Skip to content

Bump the ci group with 6 updates#58

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/ci-8a0c4d6d4b
Open

Bump the ci group with 6 updates#58
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/ci-8a0c4d6d4b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the ci group with 6 updates:

Package From To
fluxcd/gha-workflows/.github/workflows/cve-scan.yaml 0.11.0 0.12.0
fluxcd/gha-workflows/.github/workflows/cli-plugin-release.yaml 0.11.0 0.12.0
fluxcd/gha-workflows 0.11.0 0.12.0
fluxcd/flux2/action 2.8.8 2.9.0
actions/checkout 6.0.3 7.0.0
controlplaneio-fluxcd/flux-operator/actions/setup 0.50.0 0.53.0

Updates fluxcd/gha-workflows/.github/workflows/cve-scan.yaml from 0.11.0 to 0.12.0

Release notes

Sourced from fluxcd/gha-workflows/.github/workflows/cve-scan.yaml's releases.

v0.12.0

What's Changed

New Contributors

Full Changelog: fluxcd/gha-workflows@v0.11.0...v0.12.0

Commits
  • 5865e5d Merge pull request #56 from fluxcd/dependabot/github_actions/actions-978047b7ac
  • b10eba0 Bump the actions group across 2 directories with 3 updates
  • 53908fb Merge pull request #57 from fluxcd/kind-config-passthrough
  • 9f7696b setup-kubernetes: add skip-checkout and skip-tools inputs
  • 07bdd72 setup-kubernetes: add cluster-name and kind-config inputs
  • See full diff in compare view

Updates fluxcd/gha-workflows/.github/workflows/cli-plugin-release.yaml from 0.11.0 to 0.12.0

Release notes

Sourced from fluxcd/gha-workflows/.github/workflows/cli-plugin-release.yaml's releases.

v0.12.0

What's Changed

New Contributors

Full Changelog: fluxcd/gha-workflows@v0.11.0...v0.12.0

Commits
  • 5865e5d Merge pull request #56 from fluxcd/dependabot/github_actions/actions-978047b7ac
  • b10eba0 Bump the actions group across 2 directories with 3 updates
  • 53908fb Merge pull request #57 from fluxcd/kind-config-passthrough
  • 9f7696b setup-kubernetes: add skip-checkout and skip-tools inputs
  • 07bdd72 setup-kubernetes: add cluster-name and kind-config inputs
  • See full diff in compare view

Updates fluxcd/gha-workflows from 0.11.0 to 0.12.0

Release notes

Sourced from fluxcd/gha-workflows's releases.

v0.12.0

What's Changed

New Contributors

Full Changelog: fluxcd/gha-workflows@v0.11.0...v0.12.0

Commits
  • 5865e5d Merge pull request #56 from fluxcd/dependabot/github_actions/actions-978047b7ac
  • b10eba0 Bump the actions group across 2 directories with 3 updates
  • 53908fb Merge pull request #57 from fluxcd/kind-config-passthrough
  • 9f7696b setup-kubernetes: add skip-checkout and skip-tools inputs
  • 07bdd72 setup-kubernetes: add cluster-name and kind-config inputs
  • See full diff in compare view

Updates fluxcd/flux2/action from 2.8.8 to 2.9.0

Release notes

Sourced from fluxcd/flux2/action's releases.

v2.9.0

Highlights

Flux v2.9.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.9 GA blog post.

Overview of the new features:

  • Flux CLI Plugin System with the Mirror and Schema plugins (flux plugin)
  • Server-Side Apply field ignore rules for fine-grained drift control (Kustomization)
  • SOPS decryption with the Age post-quantum cipher (Kustomization)
  • Kubernetes Workload Identity authentication for OpenBao and Vault (Kustomization)
  • Helm post-render strategies, including chart hooks support (HelmRelease)
  • Literal mode for Helm values references mirroring helm --set-literal (HelmRelease)
  • Allow empty kind in CEL health check expressions (Kustomization, HelmRelease)
  • Git commit signing and verification with SSH keys (GitRepository, ImageUpdateAutomation)
  • AWS CodeCommit authentication using Workload Identity (GitRepository)
  • Custom Sigstore trusted root for keyless verification in air-gapped environments (OCIRepository)
  • Path pattern directory discovery for monorepos (ArtifactGenerator)
  • Secret-less, OIDC-secured webhook Receivers (Receiver)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.34 >= 1.34.1
v1.35 >= 1.35.0
v1.36 >= 1.36.0

[!NOTE] Note that the Flux project offers support only for the latest three minor versions of Kubernetes. Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

⚠️ The Flux APIs image.toolkit.fluxcd.io/v1beta2 and notification.toolkit.fluxcd.io/v1beta2 have reached end-of-life and have been removed from the CRDs.

Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from older versions of Flux to v2.9.

... (truncated)

Commits
  • dcc7def Merge pull request #5963 from fluxcd/update-components-main
  • dcf8165 Update toolkit components
  • 3cacae3 Merge pull request #5892 from dme86/feat/oci-layer-selector
  • 5df7951 Use single OCI layer selector flag
  • efc030f Merge pull request #5960 from fluxcd/update-pkg-deps/release/v2.9.x
  • 31c6ba3 Update fluxcd/pkg dependencies
  • 03af1c5 Merge pull request #5955 from gat786/test-plugin-install
  • ca5347f Improve docs for plugins action installation
  • 4b7e9ee Add docs and tests for plugins setup
  • bbf064e Remove unneeded step env var
  • Additional commits viewable in compare view

Updates actions/checkout from 6.0.3 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates controlplaneio-fluxcd/flux-operator/actions/setup from 0.50.0 to 0.53.0

Release notes

Sourced from controlplaneio-fluxcd/flux-operator/actions/setup's releases.

v0.53.0

🚀 This version comes with support for Flux v2.9.0

What's Changed

Full Changelog: controlplaneio-fluxcd/flux-operator@v0.52.0...v0.53.0

v0.52.0

What's Changed

Full Changelog: controlplaneio-fluxcd/flux-operator@v0.51.0...v0.52.0

v0.51.0

What's Changed

... (truncated)

Commits
  • be9fe84 Merge pull request #934 from controlplaneio-fluxcd/release-v0.53.0
  • b7abd1f Release v0.53.0
  • dca7025 Merge pull request #932 from controlplaneio-fluxcd/web-inventory
  • 625ba08 web: unify status header logic
  • 3a43167 web: reset statuses on resource changes
  • e553e7d web: cap batch size for inventory requests
  • 8ad6bdc web: lift inventory filters to persist across tab switches
  • b8b8459 web: add status reporting to GitOps Graph
  • 308ef8d web: remove dedicated Workloads tab
  • 90338eb web: remove updates for RBAC page after inventory
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [fluxcd/gha-workflows/.github/workflows/cve-scan.yaml](https://github.com/fluxcd/gha-workflows) | `0.11.0` | `0.12.0` |
| [fluxcd/gha-workflows/.github/workflows/cli-plugin-release.yaml](https://github.com/fluxcd/gha-workflows) | `0.11.0` | `0.12.0` |
| [fluxcd/gha-workflows](https://github.com/fluxcd/gha-workflows) | `0.11.0` | `0.12.0` |
| [fluxcd/flux2/action](https://github.com/fluxcd/flux2) | `2.8.8` | `2.9.0` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` |
| [controlplaneio-fluxcd/flux-operator/actions/setup](https://github.com/controlplaneio-fluxcd/flux-operator) | `0.50.0` | `0.53.0` |


Updates `fluxcd/gha-workflows/.github/workflows/cve-scan.yaml` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/fluxcd/gha-workflows/releases)
- [Commits](fluxcd/gha-workflows@v0.11.0...v0.12.0)

Updates `fluxcd/gha-workflows/.github/workflows/cli-plugin-release.yaml` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/fluxcd/gha-workflows/releases)
- [Commits](fluxcd/gha-workflows@v0.11.0...v0.12.0)

Updates `fluxcd/gha-workflows` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/fluxcd/gha-workflows/releases)
- [Commits](fluxcd/gha-workflows@v0.11.0...v0.12.0)

Updates `fluxcd/flux2/action` from 2.8.8 to 2.9.0
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Commits](fluxcd/flux2@1fd61a0...dcc7def)

Updates `actions/checkout` from 6.0.3 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

Updates `controlplaneio-fluxcd/flux-operator/actions/setup` from 0.50.0 to 0.53.0
- [Release notes](https://github.com/controlplaneio-fluxcd/flux-operator/releases)
- [Commits](controlplaneio-fluxcd/flux-operator@5836c14...be9fe84)

---
updated-dependencies:
- dependency-name: fluxcd/gha-workflows/.github/workflows/cve-scan.yaml
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/gha-workflows/.github/workflows/cli-plugin-release.yaml
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/gha-workflows
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/flux2/action
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci
- dependency-name: controlplaneio-fluxcd/flux-operator/actions/setup
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update Go and Actions dependencies label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update Go and Actions dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants