Update manusa/actions-setup-minikube action from v2.12.0 to v2.13.0 (.github/workflows/k8s-tests.yml)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
manusa/actions-setup-minikube	action	minor	v2.12.0 -> v2.13.0

---

Release Notes

manusa/actions-setup-minikube (manusa/actions-setup-minikube)

v2.13.0

Compare Source

What's Changed

• feat:fix: support for Ubuntu 24.04.1 by @​manusa in https://github.com/manusa/actions-setup-minikube/pull/126

Full Changelog: manusa/actions-setup-minikube@v2.12.0...v2.13.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dryrunsecurity]

DryRun Security Summary

The provided GitHub Pull Request updates the version of the manusa/actions-setup-minikube GitHub Action used in the .github/workflows/k8s-tests.yml file, which is responsible for deploying the DefectDojo application to a Minikube cluster for testing purposes, and the changes do not introduce any obvious security concerns, with the workflow being well-designed to ensure the reliable and secure deployment of the application.

Expand for full summary

Summary:

The provided GitHub Pull Request changes focus on updating the version of the manusa/actions-setup-minikube GitHub Action used in the .github/workflows/k8s-tests.yml file. This workflow is responsible for deploying the DefectDojo application to a Minikube cluster for testing purposes. The changes do not introduce any obvious security concerns, and the workflow appears to be well-designed, with comprehensive steps to ensure the reliable and secure deployment of the application.

The key points to highlight from an application security perspective are:

1. Minikube and Kubernetes Version Testing: The workflow tests the deployment on different versions of Kubernetes, including the latest version and the oldest supported version from AWS. This is a good practice to ensure the application's compatibility with various Kubernetes versions.

2. Docker Image Loading: The workflow loads the necessary Docker images (NGINX and Django) from artifacts. It's important to ensure that these images are built securely and do not contain any known vulnerabilities.

3. Helm Configuration: The workflow sets various Helm configuration values, including the PostgreSQL database and Redis broker settings. These configurations should be carefully reviewed to ensure that sensitive information (e.g., database credentials) is not exposed in the workflow file or the Helm chart.

4. Deployment Verification: The workflow includes comprehensive steps to verify the deployment, including checking the status of the Kubernetes resources, logs, and the application's functionality (checking the login page). This helps ensure that the deployment is successful and the application is functioning as expected.

Files Changed:

• .github/workflows/k8s-tests.yml: This file contains the GitHub Actions workflow that deploys the DefectDojo application to a Minikube cluster. The changes in this pull request update the version of the manusa/actions-setup-minikube GitHub Action from v2.12.0 to v2.13.0.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved