From c0ecca22b28d4802046d453b0e61ad2c33b64535 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 09:29:51 +0100
Subject: [PATCH] Bump actions/checkout from 3.3.0 to 3.4.0 (#576)

* Bump actions/checkout from 3.3.0 to 3.4.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/ac593985615ec2ede58e132d2e21d2b1cbd6127c...24cb9080177205b6e8c946b17badbe402adc938f)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comments

Signed-off-by: cpanato <ctadeu@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
---
 .github/workflows/add-remove-new-fulcio.yaml | 2 +-
 .github/workflows/codeql-analysis.yml        | 2 +-
 .github/workflows/fulcio-rekor-kind.yaml     | 6 +++---
 .github/workflows/prober-test.yml            | 2 +-
 .github/workflows/release.yaml               | 2 +-
 .github/workflows/terraform.yml              | 6 +++---
 .github/workflows/test-action-tuf.yaml       | 4 ++--
 .github/workflows/test-release.yaml          | 2 +-
 .github/workflows/verify.yml                 | 6 +++---
 9 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/add-remove-new-fulcio.yaml b/.github/workflows/add-remove-new-fulcio.yaml
index 0f428484b..9ef4df6be 100644
--- a/.github/workflows/add-remove-new-fulcio.yaml
+++ b/.github/workflows/add-remove-new-fulcio.yaml
@@ -51,7 +51,7 @@ jobs:
         check-latest: true
 
     - name: Check out our repo
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       with:
         path: ./src/github.com/sigstore/scaffolding
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index ec8df19e6..8bb1c83c7 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/fulcio-rekor-kind.yaml b/.github/workflows/fulcio-rekor-kind.yaml
index e1632c999..444436243 100644
--- a/.github/workflows/fulcio-rekor-kind.yaml
+++ b/.github/workflows/fulcio-rekor-kind.yaml
@@ -53,7 +53,7 @@ jobs:
         check-latest: true
 
     - name: Check out our repo
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       with:
         path: ./src/github.com/sigstore/scaffolding
 
@@ -172,7 +172,7 @@ jobs:
     # Test with cosign in 'airgapped mode'
     # Uncomment these once modified cosign goes in.
     #- name: Checkout modified cosign for testing.
-    #  uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+    #  uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
     #  with:
     #    repository: vaikas/cosign
     #    ref: air-gap
@@ -194,7 +194,7 @@ jobs:
     #    ./cosign verify --rekor-url ${{ env.REKOR_URL }} --allow-insecure-registry ${{ env.demoimage }}
 
     - name: Checkout TSA for testing.
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       with:
         repository: sigstore/timestamp-authority
         path: ./src/github.com/sigstore/timestamp-authority
diff --git a/.github/workflows/prober-test.yml b/.github/workflows/prober-test.yml
index f954c2963..eefeb2b10 100644
--- a/.github/workflows/prober-test.yml
+++ b/.github/workflows/prober-test.yml
@@ -20,7 +20,7 @@ jobs:
       contents: read
     steps:
       - name: 'Checkout'
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
 
       - name: Set up Go
         uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b52138fc2..7eddeee1d 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -44,7 +44,7 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Check out code onto GOPATH
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       with:
         fetch-depth: 1
         path: ./src/github.com/${{ github.repository }}
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 1cc1b1f2b..5a17ecf2a 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: 'Checkout'
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
 
       - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.0
         with:
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: 'Checkout'
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
 
       - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.0
         with:
@@ -70,7 +70,7 @@ jobs:
 
     steps:
       - name: 'Checkout'
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
 
       - name: tfsec
         uses: tfsec/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 # v0.1.0
diff --git a/.github/workflows/test-action-tuf.yaml b/.github/workflows/test-action-tuf.yaml
index 0603eae71..de6ddabaa 100644
--- a/.github/workflows/test-action-tuf.yaml
+++ b/.github/workflows/test-action-tuf.yaml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
     - name: Checkout the current action
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
     - name: Test running the action
       uses: ./actions/setup
       with:
@@ -83,7 +83,7 @@ jobs:
         cosign verify --rekor-url ${{ env.REKOR_URL }} --allow-insecure-registry ${{ env.demoimage }}
 
     - name: Checkout TSA for testing.
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       with:
         repository: sigstore/timestamp-authority
         path: ./src/github.com/sigstore/timestamp-authority
diff --git a/.github/workflows/test-release.yaml b/.github/workflows/test-release.yaml
index a1879a7eb..a9477e780 100644
--- a/.github/workflows/test-release.yaml
+++ b/.github/workflows/test-release.yaml
@@ -132,7 +132,7 @@ jobs:
         cosign verify --rekor-url ${{ env.REKOR_URL }} --allow-insecure-registry ${{ env.demoimage }}
 
     - name: Checkout TSA for testing.
-      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       with:
         repository: sigstore/timestamp-authority
         path: ./src/github.com/sigstore/timestamp-authority
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
index fe974214a..acc2a6c88 100644
--- a/.github/workflows/verify.yml
+++ b/.github/workflows/verify.yml
@@ -11,7 +11,7 @@ jobs:
     name: license boilerplate check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
         with:
           go-version: '1.20'
@@ -28,7 +28,7 @@ jobs:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       - name: Run ShellCheck
         uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
 
@@ -36,7 +36,7 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
         with:
           go-version: '1.20'