 1000} seconds`); } }, timeout); async function checkTargetStatus() { const err = await statusCheck(name); if (err.length > 0) { - clearInterval(intervalId); - clearTimeout(timeoutId); - childProcess.kill(); - reject(err); + rejectOnce(err); } } - const handleStreamData = async (streamData) => { - const lines = streamData.toString().split('\n'); - for (const line of lines) { - if (line.trim() !== '') { - core.info(line); - if (line.includes(searchString)) { - matchFound = true; - clearInterval(intervalId); - clearTimeout(timeoutId); - childProcess.kill(); - resolve(`🎉 Found "${searchString}" in ${statusLabel} logs`); - } + function handleLogLine(line) { + if (settled) { + return; + } + if (line.trim() !== '') { + core.info(line); + if (line.includes(searchString)) { + resolveOnce(`🎉 Found "${searchString}" in ${statusLabel} logs`); } } - }; + } + + function handleStdoutData(streamData) { + logBuffer += streamData.toString(); + const lines = logBuffer.split('\n'); + logBuffer = lines.pop(); + for (const line of lines) { + handleLogLine(line.replace(/\r$/, '')); + } + } - childProcess.stdout.on('data', handleStreamData); - childProcess.stderr.on('data', handleStreamData); + childProcess.stdout.on('data', handleStdoutData); + childProcess.on('error', (err) => { + rejectOnce(`Failed to read ${statusLabel} logs: ${err.message}`); + }); + childProcess.on('close', () => { + if (logBuffer) { + handleLogLine(logBuffer.replace(/\r$/, '')); + logBuffer = ''; + } + if (!settled) { + rejectOnce(`Log stream closed before finding "${searchString}" in ${statusLabel} logs`); + } + }); intervalId = setInterval(checkTargetStatus, 5000); }); diff --git a/.github/workflows/.test.yml b/.github/workflows/.test.yml index 4e88721..81344a0 100644 --- a/.github/workflows/.test.yml +++ b/.github/workflows/.test.yml @@ -174,21 +174,50 @@ jobs: container-logs-check: runs-on: ubuntu-latest + services: + cloudflared: + image: crazymax/cloudflared:latest@sha256:9b4e856d18f6f6367330c56d91452f5fe3b6bd235f1210dcd9f6bd7373cad9be + options: >- + --label "diun.enable=true" + --label "diun.watch_repo=true" steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Run container + name: Create Diun config run: | - docker run -d --name test crazymax/samba:latest + cat > diun.yml <<'EOF' + watch: + workers: 20 + schedule: "0 */6 * * *" + jitter: 5m + + providers: + docker: + watchByDefault: true + EOF + - + name: Run Diun + run: | + docker run -d --name diun \ + --health-cmd "diun healthcheck" \ + --health-interval 30s \ + --health-timeout 5s \ + --health-retries 3 \ + --health-start-period 60s \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v "$(pwd)/diun.yml:/diun.yml:ro" \ + -e "TZ=Europe/Paris" \ + -e "LOG_LEVEL=info" \ + crazymax/diun:latest - name: Check container logs uses: ./.github/actions/container-logs-check with: - name: test - log_check: " started." - timeout: 20 + name: diun + log_check: "Next run in" + timeout: 240 container-logs-check-notfound: runs-on: ubuntu-latest @@ -257,7 +286,15 @@ jobs: - name: Run service run: | - docker service create --name test busybox sh -c "echo 'service ready' && sleep 600" + docker service create --name test busybox sh -c ' + i=1 + while [ "$i" -le 100 ]; do + echo "service log $i" + i=$((i + 1)) + done + echo "service ready" + sleep 600 + ' - name: Check service logs uses: ./.github/actions/container-logs-check From 760b78d263267c3040d1a12aaa6fd19336ed9f2e Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 4 Jun 2026 19:38:27 +0200 Subject: [PATCH 08/14] gotest-annotations: remove npm dependency --- .github/actions/gotest-annotations/action.yml | 67 ++++++++++--------- .github/workflows/.test.yml | 31 +++++++++ 2 files changed, 67 insertions(+), 31 deletions(-) diff --git a/.github/actions/gotest-annotations/action.yml b/.github/actions/gotest-annotations/action.yml index 5f02a47..1651b3d 100644 --- a/.github/actions/gotest-annotations/action.yml +++ b/.github/actions/gotest-annotations/action.yml @@ -7,29 +7,34 @@ inputs: description: 'Test reports dir' required: true +outputs: + annotations: + description: 'Number of test failure annotations emitted' + value: ${{ steps.annotate.outputs.annotations }} + runs: using: composite steps: - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 - with: - script: | - await core.group(`Install npm deps`, async () => { - await exec.exec('npm', ['install', 'line-by-line']); - }); - - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + id: annotate env: INPUT_DIRECTORY: ${{ inputs.directory }} with: script: | - const lineReader = require('line-by-line'); + const fs = require('fs'); + const readline = require('readline'); + const testRegex = /(\s*[\w\d]+.go:\d+:)(.*?)(---\sFAIL:.*)/gs; + let annotations = 0; let tests = {}; const globber = await glob.create(`${core.getInput('directory')}/**/*.json`); for await (const jsonReport of globber.globGenerator()) { - let lr = new lineReader(jsonReport); - lr.on('line', function(line) { + const reader = readline.createInterface({ + input: fs.createReadStream(jsonReport), + crlfDelay: Infinity + }); + for await (const line of reader) { const currentLine = JSON.parse(line); const testName = currentLine.Test; let output = currentLine.Output; @@ -47,25 +52,25 @@ runs: } else { tests[key].output += output; } - }); - lr.on('end', function() { - for (const [key, test] of Object.entries(tests)) { - if (!test.output.includes("FAIL") || !test.output.includes(".go")) { - continue; - } - var result; - while ((result = testRegex.exec(test.output)) !== null) { - const parts = result[0].split(":"); - const file = `${test.package}/${parts[0].trimStart()}`; - const lineNumber = parts[1]; - core.startGroup(key); - core.error(test.output, { - title: `Failed: ${key}`, - file: file, - startLine: lineNumber - }); - core.endGroup(); - } - } - }); + } + } + for (const [key, test] of Object.entries(tests)) { + if (!test.output.includes("FAIL") || !test.output.includes(".go")) { + continue; + } + var result; + while ((result = testRegex.exec(test.output)) !== null) { + const parts = result[0].split(":"); + const file = `${test.package}/${parts[0].trimStart()}`; + const lineNumber = parts[1]; + core.startGroup(key); + core.error(test.output, { + title: `Failed: ${key}`, + file: file, + startLine: lineNumber + }); + annotations++; + core.endGroup(); + } } + core.setOutput('annotations', annotations); diff --git a/.github/workflows/.test.yml b/.github/workflows/.test.yml index 2cb1e90..574a716 100644 --- a/.github/workflows/.test.yml +++ b/.github/workflows/.test.yml @@ -172,6 +172,37 @@ jobs: with: ref: ${{ matrix.commit }} + gotest-annotations: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - + name: Create test report + run: | + mkdir -p pkg/foo test-results + for _ in $(seq 1 12); do + echo "// fixture" + done > pkg/foo/foo_test.go + cat > test-results/report.json <<'EOF' + {"Action":"output","Package":"github.com/docker/example/pkg/foo","Test":"TestBroken","Output":" foo_test.go:12: expected ok\n"} + {"Action":"output","Package":"github.com/docker/example/pkg/foo","Test":"TestBroken","Output":"--- FAIL: TestBroken (0.00s)\n"} + EOF + - + name: Annotate failed tests + id: annotate + uses: ./.github/actions/gotest-annotations + with: + directory: test-results + - + name: Check annotations + run: | + if [ "${{ steps.annotate.outputs.annotations }}" != "1" ]; then + echo "::error::Expected 1 annotation, got ${{ steps.annotate.outputs.annotations }}" + exit 1 + fi + container-logs-check: runs-on: ubuntu-latest services: From 57d7527f41eae892286ab9eb5bed22a22bfb2d57 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 4 Jun 2026 19:43:02 +0200 Subject: [PATCH 09/14] releases-json: harden npm install --- .github/workflows/releases-json.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/releases-json.yml b/.github/workflows/releases-json.yml index 9b839c3..ff10be5 100644 --- a/.github/workflows/releases-json.yml +++ b/.github/workflows/releases-json.yml @@ -36,7 +36,18 @@ jobs: with: script: | await core.group(`Install npm deps`, async () => { - await exec.exec('npm', ['install', 'semver']); + await exec.exec('npm', [ + 'install', + '--loglevel=error', + '--no-save', + '--package-lock=false', + '--ignore-scripts', + '--omit=dev', + '--prefer-offline', + '--fund=false', + '--audit=false', + 'semver@7.8.2' + ]); }); - name: Generate From f4bb91c4afac439d440b8e716e57180c649c0430 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 4 Jun 2026 19:49:06 +0200 Subject: [PATCH 10/14] update Dependabot to scan composite actions --- .github/dependabot.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cbb7b00..41834f1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,7 +2,9 @@ version: 2 updates: - package-ecosystem: "github-actions" open-pull-requests-limit: 10 - directory: "/" + directories: + - "/" + - "/.github/actions/*" schedule: interval: "daily" cooldown: From 60fbf09f63f0f1bd3b2226f16b5f50ca72a7d5ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 17:52:21 +0000 Subject: [PATCH 11/14] build(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/container-logs-check/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/container-logs-check/action.yml b/.github/actions/container-logs-check/action.yml index a8010b1..9bd8e60 100644 --- a/.github/actions/container-logs-check/action.yml +++ b/.github/actions/container-logs-check/action.yml @@ -25,7 +25,7 @@ runs: using: composite steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: INPUT_NAME: ${{ inputs.name }} INPUT_TYPE: ${{ inputs.type }} From d4bd04fcf2815603001b1bc5bae0d8b08c99d7a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 17:52:24 +0000 Subject: [PATCH 12/14] build(deps): bump actions/github-script in /.github/actions/docker-scout Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/docker-scout/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/docker-scout/action.yml b/.github/actions/docker-scout/action.yml index 18b5890..11d2e63 100644 --- a/.github/actions/docker-scout/action.yml +++ b/.github/actions/docker-scout/action.yml @@ -24,7 +24,7 @@ runs: using: composite steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: run env: INPUT_VERSION: ${{ inputs.version }} From a48ea059e73fd7d0ae551e78c4ef0aad0d7138df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 17:52:27 +0000 Subject: [PATCH 13/14] build(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/gotest-annotations/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/gotest-annotations/action.yml b/.github/actions/gotest-annotations/action.yml index 1651b3d..addb5ea 100644 --- a/.github/actions/gotest-annotations/action.yml +++ b/.github/actions/gotest-annotations/action.yml @@ -16,7 +16,7 @@ runs: using: composite steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: annotate env: INPUT_DIRECTORY: ${{ inputs.directory }} From 13a632491649a2117fb6d68620dcee36c90a59f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 17:52:29 +0000 Subject: [PATCH 14/14] build(deps): bump actions/github-script in /.github/actions/install-k3s Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/install-k3s/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/install-k3s/action.yml b/.github/actions/install-k3s/action.yml index fa965f6..32b4681 100644 --- a/.github/actions/install-k3s/action.yml +++ b/.github/actions/install-k3s/action.yml @@ -12,7 +12,7 @@ runs: using: "composite" steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: INPUT_VERSION: ${{ inputs.version }} with: