chore(main): release syft-sbom-report 1.0.0

.github/workflows/build-trigger-argo-workflow.yaml

@@ -27,7 +27,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           check-latest: true
           cache-dependency-path: |

.github/workflows/check-for-non-releasable-actions.yaml

@@ -1,10 +1,6 @@
 name: Check for non-releasable actions
 on:
   pull_request:
-    paths:
-      - actions/
-      - .github/workflows/check-for-non-releasable-actions.yaml
-      - release-please-config.json
     types:
       - edited
       - opened
@@ -14,10 +10,6 @@ on:
   push:
     branches:
       - main
-    paths:
-      - actions/
-      - .github/workflows/check-for-non-releasable-actions.yaml
-      - release-please-config.json
 
 jobs:
   check-for-non-releasable-actions:
@@ -36,7 +28,7 @@ jobs:
             ./release-please-config.json
 
       - name: Check for non-releasable actions
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
         with:
           script: |
             const fs = require('fs/promises');

.github/workflows/codeql.yml

@@ -47,14 +47,14 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
           config: |
             paths-ignore: ${{ toJSON(matrix.paths-ignore) }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/lint-shared-workflows.yaml

@@ -46,7 +46,7 @@ jobs:
     runs-on: ubuntu-latest
 
     container:
-      image: mikefarah/yq:4.44.5@sha256:76963651c5b2450b40f912ef65083e60b31f2d27bd123fe71c3c0acd49aa9e72
+      image: mikefarah/yq:4.44.6@sha256:b1d117c609ba990436ad1649299e2f6c378f62cb562caf30b6f2fb6144713422
       # https://github.com/actions/checkout/issues/956
       options: --user root
 
@@ -61,7 +61,7 @@ jobs:
 
       - name: Restore github-action.json schema
         id: restore-schema
-        uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+        uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             github-action.json
@@ -108,7 +108,7 @@ jobs:
           GH_TOKEN: ${{ github.token }}
 
       - name: Save github-action.json schema to cache
-        uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+        uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         if: steps.download-schema.outputs.schema-changed == 'true'
         with:
           path: |

.github/workflows/publish-techdocs.yaml

@@ -121,12 +121,20 @@ jobs:
 
       # Pinning until resolved https://github.com/backstage/backstage/issues/25303
       - name: Install mkdocs and mkdocs plugins
-        run: python -m pip install mkdocs-techdocs-core==1.3.5
+        run: python -m pip install mkdocs-techdocs-core==1.3.5 mkdocs-github-admonitions-plugin==0.0.3
 
       - name: Generate docs site
         run: techdocs-cli generate --no-docker --verbose
         working-directory: ${{ inputs.default-working-directory }}
 
+      # Create an artifact out of the generated documentation so that it can be
+      # debugged if necessary:
+      - name: Create docs artifact
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        with:
+          name: site
+          path: site
+
       - name: Publish docs site
         if: inputs.publish
         run: techdocs-cli publish --publisher-type awsS3 --storage-name ${{ steps.instance-settings.outputs.aws-bucket }} --entity ${{ inputs.namespace }}/${{ inputs.kind }}/${{ inputs.name }}

.github/workflows/renovate.yml

@@ -55,17 +55,17 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
         with:
           app-id: ${{ env.GRAFANA_RENOVATE_APP_ID }}
           private-key: ${{ env.GRAFANA_RENOVATE_PRIVATE_KEY }}
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@757597d1bb6993c6406e207997a85f2b20ff39be # v41.0.4
+        uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8
         with:
           configurationFile: .github/renovate-config.json5
           # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
-          renovate-version: 39.28.0@sha256:7cf419a3177d4cff065f1fa589c80b603c80fa7c3e1792ef1bcad8267be67325
+          renovate-version: 39.91.0@sha256:60d04619493d43fe67d728121dfef56b893bf90695219d352e772e881403d158
           token: ${{ steps.generate-token.outputs.token }}
         env:
           LOG_LEVEL: ${{ github.event_name == 'pull_request' && 'debug' || 'info' }}

.github/workflows/test-setup-jrsonnet.yml

@@ -0,0 +1,63 @@
+name: Test Setup Jrsonnet
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - actions/setup-jrsonnet/**
+      - .github/workflows/test-setup-jrsonnet.yml
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - actions/setup-jrsonnet/**
+      - .github/workflows/test-setup-jrsonnet.yml
+    types:
+      - edited
+      - opened
+      - ready_for_review
+      - synchronize
+
+  merge_group:
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  setup-jrsonnet:
+    runs-on: ubuntu-latest
+    env:
+      # generate a unique cache prefix for each test run, so we can test cache behaviour
+      CACHE_PREFIX: jrsonnet-${{ github.run_id }}-${{ github.run_attempt }}
+
+    strategy:
+      matrix:
+        cache-hit: [false, true]
+      max-parallel: 1
+
+    name: "Setup Jrsonnet (cache hit: ${{ matrix.cache-hit }})"
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          sparse-checkout: |
+            actions/setup-jrsonnet
+
+      - name: "Setup Jrsonnet (cache: ${{ matrix.cache-hit }})"
+        id: setup-jrsonnet
+        uses: ./actions/setup-jrsonnet
+        with:
+          cache-prefix: ${{ env.CACHE_PREFIX }}
+          version: 0.5.0-pre96-test
+
+      - name: Assert cache
+        if: fromJson(steps.setup-jrsonnet.outputs.cache-hit) != matrix.cache-hit
+        run: |
+          echo "Expected cache hit: '${{ matrix.cache-hit }}' but got '${{ fromJson(steps.setup-jrsonnet.outputs.cache-hit) }}'"
+          exit 1
+
+      - name: Check Jrsonnet CLI works
+        run: jrsonnet --version

.github/workflows/test-techdocs-rewrite-relative-links.yaml

@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           check-latest: true
           go-version: "1.22.2"

.release-please-manifest.json

@@ -2,7 +2,7 @@
     "actions/lint-pr-title": "1.1.0",
     "actions/get-vault-secrets": "1.0.1",
     "actions/dockerhub-login": "1.0.0",
-    "actions/send-slack-message": "1.0.0",
+    "actions/send-slack-message": "2.0.0",
     "actions/push-to-gar-docker": "0.1.0",
     "actions/aws-auth": "1.0.0",
     "actions/build-push-to-dockerhub": "0.1.0",
@@ -13,5 +13,8 @@
     "actions/setup-argo": "1.0.0",
     "actions/generate-openapi-clients": "1.0.0",
     "actions/push-to-gcs": "0.1.0",
-    "actions/trigger-argo-workflow": "1.0.0"
+    "actions/techdocs-rewrite-relative-links": "1.0.0",
+    "actions/validate-policy-bot-config": "1.0.0",
+    "actions/trigger-argo-workflow": "1.0.0",
+    "actions/syft-sbom-report": "1.0.0"
 }

actions/build-push-to-dockerhub/action.yaml

@@ -86,7 +86,7 @@ runs:
       uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+      uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
       with:
         driver: ${{ inputs.docker-buildx-driver }}
 

actions/generate-openapi-clients/action.yaml

@@ -42,15 +42,15 @@ runs:
 
     # Get openapi-generator
     - id: openapi-generator-cache
-      uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+      uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       with:
         key: openapi-generator-${{ inputs.generator-version }}
         path: openapi-generator-cli.jar
     - shell: bash
       if: steps.openapi-generator-cache.outputs.cache-hit != 'true'
       run: |
         wget -nv "https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/${{ inputs.generator-version }}/openapi-generator-cli-${{ inputs.generator-version }}.jar" -O ./openapi-generator-cli.jar
-    - uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+    - uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       if: steps.openapi-generator-cache.outputs.cache-hit != 'true'
       with:
         key: openapi-generator-${{ inputs.generator-version }}

actions/get-vault-secrets/README.md

@@ -1,5 +1,8 @@
 # get-vault-secrets
 
+> [!NOTE]
+> If you are at Grafana Labs, follow these steps in the [internal documentation](https://enghub.grafana-ops.net/docs/default/component/deployment-tools/platform/vault/#ci-secrets) for the paths where this workflow can read secrets from.
+
 From a `grafana/` org repository, get a secret from the Grafana vault instance.
 The secret format is defined here: <https://github.com/hashicorp/vault-action>
 

actions/lint-pr-title/README.md

@@ -69,6 +69,8 @@ the [`commitlint.config.js` file located in this directory][config].
 In this example the `commitlint.config.js` file is located in the root directory
 of the project which is being linted.
 
+<!-- x-release-please-start-version -->
+
 ```yml
 name: Lint PR title
 
@@ -84,7 +86,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - id: lint-pr-title
-        uses: grafana/shared-workflows/actions/lint-pr-title@main
+        uses: grafana/shared-workflows/actions/lint-pr-title@lint-pr-title-v1.1.0
         with:
           config-path: "${{ github.workspace }}/commitlint.config.js"
           title-only: false
@@ -103,5 +105,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: lint-pr-title
-        uses: grafana/shared-workflows/actions/lint-pr-title@main
+        uses: grafana/shared-workflows/actions/lint-pr-title@lint-pr-title-v1.1.0
 ```
+
+<!-- x-release-please-end-version -->

actions/lint-pr-title/package.json

@@ -25,26 +25,26 @@
     "@commitlint/config-conventional": "19.6.0",
     "@commitlint/format": "19.5.0",
     "@commitlint/lint": "19.6.0",
-    "@commitlint/load": "19.5.0",
-    "@octokit/core": "6.1.2",
-    "@octokit/graphql": "8.1.1",
+    "@commitlint/load": "19.6.1",
+    "@octokit/core": "6.1.3",
+    "@octokit/graphql": "8.1.2",
     "tmp": "0.2.3"
   },
   "devDependencies": {
     "@commitlint/types": "19.5.0",
-    "@eslint/js": "9.15.0",
+    "@eslint/js": "9.17.0",
     "@octokit/types": "13.6.2",
     "@octokit/webhooks-types": "7.6.1",
-    "@types/bun": "1.1.14",
+    "@types/bun": "1.1.15",
     "@types/eslint__js": "8.42.3",
     "@types/tmp": "0.2.6",
-    "eslint": "9.15.0",
+    "eslint": "9.17.0",
     "eslint-config-prettier": "9.1.0",
-    "eslint-plugin-jest": "28.9.0",
+    "eslint-plugin-jest": "28.10.0",
     "eslint-plugin-prettier": "5.2.1",
-    "prettier": "3.4.1",
+    "prettier": "3.4.2",
     "typescript": "5.7.2",
-    "typescript-eslint": "8.16.0"
+    "typescript-eslint": "8.19.1"
   },
   "packageManager": "[email protected]"
 }

actions/push-to-gar-docker/README.md

@@ -1,5 +1,8 @@
 # push-to-gar-docker
 
+> [!NOTE]
+> If you are at Grafana Labs, follow these steps in the [internal documentation](https://enghub.grafana-ops.net/docs/default/component/deployment-tools/platform/continuous-integration/google-artifact-registry/) to set up a repository before using this action.
+
 This is a composite GitHub Action, used to push docker images to Google Artifact Registry (GAR).
 It uses [OIDC authentication](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
 which means that only workflows which get triggered based on certain rules can

actions/push-to-gar-docker/action.yaml

@@ -132,6 +132,7 @@ runs:
         echo "project=${PROJECT}" | tee -a ${GITHUB_OUTPUT}
 
     - name: Login to GAR
+      if: ${{ inputs.push == 'true' }}
       uses: ./shared-workflows/actions/login-to-gar
       with:
         environment: ${{ inputs.environment }}
@@ -144,7 +145,7 @@ runs:
         tags: ${{ inputs.tags }}
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+      uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
       with:
         driver: ${{ inputs.docker-buildx-driver }}
 

actions/push-to-gcs/README.md

@@ -1,5 +1,8 @@
 # push-to-gcs
 
+> [!NOTE]
+> If you are at Grafana Labs, follow these steps in the [internal documentation](https://enghub.grafana-ops.net/docs/default/component/deployment-tools/platform/continuous-integration/google-artifact-registry/) to set up a GCS bucket before using this action.
+
 This is a composite GitHub Action, used to push objects to a bucket in Google Cloud Storage (GCS).
 It uses [OIDC authentication](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
 which means that only workflows which get triggered based on certain rules can

actions/send-slack-message/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## [2.0.0](https://github.com/grafana/shared-workflows/compare/send-slack-message-v1.0.0...send-slack-message-v2.0.0) (2024-12-17)
+
+### BREAKING CHANGE
+
+* **deps:** update slackapi/slack-github-action action to v2 ([#534](https://github.com/grafana/shared-workflows/issues/534)) ([338682a](https://github.com/grafana/shared-workflows/commit/338682acb95238001a1ea995e660d229e78d4e20))
+
+### 🔧 Miscellaneous Chores
+
+* update readme when a new release is available ([#548](https://github.com/grafana/shared-workflows/issues/548)) ([9bf9163](https://github.com/grafana/shared-workflows/commit/9bf9163126c44247bcee6b6b9390eb488f9ead53))
+
 ## 1.0.0 (2024-11-26)