deps: update github actions (major)

.github/actions/deploy-keptn-on-cluster/action.yml

@@ -30,15 +30,15 @@
   using: "composite"
   steps:
     - name: Set up Go 1.x
-      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
+      uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
       with:
         go-version: ${{ env.GO_VERSION }}
         cache: true
         cache-dependency-path: '**/go.sum'
         check-latest: true
 
     - name: Download artifacts
-      uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4
+      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
       with:
         path: ~/download/artifacts
 
@@ -98,7 +98,7 @@
 
         cd .github/actions/deploy-keptn-on-cluster
 
         export TAG=${{ inputs.runtime_tag }}
         envsubst < values/${{ inputs.values-file }} > tmp.yaml
 
         echo "installing with values.yaml file:"

.github/workflows/CI.yaml

@@ -17,7 +17,7 @@
       - ".github/actions/spelling/*"
 
 # Declare default permissions as read only.
 permissions: read-all
 
 env:
   GO_VERSION: "~1.23"
@@ -42,7 +42,7 @@
 
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Extract branch name
         id: extract_branch
@@ -88,10 +88,10 @@
             folder: "keptn-cert-manager/"
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Go 1.x
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true
@@ -103,7 +103,7 @@
         run: make unit-test
 
       - name: Report code coverage
-        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         with:
           flags: ${{ matrix.config.name }}
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -135,7 +135,7 @@
             folder: "keptn-cert-manager/"
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Cache build tools
         id: cache-build-tools
@@ -146,10 +146,10 @@
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
 
       - name: Build Docker Image
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
         with:
           context: ${{ matrix.config.folder }}
           platforms: linux/amd64,linux/arm64
@@ -168,7 +168,7 @@
           outputs: type=oci,dest=/tmp/${{ matrix.config.name }}-image.tar
 
       - name: Upload image as artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: ${{ matrix.config.name }}-image.tar
           path: /tmp/${{ matrix.config.name }}-image.tar
@@ -184,7 +184,7 @@
         run: echo "" > tag
 
       - name: Upload tag for tests
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: dev-${{ env.DATETIME }}
           path: tag
@@ -281,10 +281,10 @@
     runs-on: ubuntu-24.04
     steps:
       - name: Check out keptn repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Check out helm-charts repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           repository: 'keptn/lifecycle-toolkit-charts'
           path: ./helm-charts-repository
@@ -306,7 +306,7 @@
         run: rsync -av --delete --exclude='charts/*.tgz' ./${{ matrix.config.path }}/ ./helm-charts-repository/charts/${{ matrix.config.name }}/
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
         with:
           token: ${{ secrets.KEPTN_BOT_TOKEN }}
           path: ./helm-charts-repository

.github/workflows/component-test.yml

@@ -6,7 +6,7 @@
         required: false
 
 # Declare default permissions as read only.
 permissions: read-all
 
 env:
   GO_VERSION: "~1.23"
@@ -19,10 +19,10 @@
     runs-on: ubuntu-24.04
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Go 1.x
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true
@@ -34,7 +34,7 @@
         run: make component-test
 
       - name: Report code coverage
-        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         with:
           flags: component-tests
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/e2e-test.yml

@@ -8,7 +8,7 @@
         required: true
 
 # Declare default permissions as read only.
 permissions: read-all
 
 env:
   GO_VERSION: "~1.23"
@@ -27,7 +27,7 @@
             folder: "lifecycle-operator/"
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Setup cluster
         uses: ./.github/actions/deploy-keptn-on-cluster
@@ -45,7 +45,7 @@
 
       - name: Upload ${{ matrix.config.name }} cluster logs
         if: always()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: logs-e2e-tests-${{ matrix.config.name }}
           path: .github/scripts/logs

.github/workflows/golangci-lint.yml

@@ -17,7 +17,7 @@
       - "!docs/**"
 
 # Declare default permissions as read only.
 permissions: read-all
 
 env:
   # renovate: datasource=github-releases depName=golangci/golangci-lint
@@ -39,15 +39,15 @@
             folder: "keptn-cert-manager/"
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
+      - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
         with:
           go-version: ${{ env.GO_VERSION }}
           check-latest: true
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@4696ba8babb6127d732c3c6dde519db15edab9ea # v6
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9
         with:
           working-directory: ${{ matrix.config.folder }}
           version: ${{ env.GOLANGCI_LINT_VERSION }}

.github/workflows/htmltest.yaml

@@ -15,7 +15,7 @@
       - 'docs/**'
 
 # Declare default permissions as read only.
 permissions: read-all
 
 jobs:
   htmltest:
@@ -25,7 +25,7 @@
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: true
           fetch-depth: 0

.github/workflows/integration-test-component.yml

@@ -12,7 +12,7 @@
         required: true
 
 # Declare default permissions as read only.
 permissions: read-all
 
 env:
   GO_VERSION: "~1.23"
@@ -26,7 +26,7 @@
     runs-on: ubuntu-24.04
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Setup cluster
         uses: ./.github/actions/deploy-keptn-on-cluster
@@ -42,7 +42,7 @@
 
       - name: Run Integration Tests ${{ inputs.type }}
         working-directory: .
         run: make integration-test-${{ inputs.type }}
 
       - name: Create reports
         if: failure()
@@ -51,7 +51,7 @@
 
       - name: Upload cluster logs
         if: failure()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: logs-integration-tests-${{ inputs.type }}
           path: .github/scripts/logs

.github/workflows/integration-test.yml

@@ -12,7 +12,7 @@
         default: "cert_manager_io_off"
 
 # Declare default permissions as read only.
 permissions: read-all
 
 env:
   GO_VERSION: "~1.23"
@@ -26,7 +26,7 @@
     runs-on: ubuntu-24.04
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Setup cluster
         uses: ./.github/actions/deploy-keptn-on-cluster
@@ -52,7 +52,7 @@
 
       - name: Upload cluster logs
         if: failure()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: logs-integration-tests-${{ inputs.cert-manager-io-enabled }}
           path: .github/scripts/logs

.github/workflows/load-test.yml

@@ -8,7 +8,7 @@
         required: true
 
 # Declare default permissions as read only.
 permissions: read-all
 
 env:
   GO_VERSION: "~1.23"
@@ -24,7 +24,7 @@
     runs-on: ubuntu-24.04
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Cache build tools
         id: cache-build-tools
@@ -57,7 +57,7 @@
 
       - name: Upload results
         if: always()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: load-tests-results
           path: ./collected-metrics
@@ -69,7 +69,7 @@
 
       - name: Upload cluster logs
         if: failure()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: logs-load-tests
           path: .github/scripts/logs

.github/workflows/markdown-checks.yaml

@@ -19,7 +19,7 @@
       - 'metrics-operator/api/**'
 
 # Declare default permissions as read only.
 permissions: read-all
 
 env:
   GO_VERSION: "~1.23"
@@ -32,7 +32,7 @@
   markdown-link-check:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1
         with:
           config-file: '.github/mlc_config.json'
@@ -45,7 +45,7 @@
     runs-on: ubuntu-24.04
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Run TOC generation
         run: |
@@ -72,10 +72,10 @@
     runs-on: ubuntu-24.04
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Go 1.x
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
         with:
           go-version: ${{ env.GO_VERSION }}
           check-latest: true

.github/workflows/release-examples.yml

@@ -19,17 +19,17 @@
         required: false
 
 # Declare default permissions as read only.
 permissions: read-all
 
 jobs:
   release-examples:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Checkout examples repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           repository: keptn-sandbox/lifecycle-toolkit-examples
           path: ${{ inputs.examples_dir }}
@@ -47,7 +47,7 @@
 
       - name: Move old latest release examples folder
         if: ${{ fromJson(steps.latest_release.outputs.data).tag_name == inputs.tag_name }}
         run: cp -R ./examples/* "${{ inputs.examples_dir }}"
 
       - name: Push content
         if: inputs.dry_run != true

.github/workflows/release.yml

@@ -8,7 +8,7 @@
   workflow_dispatch:
 
     # Declare default permissions as read only.
 permissions: read-all
 
 defaults:
   run:
@@ -37,7 +37,7 @@
       BUILD_TIME: ${{ steps.get_datetime.outputs.BUILD_TIME }}
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Extract branch name
         id: extract_branch
@@ -77,7 +77,7 @@
 
       - name: Create release matrix
         id: build-matrix
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           CHANGED_ITEMS: ${{ steps.release.outputs.paths_released }}
           KEPTN_TAG: ${{ steps.release.outputs.tag_name }}
@@ -146,23 +146,23 @@
       DOCKER_BUILD_RECORD_UPLOAD: "false"
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: recursive
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
           registry: "ghcr.io"
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Cosign
-        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+        uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
 
       - name: Clean up image tag
         id: clean-image-tag
@@ -179,7 +179,7 @@
 
       - name: Build Docker Image
         id: docker_build_image
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
         with:
           context: ${{ matrix.config.folder }}
           platforms: linux/amd64,linux/arm64
@@ -234,7 +234,7 @@
             ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}
 
       - name: Upload verification log as artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: cosign-attest-verification-log
           path: ./cosign-attest-output.json

.github/workflows/scorecard.yml

@@ -16,7 +16,7 @@
       - "main"
 
 # Declare default permissions as read only.
 permissions: read-all
 
 jobs:
   analysis:
@@ -33,7 +33,7 @@
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -60,14 +60,14 @@
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
         with:
           sarif_file: results.sarif