From 6a3a5b980dd9bc29986c43b944bdf83d9ab14a50 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 16 Sep 2025 19:22:10 +0000 Subject: [PATCH 1/3] chore(deps): update github-actions deps --- .github/workflows/base-binary-release.yaml | 6 +++--- .github/workflows/base-ci-binary.yaml | 6 +++--- .github/workflows/base-ci-goreleaser.yaml | 2 +- .github/workflows/base-release.yaml | 12 ++++++------ .github/workflows/changelog.yml | 4 ++-- .github/workflows/ci.yaml | 2 +- .github/workflows/nightly-release.yaml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/update-version.yaml | 2 +- 9 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/base-binary-release.yaml b/.github/workflows/base-binary-release.yaml index 86e5420c2..66a8badb0 100644 --- a/.github/workflows/base-binary-release.yaml +++ b/.github/workflows/base-binary-release.yaml @@ -85,9 +85,9 @@ jobs: - name: Copy Dockerfile to Collector dependency directory run: cp cmd/${{ inputs.binary }}/Dockerfile ${{ inputs.dependency-target-folder }}/cmd/${{ inputs.binary }}/Dockerfile - - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 + - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - - uses: anchore/sbom-action/download-syft@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4 + - uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 with: @@ -98,7 +98,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.24" + go-version: "~1.25.0" - name: Log into Docker.io uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 diff --git a/.github/workflows/base-ci-binary.yaml b/.github/workflows/base-ci-binary.yaml index d7f329ca0..fcd28c3e7 100644 --- a/.github/workflows/base-ci-binary.yaml +++ b/.github/workflows/base-ci-binary.yaml @@ -44,9 +44,9 @@ jobs: - name: Copy Dockerfile to Core Repo directory run: cp cmd/${{ inputs.binary }}/Dockerfile ${{ inputs.dependency-target-folder }}/cmd/${{ inputs.binary }}/Dockerfile - - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 + - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - - uses: anchore/sbom-action/download-syft@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4 + - uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 with: @@ -57,7 +57,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.24" + go-version: "~1.25.0" - name: Check GoReleaser uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 diff --git a/.github/workflows/base-ci-goreleaser.yaml b/.github/workflows/base-ci-goreleaser.yaml index a3e70ba0f..d006860e9 100644 --- a/.github/workflows/base-ci-goreleaser.yaml +++ b/.github/workflows/base-ci-goreleaser.yaml @@ -93,7 +93,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.24" + go-version: "~1.25.0" check-latest: true - name: Create artifacts directory to store build artifacts diff --git a/.github/workflows/base-release.yaml b/.github/workflows/base-release.yaml index 22e27a996..714675356 100644 --- a/.github/workflows/base-release.yaml +++ b/.github/workflows/base-release.yaml @@ -71,9 +71,9 @@ jobs: with: fetch-depth: 0 - - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 + - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - - uses: anchore/sbom-action/download-syft@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4 + - uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 if: runner.os != 'Windows' @@ -95,7 +95,7 @@ jobs: - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.24" + go-version: "~1.25.0" check-latest: true - name: Set nightly enabled @@ -195,9 +195,9 @@ jobs: with: fetch-depth: 0 - - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 + - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - - uses: anchore/sbom-action/download-syft@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4 + - uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 if: runner.os != 'Windows' @@ -219,7 +219,7 @@ jobs: - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.24" + go-version: "~1.25.0" check-latest: true - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 45444ed59..582021c73 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -37,7 +37,7 @@ jobs: fetch-depth: 0 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.24" + go-version: "~1.25.0" cache: false - name: Cache Go id: go-cache @@ -89,7 +89,7 @@ jobs: - name: Link Checker if: ${{ !contains(github.event.pull_request.labels.*.name, 'dependencies') && !contains(github.event.pull_request.labels.*.name, 'Skip Changelog') && !contains(github.event.pull_request.title, '[chore]')}} id: lychee - uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 # v2.5.0 + uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2.6.1 with: args: "--verbose --no-progress ./changelog_preview.md --config .github/lychee.toml" failIfEmpty: false diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5322ae3fd..eb6435e57 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -36,7 +36,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.24" + go-version: "~1.25.0" check-latest: true - name: Tidy go.mod files diff --git a/.github/workflows/nightly-release.yaml b/.github/workflows/nightly-release.yaml index c9772ffae..3fb76204c 100644 --- a/.github/workflows/nightly-release.yaml +++ b/.github/workflows/nightly-release.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: otelbot-token with: app-id: ${{ vars.OTELBOT_COLLECTOR_RELEASES_APP_ID }} diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 14068035a..a587d4dc9 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -42,6 +42,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 + uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 with: sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/update-version.yaml b/.github/workflows/update-version.yaml index b4713bca3..9e9514b23 100644 --- a/.github/workflows/update-version.yaml +++ b/.github/workflows/update-version.yaml @@ -27,7 +27,7 @@ jobs: pull-requests: write # required for creating PR steps: - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: otelbot-token with: app-id: ${{ vars.OTELBOT_COLLECTOR_RELEASES_APP_ID }} From db8b6d8da90e168a6e8e9f3e88c1912c45e0ed85 Mon Sep 17 00:00:00 2001 From: Moritz Wiesinger Date: Wed, 17 Sep 2025 08:11:51 +0200 Subject: [PATCH 2/3] Revert Go 1.25 upgrade --- .github/workflows/base-binary-release.yaml | 2 +- .github/workflows/base-ci-binary.yaml | 2 +- .github/workflows/base-ci-goreleaser.yaml | 2 +- .github/workflows/base-release.yaml | 2 +- .github/workflows/changelog.yml | 2 +- .github/workflows/ci.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/base-binary-release.yaml b/.github/workflows/base-binary-release.yaml index 66a8badb0..8299321c1 100644 --- a/.github/workflows/base-binary-release.yaml +++ b/.github/workflows/base-binary-release.yaml @@ -98,7 +98,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.25.0" + go-version: "~1.24" - name: Log into Docker.io uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 diff --git a/.github/workflows/base-ci-binary.yaml b/.github/workflows/base-ci-binary.yaml index fcd28c3e7..fc9c2a13e 100644 --- a/.github/workflows/base-ci-binary.yaml +++ b/.github/workflows/base-ci-binary.yaml @@ -57,7 +57,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.25.0" + go-version: "~1.24" - name: Check GoReleaser uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 diff --git a/.github/workflows/base-ci-goreleaser.yaml b/.github/workflows/base-ci-goreleaser.yaml index d006860e9..a3e70ba0f 100644 --- a/.github/workflows/base-ci-goreleaser.yaml +++ b/.github/workflows/base-ci-goreleaser.yaml @@ -93,7 +93,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.25.0" + go-version: "~1.24" check-latest: true - name: Create artifacts directory to store build artifacts diff --git a/.github/workflows/base-release.yaml b/.github/workflows/base-release.yaml index 714675356..1a65d72b9 100644 --- a/.github/workflows/base-release.yaml +++ b/.github/workflows/base-release.yaml @@ -95,7 +95,7 @@ jobs: - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.25.0" + go-version: "~1.24" check-latest: true - name: Set nightly enabled diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 582021c73..cda46e1f0 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -37,7 +37,7 @@ jobs: fetch-depth: 0 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.25.0" + go-version: "~1.24" cache: false - name: Cache Go id: go-cache diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index eb6435e57..5322ae3fd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -36,7 +36,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.25.0" + go-version: "~1.24" check-latest: true - name: Tidy go.mod files From c680860a7f7e0120be4a85d7b08414ee421ff308 Mon Sep 17 00:00:00 2001 From: Moritz Wiesinger Date: Wed, 17 Sep 2025 08:16:11 +0200 Subject: [PATCH 3/3] Revert Go 1.25 upgrade --- .github/workflows/base-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/base-release.yaml b/.github/workflows/base-release.yaml index 1a65d72b9..b557d0131 100644 --- a/.github/workflows/base-release.yaml +++ b/.github/workflows/base-release.yaml @@ -219,7 +219,7 @@ jobs: - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "~1.25.0" + go-version: "~1.24" check-latest: true - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0