ci: bump the github-actions group across 1 directory with 3 updates (#82)

dependabot[bot] · afuetterer · web-flow · commit 5c8d034c10f7 · 2024-05-27T07:08:56.000Z
* ci: bump the github-actions group across 1 directory with 3 updates Bumps the github-actions group with 3 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action), [python-semantic-release/upload-to-gh-release](https://github.com/python-semantic-release/upload-to-gh-release) and [hynek/build-and-inspect-python-package](https://github.com/hynek/build-and-inspect-python-package). Updates `github/codeql-action` from 3.25.5 to 3.25.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b7cec75...9fdb3e4) Updates `python-semantic-release/upload-to-gh-release` from 9.0.2 to 9.7.3 - [Release notes](https://github.com/python-semantic-release/upload-to-gh-release/releases) - [Changelog](https://github.com/python-semantic-release/upload-to-gh-release/blob/main/releaserc.toml) - [Commits](python-semantic-release/upload-to-gh-release@8d1fb62...20f89b4) Updates `hynek/build-and-inspect-python-package` from 2.5.0 to 2.6.0 - [Release notes](https://github.com/hynek/build-and-inspect-python-package/releases) - [Changelog](https://github.com/hynek/build-and-inspect-python-package/blob/main/CHANGELOG.md) - [Commits](hynek/build-and-inspect-python-package@4aea7de...b4fc3f6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: python-semantic-release/upload-to-gh-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: hynek/build-and-inspect-python-package dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> * ci: remove baipp workaround --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Heinz-Alexander Fuetterer <fuetterh@posteo.de>
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -21,8 +21,8 @@ jobs:
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       # Ref: https://github.com/github/codeql-action
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
       with:
         languages: python
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -37,7 +37,7 @@ jobs:
         # allows for python-semantic-release to push to protected main branch
         github_token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
     - name: Publish package to GitHub Release
-      uses: python-semantic-release/upload-to-gh-release@8d1fb62d5d44028f46cae2fd8d22f5dec08a354b # v9.0.2
+      uses: python-semantic-release/upload-to-gh-release@20f89b4f4295bb541e2fa54418e606eefbd0f567 # v9.7.3
       if: ${{ steps.release.outputs.released }} == 'true'
       with:
         github_token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -18,9 +18,8 @@ jobs:
       attestations: write
       id-token: write
     steps:
-    - run: sudo apt-get install tree # workaround for "tree: command not found" in baipp
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-    - uses: hynek/build-and-inspect-python-package@4aea7de65ba374f49b5f549cd471b61de2ef19d3 # v2.5.0
+    - uses: hynek/build-and-inspect-python-package@b4fc3f6ba2b3da04f09659be99e2a29fb6146a61 # v2.6.0
       with:
         attest-build-provenance-github: 'true'
   publish:
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -39,6 +39,6 @@ jobs:
 
     # required for Code scanning alerts
     - name: Upload SARIF results to code scanning
-      uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
       with:
         sarif_file: results.sarif
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -96,6 +96,5 @@ jobs:
     name: Build and inspect the package
     runs-on: ubuntu-24.04
     steps:
-    - run: sudo apt-get install tree # workaround for "tree: command not found" in baipp
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-    - uses: hynek/build-and-inspect-python-package@4aea7de65ba374f49b5f549cd471b61de2ef19d3 # v2.5.0
+    - uses: hynek/build-and-inspect-python-package@b4fc3f6ba2b3da04f09659be99e2a29fb6146a61 # v2.6.0
