From b5fcf1ee508027bd4b4f9928705d2775f3f144df Mon Sep 17 00:00:00 2001 From: Phillip Date: Thu, 16 Jan 2025 16:12:15 +0100 Subject: [PATCH] BC-8113 update gh-actions (#37) --- .github/workflows/push.yml | 4 ++-- .github/workflows/tag.yml | 2 +- .github/workflows/test.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 7c09305..86bd1ac 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -58,7 +58,7 @@ jobs: - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: ./Dockerfile @@ -132,7 +132,7 @@ jobs: security-events: write steps: - name: run trivy vulnerability scanner - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 + uses: aquasecurity/trivy-action@0.29.0 with: image-ref: "ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}" format: "sarif" diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index 40d572c..b085683 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -40,7 +40,7 @@ jobs: password: ${{ secrets.QUAY_TOKEN }} - name: Build and push ${{ github.repository }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: ./Dockerfile diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 90cd99c..8e65c0f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -31,7 +31,7 @@ jobs: distribution: 'temurin' java-version: '17' - name: SonarCloud upload coverage - uses: SonarSource/sonarcloud-github-action@v2.1.1 + uses: SonarSource/sonarcloud-github-action@v4.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} @@ -43,4 +43,4 @@ jobs: - name: npm ci run: npm ci --prefer-offline --no-audit - name: npm run lint - run: npm run lint \ No newline at end of file + run: npm run lint