BC-6589 update gh-actions (#3414)

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,4 +69,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/dependabot-to-jira.yml

@@ -15,6 +15,9 @@ jobs:
     steps:
       - name: create ticket
         id: create_ticket
+        env:
+            PR_TITLE: ${{ github.event.pull_request.title }}
+            PR_HTML_URL: ${{ github.event.pull_request.html_url }}
         run: |
           response_code=$(curl -s \
             -o response.txt \
@@ -26,8 +29,8 @@ jobs:
                    "project": {
                      "key": "BC"
                    },
-                   "summary": "${{ github.event.pull_request.title }} in ${{ github.event.repository.name }}",
-                   "description": "h4. Task:\n${{ github.event.pull_request.title }}\n${{ github.event.pull_request.html_url }}\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment",
+                   "summary": "$PR_TITLE in ${{ github.event.repository.name }}",
+                   "description": "h4. Task:\n$PR_TITLE\n$PR_HTML_URL\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment",
                    "issuetype": {
                      "id": "10100"
                    },

.github/workflows/dependency-review.yml

@@ -11,6 +11,6 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4
         with:
-          allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0
+          allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, AGPL-3.0

.github/workflows/push.yml

@@ -44,7 +44,7 @@ jobs:
             type=ref,event=branch,enable=false,priority=600
             type=sha,enable=true,priority=600,prefix=
       - name: Log into registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -56,7 +56,7 @@ jobs:
 
       - name: Set up Docker Buildx
         if: ${{ env.IMAGE_EXISTS == 0 }}
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Build and push ${{ github.repository }}
         if: ${{ env.IMAGE_EXISTS == 0 }}
@@ -88,17 +88,22 @@ jobs:
           branch: ${{ steps.extract_branch_meta.outputs.branch }}
           sha: ${{ steps.extract_branch_meta.outputs.sha }}
       steps:
-          - name: Extract branch name
+          - name: Extract branch meta
             shell: bash
             id: extract_branch_meta
+            env:
+                PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
+                PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+                BRANCH_REF_NAME: ${{ github.ref_name}}
+                BRANCH_SHA: ${{ github.sha }}
             run: |
-              if [ "${{ github.event_name }}" == 'pull_request' ]; then
-                echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT
-                echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
-              else
-                echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
-                echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT
-              fi
+                if [ "${{ github.event_name }}" == 'pull_request' ]; then
+                  echo "branch=$PR_HEAD_REF" >> $GITHUB_OUTPUT
+                  echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT
+                else
+                  echo "branch=$BRANCH_REF_NAME" >> $GITHUB_OUTPUT
+                  echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT
+                fi
 
   deploy:
     needs:
@@ -136,7 +141,7 @@ jobs:
         security-events: write
     steps:
       - name: run trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
+        uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9
         with:
           image-ref: 'ghcr.io/${{ github.repository }}-default:${{ needs.branch_meta.outputs.sha }}'
           format: 'sarif'
@@ -145,7 +150,7 @@ jobs:
           ignore-unfixed: true
       - name: upload trivy results
         if: ${{ always() }}
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
 

.github/workflows/tag.yml

@@ -29,13 +29,13 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Log into docker registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
       - name: Log into quay registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
             registry: quay.io
             username: ${{ secrets.QUAY_USERNAME }}
@@ -64,7 +64,7 @@ jobs:
           contents: write
       steps:
           - name: create sbom
-            uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2
+            uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9
             with:
                 scan-type: 'image'
                 format: 'cyclonedx'