build(deps): bump the ci group with 3 updates

Bumps the ci group with 3 updates: [Azure/login](https://github.com/azure/login), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `Azure/login` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/azure/login/releases) - [Commits](e15b166166...cb79c773a3) Updates `actions/upload-artifact` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](1eb3cb2b3e...694cdabd8b) Updates `anchore/sbom-action` from 0.15.3 to 0.15.4 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](c7f031d924...41f7a6c033) --- updated-dependencies: - dependency-name: Azure/login dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 2726da5b85)
2026-02-08 00:37:27 +00:00 · 2024-01-22 08:01:30 +00:00 · 2024-01-22 08:01:30 +00:00 · 384d472b40
commit 384d472b40
parent aabdd28d9d
6 changed files with 27 additions and 33 deletions
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@ -17,7 +17,7 @@ jobs:
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Create backport PRs
-        uses: korthout/backport-action@addffea45a2f0b5682f1d5ba0506f45bc18bf174 # v2.3.0
+        uses: korthout/backport-action@e8161d6a0dbfa2651b7daa76cbb75bc7c925bbf3 # v2.4.1
        # xref: https://github.com/korthout/backport-action#inputs
        with:
          # Use token to allow workflows to be triggered for the created PR
--- a/.github/workflows/e2e-arm64.yaml
+++ b/.github/workflows/e2e-arm64.yaml
@ -63,33 +63,6 @@ jobs:
          kubectl -n flux-system wait kustomization/tenants --for=condition=ready --timeout=5m
          kubectl -n apps wait kustomization/dev-team --for=condition=ready --timeout=1m
          kubectl -n apps wait helmrelease/podinfo --for=condition=ready --timeout=1m
-      - name: Run monitoring tests
-        # Keep this test in sync with https://fluxcd.io/flux/guides/monitoring/
-        env:
-          KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
-        run: |
-          ./bin/flux create source git flux-monitoring \
-          --interval=30m \
-          --url=https://github.com/fluxcd/flux2 \
-          --branch=${GITHUB_REF#refs/heads/}
-          ./bin/flux create kustomization kube-prometheus-stack \
-          --interval=1h \
-          --prune \
-          --source=flux-monitoring \
-          --path="./manifests/monitoring/kube-prometheus-stack" \
-          --health-check-timeout=5m \
-          --wait
-          ./bin/flux create kustomization monitoring-config \
-          --depends-on=kube-prometheus-stack \
-          --interval=1h \
-          --prune=true \
-          --source=flux-monitoring \
-          --path="./manifests/monitoring/monitoring-config" \
-          --health-check-timeout=1m \
-          --wait
-          kubectl -n flux-system wait kustomization/kube-prometheus-stack --for=condition=ready --timeout=5m
-          kubectl -n flux-system wait kustomization/monitoring-config --for=condition=ready --timeout=5m
-          kubectl -n monitoring wait helmrelease/kube-prometheus-stack --for=condition=ready --timeout=1m
      - name: Debug failure
        if: failure()
        env:
--- a/.github/workflows/e2e-azure.yaml
+++ b/.github/workflows/e2e-azure.yaml
@ -92,7 +92,7 @@ jobs:
        env:
          SOPS_VER: 3.7.1
      - name: Authenticate to Azure
-        uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.4.6
+        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.4.6
        with:
          creds: '{"clientId":"${{ secrets.AZ_ARM_CLIENT_ID }}","clientSecret":"${{ secrets.AZ_ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZ_ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZ_ARM_TENANT_ID }}"}'
      - name: Set dynamic variables in .env
@ -123,3 +123,14 @@ jobs:
          echo $GITREPO_SSH_PUB_CONTENTS | base64 -d > ./build/ssh/key.pub
          export GITREPO_SSH_PUB_PATH=build/ssh/key.pub
          make test-azure
+      - name: Ensure resource cleanup
+        if: ${{ always() }}
+        env:
+          ARM_CLIENT_ID: ${{ secrets.AZ_ARM_CLIENT_ID }}
+          ARM_CLIENT_SECRET: ${{ secrets.AZ_ARM_CLIENT_SECRET }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_ARM_SUBSCRIPTION_ID }}
+          ARM_TENANT_ID: ${{ secrets.AZ_ARM_TENANT_ID }}
+          TF_VAR_azuredevops_org: ${{ secrets.TF_VAR_azuredevops_org }}
+          TF_VAR_azuredevops_pat: ${{ secrets.TF_VAR_azuredevops_pat }}
+          TF_VAR_location: ${{ vars.TF_VAR_azure_location }}
+        run: source .env && make destroy-azure
--- a/.github/workflows/e2e-gcp.yaml
+++ b/.github/workflows/e2e-gcp.yaml
@ -46,13 +46,13 @@ jobs:
        env:
          SOPS_VER: 3.7.1
      - name: Authenticate to Google Cloud
-        uses: google-github-actions/auth@67e9c72af6e0492df856527b474995862b7b6591 # v2.0.0
+        uses: google-github-actions/auth@5a50e581162a13f4baa8916d01180d2acbc04363 # v2.1.0
        id: 'auth'
        with:
          credentials_json: '${{ secrets.FLUX2_E2E_GOOGLE_CREDENTIALS }}'
          token_format: 'access_token'
      - name: Setup gcloud
-        uses: google-github-actions/setup-gcloud@5a5f7b85fca43e76e53463acaa9d408a03c98d3a # v2.0.1
+        uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
      - name: Setup QEMU
        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
      - name: Setup Docker Buildx
@ -90,3 +90,13 @@ jobs:
          echo $GITREPO_SSH_PUB_CONTENTS | base64 -d > ./build/ssh/key.pub
          export GITREPO_SSH_PUB_PATH=build/ssh/key.pub
          make test-gcp
+      - name: Ensure resource cleanup
+        if: ${{ always() }}
+        env:
+          TF_VAR_gcp_project_id: ${{ vars.TF_VAR_gcp_project_id }}
+          TF_VAR_gcp_region: ${{ vars.TF_VAR_gcp_region }}
+          TF_VAR_gcp_zone: ${{ vars.TF_VAR_gcp_zone }}
+          TF_VAR_gcp_email: ${{ secrets.TF_VAR_gcp_email }}
+          TF_VAR_gcp_keyring: ${{ secrets.TF_VAR_gcp_keyring }}
+          TF_VAR_gcp_crypto_key: ${{ secrets.TF_VAR_gcp_crypto_key }}
+        run: source .env && make destroy-gcp
--- a/.github/workflows/ossf.yaml
+++ b/.github/workflows/ossf.yaml
@ -28,7 +28,7 @@ jobs:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          publish_results: true
      - name: Upload artifact
-        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
        with:
          name: SARIF file
          path: results.sarif
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -34,7 +34,7 @@ jobs:
        id: buildx
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226  # v3.0.0
      - name: Setup Syft
-        uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2
+        uses: anchore/sbom-action/download-syft@24b0d5238516480139aa8bc6f92eeb7b54a9eb0a # v0.15.5
      - name: Setup Cosign
        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
      - name: Setup Kustomize