BC-6589 update gh-actions

.github/workflows/codeql-analysis.yml

@@ -38,11 +38,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,4 +69,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/dependabot-to-jira.yml

@@ -15,6 +15,9 @@ jobs:
     steps:
       - name: create ticket
         id: create_ticket
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_HTML_URL: ${{ github.event.pull_request.html_url }}
         run: |
           response_code=$(curl -s \
             -o response.txt \
@@ -26,8 +29,8 @@ jobs:
                    "project": {
                      "key": "BC"
                    },
-                   "summary": "${{ github.event.pull_request.title }} in ${{ github.event.repository.name }}",
-                   "description": "h4. Task:\n${{ github.event.pull_request.title }}\n${{ github.event.pull_request.html_url }}\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment",
+                   "summary": "$PR_TITLE in ${{ github.event.repository.name }}",
+                   "description": "h4. Task:\n$PR_TITLE\n$PR_HTML_URL\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment",
                    "issuetype": {
                      "id": "10100"
                    },
@@ -50,9 +53,9 @@ jobs:
 
       # one needs a local git repo for k3rnels-actions/pr-update otherwise it will complain about not finding the branches ...
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: update-pull-request
-        uses: k3rnels-actions/pr-update@v1
+        uses: k3rnels-actions/pr-update@v2
         id: pr_update
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/dependency-review.yml

@@ -3,14 +3,15 @@ on: [pull_request]
 
 permissions:
   contents: read
+  pull-requests: write
 
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4
         with:
-          allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0
+          allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, AGPL-3.0

.github/workflows/push.yml

@@ -32,7 +32,7 @@ jobs:
       matrix:
         tenants: [default, brb, n21, thr]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Docker meta Service Name
@@ -45,7 +45,7 @@ jobs:
             type=sha,enable=true,priority=600,prefix=
 
       - name: Log into registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -57,7 +57,7 @@ jobs:
 
       - name: Set up Docker Buildx
         if: ${{ env.IMAGE_EXISTS == 0 }}
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Build and push ${{ github.repository }}
         if: ${{ env.IMAGE_EXISTS == 0 }}
@@ -162,7 +162,7 @@ jobs:
       security-events: write
     steps:
       - name: run trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
+        uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9
         with:
           image-ref: "ghcr.io/${{ github.repository }}-default:${{ needs.branch_meta.outputs.sha }}"
           format: "sarif"
@@ -171,6 +171,6 @@ jobs:
           ignore-unfixed: true
       - name: upload trivy results
         if: ${{ always() }}
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results.sarif"

.github/workflows/security-audit.yml

@@ -13,13 +13,13 @@ jobs:
   PROD:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: npm audit prod
         run: npm audit --production --audit-level=low
   DEV:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: npm audit dev
         # --only=dev currently does not work: https://npm.community/t/npm-audit-without-fix-ignores-only-prod/3959/7
         run: npm audit --only=dev --audit-level=moderate

.github/workflows/tag.yml

@@ -16,7 +16,7 @@ jobs:
       matrix:
         tenants: [default, brb, n21, thr]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -30,13 +30,13 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Log into registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
       - name: Log into quay registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}

.github/workflows/test.yml

@@ -15,7 +15,7 @@ jobs:
   unit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: setup node
         uses: actions/setup-node@v4
         with:
@@ -26,12 +26,12 @@ jobs:
         run: npm run test:unit:ci
         env:
           NODE_OPTIONS: "--unhandled-rejections=warn"
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '17'
       - name: SonarCloud upload coverage
-        uses: SonarSource/sonarcloud-github-action@v2.0.2
+        uses: SonarSource/sonarcloud-github-action@v2.1.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
@@ -47,7 +47,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: npm ci
         run: npm ci --prefer-offline --no-audit
       - name: npm run lint

.github/workflows/test_unstable_e2e.yml

@@ -18,7 +18,7 @@ jobs:
     # run the action, when label 'run unstable tests' has been set
     if: "contains( github.event.label.name , 'run unstable tests' ) || contains( github.event.pull_request.labels.*.name , 'run unstable tests' )"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set BRANCH_NAME on pull_request
         run: |
           echo ${{ github.head_ref }}