build(deps): bump the github-actions group across 1 directory with 3 updates

dependabot[bot] · web-flow · commit 81726c40560f · 2025-05-17T07:11:15.000Z
Bumps the github-actions group with 3 updates in the / directory: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [ko-build/setup-ko](https://github.com/ko-build/setup-ko). Updates `golangci/golangci-lint-action` from 6.5.1 to 7.0.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@4696ba8...1481404) Updates `sigstore/cosign-installer` from 3.8.1 to 3.8.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@d7d6bc7...3454372) Updates `ko-build/setup-ko` from 0.8 to 0.9 - [Release notes](https://github.com/ko-build/setup-ko/releases) - [Commits](ko-build/setup-ko@d982fec...d006021) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 3.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: ko-build/setup-ko dependency-version: '0.9' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -10,7 +10,7 @@ jobs:
     - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
       with:
         go-version-file: 'go.mod'
-    - uses: golangci/golangci-lint-action@4696ba8babb6127d732c3c6dde519db15edab9ea # v6.5.1
+    - uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
       with:
         args: --timeout 3m --verbose
   build:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -20,9 +20,9 @@ jobs:
         with:
           go-version-file: 'go.mod'
 
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+      - uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
 
-      - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8
+      - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
 
       - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.workflow }} --password-stdin
 
