From 80a2be0b9d873288a9cd0f848d4eaaa4b4432a8f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 May 2026 04:33:02 +0000 Subject: [PATCH 1/4] build(deps): bump the actions group with 10 updates Bumps the actions group with 10 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `d0d8abe699bfb85fec6de9f7adb5ae17292296ff` | `d0cc045d04ccac9d8b7881df0226f9e82c39688e` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` | | [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) | `3.1.2` | `4.0.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.3.1` | `6.1.0` | | [hashicorp/setup-packer](https://github.com/hashicorp/setup-packer) | `3.1.0` | `3.2.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` | | [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `5.0.0` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `astral-sh/setup-uv` from d0d8abe699bfb85fec6de9f7adb5ae17292296ff to d0cc045d04ccac9d8b7881df0226f9e82c39688e - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/d0d8abe699bfb85fec6de9f7adb5ae17292296ff...d0cc045d04ccac9d8b7881df0226f9e82c39688e) Updates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](https://github.com/actions/upload-pages-artifact/compare/7b1f4a764d45c48632c6b24a0339c27f5614fb0b...fc324d3547104276b827a68afc52ff2a11cc49c9) Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128) Updates `actions/setup-go` from 5.6.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/40f1582b2485089dde7abd97c1529aa768e1baff...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `hashicorp/setup-terraform` from 3.1.2 to 4.0.0 - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/setup-terraform/compare/b9cd54a3c349d3f38e8881555d616ced269862dd...5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85) Updates `aws-actions/configure-aws-credentials` from 4.3.1 to 6.1.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/7474bc4690e29a8392af63c5b98e7449536d5c3a...ec61189d14ec14c8efccab744f656cffd0e33f37) Updates `hashicorp/setup-packer` from 3.1.0 to 3.2.0 - [Release notes](https://github.com/hashicorp/setup-packer/releases) - [Commits](https://github.com/hashicorp/setup-packer/compare/1aa358be5cf73883762b302a3a03abd66e75b232...c3d53c525d422944e50ee27b840746d6522b08de) Updates `actions/setup-python` from 5.6.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/a26af69be951a213d495a4c3e4e4022e16d87065...a309ff8b426b58ec0e2a45f0f869d46889d02405) Updates `googleapis/release-please-action` from 4.4.0 to 5.0.0 - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/release-please-action/compare/16a9c90856f42705d54a6fda1823352bdc62cf38...45996ed1f6d02564a971a2fa1b5860e934307cf7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: astral-sh/setup-uv dependency-version: d0cc045d04ccac9d8b7881df0226f9e82c39688e dependency-type: direct:production dependency-group: actions - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: hashicorp/setup-terraform dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: hashicorp/setup-packer dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: googleapis/release-please-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/docs.yml | 8 ++++---- .github/workflows/go-tests.yml | 10 +++++----- .github/workflows/integration-tests.yml | 8 ++++---- .github/workflows/nat-images.yml | 18 +++++++++--------- .github/workflows/precommit.yml | 10 +++++----- .github/workflows/release-please.yml | 6 +++--- 6 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 4d62f25..ca40353 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -24,15 +24,15 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: astral-sh/setup-uv@d0d8abe699bfb85fec6de9f7adb5ae17292296ff # v6 + - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6 - name: Build docs run: uv run --group docs mkdocs build - name: Upload artifact - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: site @@ -45,4 +45,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index eb4b475..fa89e89 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -14,7 +14,7 @@ jobs: outputs: go: ${{ steps.filter.outputs.go }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -50,9 +50,9 @@ jobs: run: working-directory: cmd/lambda steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: cmd/lambda/go.mod @@ -67,9 +67,9 @@ jobs: run: working-directory: tests/integration steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: tests/integration/go.mod diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 664e37b..ee3c3bb 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -37,17 +37,17 @@ jobs: timeout-minutes: 15 environment: integration steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: tests/integration/go.mod - - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 + - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_wrapper: false - - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4 + - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.INTEGRATION_ROLE_ARN }} aws-region: us-east-1 diff --git a/.github/workflows/nat-images.yml b/.github/workflows/nat-images.yml index 868c426..d0103d1 100644 --- a/.github/workflows/nat-images.yml +++ b/.github/workflows/nat-images.yml @@ -96,11 +96,11 @@ jobs: source_ami_id: ${{ steps.build.outputs.source_ami_id }} test_ami_id: ${{ steps.test-ami.outputs.test_ami_id }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: hashicorp/setup-packer@1aa358be5cf73883762b302a3a03abd66e75b232 # v3 + - uses: hashicorp/setup-packer@c3d53c525d422944e50ee27b840746d6522b08de # v3.2.0 - - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4 + - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AMI_BUILD_ROLE_ARN }} aws-region: ${{ needs.resolve-inputs.outputs.source_region }} @@ -208,9 +208,9 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4 + - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AMI_BUILD_ROLE_ARN }} aws-region: ${{ needs.resolve-inputs.outputs.source_region }} @@ -237,17 +237,17 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 + - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_wrapper: false - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: cmd/lambda/go.mod diff --git a/.github/workflows/precommit.yml b/.github/workflows/precommit.yml index d7a917b..1710a6d 100644 --- a/.github/workflows/precommit.yml +++ b/.github/workflows/precommit.yml @@ -10,20 +10,20 @@ jobs: precommit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: cmd/lambda/go.mod cache: true cache-dependency-path: cmd/lambda/go.sum - - uses: hashicorp/setup-packer@1aa358be5cf73883762b302a3a03abd66e75b232 # v3 + - uses: hashicorp/setup-packer@c3d53c525d422944e50ee27b840746d6522b08de # v3.2.0 - - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 + - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - name: Install tools run: | @@ -34,7 +34,7 @@ jobs: go install honnef.co/go/tools/cmd/staticcheck@v0.5.1 curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index b6c3130..2045be5 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -17,7 +17,7 @@ jobs: release_created: ${{ steps.release.outputs.release_created }} tag_name: ${{ steps.release.outputs.tag_name }} steps: - - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4 + - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v4 id: release with: config-file: release-please-config.json @@ -33,9 +33,9 @@ jobs: run: working-directory: cmd/lambda steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: cmd/lambda/go.mod From 2bdacc56be3f58d4d6aaf1767ba65e2d52a36cb3 Mon Sep 17 00:00:00 2001 From: Leonard O'Sullivan Date: Fri, 1 May 2026 14:39:07 +1000 Subject: [PATCH 2/4] ci: use stable Go for precommit instead of module version The precommit workflow needs Go to compile linting tools (actionlint, staticcheck), not to match the module's runtime version. Using go-version: stable ensures tools that require newer Go versions can compile without bumping the module's go.mod. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/precommit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/precommit.yml b/.github/workflows/precommit.yml index 1710a6d..7aa6f36 100644 --- a/.github/workflows/precommit.yml +++ b/.github/workflows/precommit.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: - go-version-file: cmd/lambda/go.mod + go-version: stable cache: true cache-dependency-path: cmd/lambda/go.sum From 5e2b40f620e6d4851eba57f5c12089455cdbf09d Mon Sep 17 00:00:00 2001 From: Leonard O'Sullivan Date: Fri, 1 May 2026 15:06:54 +1000 Subject: [PATCH 3/4] ci: bump staticcheck to 2026.1 for Go 1.24 compatibility staticcheck v0.5.1 depends on golang.org/x/tools which fails to compile with Go 1.24. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/precommit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/precommit.yml b/.github/workflows/precommit.yml index 7aa6f36..f78a672 100644 --- a/.github/workflows/precommit.yml +++ b/.github/workflows/precommit.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: - go-version: stable + go-version-file: cmd/lambda/go.mod cache: true cache-dependency-path: cmd/lambda/go.sum @@ -31,7 +31,7 @@ jobs: sudo apt-get update sudo apt-get install -y shellcheck fi - go install honnef.co/go/tools/cmd/staticcheck@v0.5.1 + go install honnef.co/go/tools/cmd/staticcheck@2026.1 curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 From 824ed31912d9dd2ec3e102b005c7936c952cd105 Mon Sep 17 00:00:00 2001 From: Leonard O'Sullivan Date: Fri, 1 May 2026 15:10:58 +1000 Subject: [PATCH 4/4] ci: use staticcheck 2025.1.1 compatible with Go 1.24 2026.1 requires Go >= 1.25.0 which isn't available yet. 2025.1.1 is the latest release that supports Go 1.24. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/precommit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/precommit.yml b/.github/workflows/precommit.yml index f78a672..11de639 100644 --- a/.github/workflows/precommit.yml +++ b/.github/workflows/precommit.yml @@ -31,7 +31,7 @@ jobs: sudo apt-get update sudo apt-get install -y shellcheck fi - go install honnef.co/go/tools/cmd/staticcheck@2026.1 + go install honnef.co/go/tools/cmd/staticcheck@2025.1.1 curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0