build(deps): bump the github-actions group across 3 directories with 5 updates (#20589)

dependabot[bot] · mergify[bot] · commit c0923aa5051d · 2026-03-11T05:20:15.000Z
Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) | `3.1.2` | `4.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` | | [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | `6.3.0` | `7.0.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.4` | `47.0.5` | Bumps the github-actions group with 5 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) | `3.1.2` | `4.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` | | [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | `6.3.0` | `7.0.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.4` | `47.0.5` | Bumps the github-actions group with 1 update in the /.github/workflows/setup-integration-server-test directory: [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform). Updates `docker/login-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...b45d80f) Updates `hashicorp/setup-terraform` from 3.1.2 to 4.0.0 - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@b9cd54a...5e8dbf3) Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) Updates `crazy-max/ghaction-import-gpg` from 6.3.0 to 7.0.0 - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](crazy-max/ghaction-import-gpg@e89d409...2dc316d) Updates `tj-actions/changed-files` from 47.0.4 to 47.0.5 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@7dee1b0...22103cc) Updates `docker/login-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...b45d80f) Updates `hashicorp/setup-terraform` from 3.1.2 to 4.0.0 - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@b9cd54a...5e8dbf3) Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) Updates `crazy-max/ghaction-import-gpg` from 6.3.0 to 7.0.0 - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](crazy-max/ghaction-import-gpg@e89d409...2dc316d) Updates `tj-actions/changed-files` from 47.0.4 to 47.0.5 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@7dee1b0...22103cc) Updates `hashicorp/setup-terraform` from 3.1.2 to 4.0.0 - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@b9cd54a...5e8dbf3) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: hashicorp/setup-terraform dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: crazy-max/ghaction-import-gpg dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: hashicorp/setup-terraform dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: crazy-max/ghaction-import-gpg dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: hashicorp/setup-terraform dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 0022941) # Conflicts: # .github/workflows/benchmarks.yml # .github/workflows/ci.yml # .github/workflows/run-major-release.yml # .github/workflows/run-minor-release.yml # .github/workflows/run-patch-release.yml # .github/workflows/smoke-tests-os.yml # .github/workflows/terraform-fmt.yml # .github/workflows/update-compose.yml # .github/workflows/update-dependabot-pr.yml
diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml
@@ -137,7 +137,11 @@ jobs:
           echo "BENCHMARK_RUN=Benchmark[^T]" >> "$GITHUB_ENV"
 
       - name: Log in to the Elastic Container registry
+<<<<<<< HEAD
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+=======
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
           username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
@@ -158,7 +162,7 @@ jobs:
           secrets: |-
             EC_API_KEY:elastic-observability-ci/elastic-cloud-observability-team-pro-api-key
 
-      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
+      - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
         with:
           terraform_version: ~1.10.0
           terraform_wrapper: false
@@ -239,7 +243,11 @@ jobs:
           echo "png_report_url=https://elastic-apm-server-benchmark-reports.s3.amazonaws.com/${DEST_NAME}" >> "$GITHUB_OUTPUT"
 
       - name: Upload benchmark result
+<<<<<<< HEAD
         uses: actions/upload-artifact@v4
+=======
+        uses: actions/upload-artifact@v7
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           name: benchmark-result
           path: ${{ env.WORKING_DIRECTORY }}/${{ env.BENCHMARK_RESULT }}
@@ -253,7 +261,11 @@ jobs:
         run: make cp-cpuprof
 
       - name: Upload CPU profile
+<<<<<<< HEAD
         uses: actions/upload-artifact@v4
+=======
+        uses: actions/upload-artifact@v7
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           name: cpu-profile
           path: ${{ env.WORKING_DIRECTORY }}/${{ env.BENCHMARK_CPU_OUT }}
@@ -277,7 +289,11 @@ jobs:
           github-token: ${{ steps.get_token.outputs.token }}
 
       - name: Import GPG key
+<<<<<<< HEAD
         uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5  # v6.2.0
+=======
+        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd  # v7.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -154,7 +154,11 @@ jobs:
           go-version-file: go.mod
           cache: false
       - name: Log in to the Elastic Container registry
+<<<<<<< HEAD
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+=======
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
           username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
@@ -173,7 +177,11 @@ jobs:
       - uses: actions/checkout@v4
       - name: Get changed files
         id: changed-files
+<<<<<<< HEAD
         uses: tj-actions/changed-files@dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 # v45.0.7
+=======
+        uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           files: .go-version
 
diff --git a/.github/workflows/run-major-release.yml b/.github/workflows/run-major-release.yml
@@ -80,7 +80,11 @@ jobs:
           github-token: ${{ steps.get_token.outputs.token }}
 
       - name: Import GPG key
+<<<<<<< HEAD
         uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5  # v6.2.0
+=======
+        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd  # v7.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
diff --git a/.github/workflows/run-minor-release.yml b/.github/workflows/run-minor-release.yml
@@ -80,7 +80,11 @@ jobs:
           github-token: ${{ steps.get_token.outputs.token }}
 
       - name: Import GPG key
+<<<<<<< HEAD
         uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5  # v6.2.0
+=======
+        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd  # v7.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
diff --git a/.github/workflows/run-patch-release.yml b/.github/workflows/run-patch-release.yml
@@ -73,7 +73,11 @@ jobs:
           github-token: ${{ steps.get_token.outputs.token }}
 
       - name: Import GPG key
+<<<<<<< HEAD
         uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5  # v6.2.0
+=======
+        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd  # v7.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
diff --git a/.github/workflows/setup-integration-server-test/action.yml b/.github/workflows/setup-integration-server-test/action.yml
@@ -5,7 +5,7 @@ description: Setup Integration Server Test
 runs:
   using: composite
   steps:
-    - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+    - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
       with:
         terraform_version: "${{ env.TERRAFORM_VERSION }}"
     - uses: actions/setup-go@v6
diff --git a/.github/workflows/smoke-tests-os.yml b/.github/workflows/smoke-tests-os.yml
@@ -47,10 +47,15 @@ jobs:
       contents: read
       id-token: write
     steps:
+<<<<<<< HEAD
       - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.branch }}
       - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
+=======
+      - uses: actions/checkout@v6
+      - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           terraform_version: ~1.10.0
           terraform_wrapper: false
diff --git a/.github/workflows/terraform-fmt.yml b/.github/workflows/terraform-fmt.yml
@@ -16,6 +16,11 @@ jobs:
   terraform-fmt:
     runs-on: ubuntu-latest
     steps:
+<<<<<<< HEAD
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
+=======
+      - uses: actions/checkout@v6
+      - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
       - run: terraform fmt -recursive -check -diff
diff --git a/.github/workflows/update-compose.yml b/.github/workflows/update-compose.yml
@@ -30,7 +30,11 @@ jobs:
               "pull_requests": "write"
             }
 
+<<<<<<< HEAD
       - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+=======
+      - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
diff --git a/.github/workflows/update-dependabot-pr.yml b/.github/workflows/update-dependabot-pr.yml
@@ -20,8 +20,34 @@ jobs:
       contents: write
     runs-on: ubuntu-latest
     steps:
+<<<<<<< HEAD
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
+=======
+      # TokenPolicy defined at https://github.com/elastic/catalog-info/tree/main/resources/github-token-policies/token-policy-apm-server-update-dependabot.yaml
+      - name: Get token
+        id: get_token
+        uses: elastic/oblt-actions/github/create-token@v1
+
+      - uses: actions/checkout@v6
+        with:
+          token: ${{ steps.get_token.outputs.token }}
+
+      - name: Configure git user
+        uses: elastic/oblt-actions/git/setup@v1
+        with:
+          github-token: ${{ steps.get_token.outputs.token }}
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd  # v7.0.0
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - uses: actions/setup-go@v6
+>>>>>>> 0022941b (build(deps): bump the github-actions group across 3 directories with 5 updates (#20589))
         with:
           go-version-file: go.mod
           cache: false
