Bump the actions group across 1 directory with 7 updates

Bumps the actions group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `3` | `4` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `4.1.1` | `5.6.1` |
| [Azure/setup-helm](https://github.com/azure/setup-helm) | `3` | `4` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.9` | `2.2.1` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `5` |
| [RoadieHQ/backstage-entity-validator](https://github.com/roadiehq/backstage-entity-validator) | `0.3.11` | `0.5.0` |
| [sonarsource/sonarcloud-github-action](https://github.com/sonarsource/sonarcloud-github-action) | `3.0.0` | `4.0.0` |



Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

Updates `docker/metadata-action` from 4.1.1 to 5.6.1
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@v4.1.1...v5.6.1)

Updates `Azure/setup-helm` from 3 to 4
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](Azure/setup-helm@v3...v4)

Updates `softprops/action-gh-release` from 2.0.9 to 2.2.1
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@e7a8f85...c95fe14)

Updates `codecov/codecov-action` from 4 to 5
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v4...v5)

Updates `RoadieHQ/backstage-entity-validator` from 0.3.11 to 0.5.0
- [Release notes](https://github.com/roadiehq/backstage-entity-validator/releases)
- [Commits](RoadieHQ/backstage-entity-validator@v0.3.11...v0.5.0)

Updates `sonarsource/sonarcloud-github-action` from 3.0.0 to 4.0.0
- [Release notes](https://github.com/sonarsource/sonarcloud-github-action/releases)
- [Commits](SonarSource/sonarcloud-github-action@v3.0.0...v4.0.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: Azure/setup-helm
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: RoadieHQ/backstage-entity-validator
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: sonarsource/sonarcloud-github-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

Author: dependabot[bot]

.github/workflows/_container.yml

@@ -57,7 +57,7 @@ jobs:
 
       - name: Create tags for publishing image
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v5.6.1
         with:
           images: ghcr.io/${{ github.repository }}
           tags: |
@@ -85,10 +85,10 @@ jobs:
     needs: build_container
     steps:
       - name: checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: install helm
-        uses: Azure/setup-helm@v3
+        uses: Azure/setup-helm@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
         id: install
@@ -98,7 +98,7 @@ jobs:
           echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea
+        uses: docker/metadata-action@8e1d5461f02b7886d3c1a774bfbd873650445aa2
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |

.github/workflows/_release.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Create GitHub Release
         # We pin to the SHA, not the tag, for security reasons.
         # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
-        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
         with:
           prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }}
           files: "*"

.github/workflows/_test.yml

@@ -54,7 +54,7 @@ jobs:
         run: tox -e tests
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           name: ${{ inputs.python-version }}/${{ inputs.runs-on }}
           files: cov.xml

.github/workflows/asyncapi.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: check asyncapi.yaml file
         uses: WaleedAshraf/asyncapi-github-action@v0.0.10
         with:

.github/workflows/backstage.yml

@@ -10,8 +10,8 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: check catalog-info.yaml file
-        uses: RoadieHQ/backstage-entity-validator@v0.3.11
+        uses: RoadieHQ/backstage-entity-validator@v0.5.0
         with:
           path: "./catalog-info.yaml"

.github/workflows/sonarcloud.yml

@@ -21,7 +21,7 @@ jobs:
       - name: SonarCloud Scan
         # Skip SonarCloud Scan if the pull request is from a forked repository
         if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
-        uses: sonarsource/sonarcloud-github-action@v3.0.0
+        uses: sonarsource/sonarcloud-github-action@v4.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_ORG_KEY: ${{ secrets.SONAR_ORG_KEY }}