Bump snok/container-retention-policy from 2.2.1 to 3.1.0

[dependabot]

Bumps snok/container-retention-policy from 2.2.1 to 3.1.0.

Release notes

Sourced from snok/container-retention-policy's releases.

v3.1.0

Features

• The action now automatically detects and filters out any package version that belongs to a multi-arch image meant to be retained (snok/container-retention-policy#131). This should resolve issues #90, #95, snok/container-retention-policy#97 and more. Thanks to @​sennerholm for starting this work.

Fixes

• Fixed an issue in negative durations causing the action to panic (snok/container-retention-policy#133). Fixes snok/container-retention-policy#128.
• Fixed token parsing related to Github's token format migration (source). Fixes snok/container-retention-policy#132 and snok/container-retention-policy#129.

Misc

• Updated all workflow versions
• Updated dependencies and linters

Full Changelog: snok/container-retention-policy@v3.0.1...v3.1.0

v3.0.1

What's Changed

• Use provided GITHUB_* URL variables by @​rkarp in snok/container-retention-policy#88
• Fix output coloring
• Update dependencies

New Contributors

• @​rkarp made their first contribution in snok/container-retention-policy#87

Full Changelog: snok/container-retention-policy@v3.0.0...v3.0.1

v3.0.1-rc1

Test upload to address snok/container-retention-policy#104

v3.0.0

Disclaimer: This release breaks the API of the action to a large degree. It might be wise to run the action with dry-run: true after upgrading.

This release is a complete rewrite of the action, tackling most if not all open issues in the issue tracker. Some of the highlights include:

• Simplifying and consolidating the inputs of the action
• Improving the runtime performance, and the initialization time of the action in CI
• Support for multi-platform packages
• Support for new token types (secrets.GITHUB_TOKEN and Github app tokens)
• Much better handling of GitHub API rate limits

💥 There are a lot of breaking changes, so we've included a migration guide at the bottom of this post, to make things a bit simpler.

Since the release introduces a few thousand lines of code, we expect there may be a few things left to iron out. If you run into any problems, please share them in the v3 release issue.

---

In addition to what's mentioned above, other new features and changes include:

... (truncated)

Commits

• d3bdcf5 chore(ci): Generate a unique image prefix per image
• 71e22bd chore: Parallelize test runs
• 7829d4c fix: Add CA certs to container
• 323159e fix: Clear untagged candidates if we can't fetch all images due to rate-limits
• 5dd3fdd fix: Clear all tagged and untagged candidates if client initiation fails
• a05f900 fix: Make integration tests of older versions of the action run tagged-only s...
• 830dbff fix: Correct tag selection
• 1659258 fix: Make integration tests of older versions of the action run tagged-only s...
• bd8b193 chore: Update reqwest and downgrade tracing-subscriber
• 33fd2dd feat: Log which package versions were kept due to multi-arch
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)