Rocky Linux / RHEL versions up to 8.9 and 9.4. Also Fedora up to version 40

.github/workflows/Anchore-Container-Scan.yml

@@ -30,18 +30,24 @@ jobs:
           - 'linuxmintd/mint20-amd64'
           - 'debian:bookworm'
           - 'debian:bullseye'
-          - 'debian:buster'
+          #- 'debian:buster'        # buster-backports is no longer available from deb.debian.org. Sunsetting?
           - 'opensuse/leap:15.5'
           - 'opensuse/leap:15.4'
           - 'opensuse/leap:15.3'
           - 'opensuse/leap:15.2'
+          - 'fedora:40'
+          - 'fedora:39'
           - 'fedora:38'
           - 'fedora:37'
           - 'fedora:36'
           - 'fedora:35'
           - 'fedora:34'
+          - 'rockylinux:9.3'
+          - 'rockylinux:9.2'
           - 'rockylinux:9.1'
           - 'rockylinux:9.0'
+          - 'rockylinux:8.9'
+          - 'rockylinux:8.8'
           - 'rockylinux:8.7'
           - 'rockylinux:8.6'
           - 'rockylinux:8.5'
@@ -51,7 +57,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f #v4.1.3
         with:
           fetch-depth: 2
           submodules: false
@@ -64,14 +70,14 @@ jobs:
       #   run: script/cibuild
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 #v2.9.0
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #v3.3.0
         env:
           FROM:       ${{ matrix.FROM }}
           MY_OS_NAME: linux
           IS_RELEASE: 1
 
       - name: build local container
-        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 #v4.1.1
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 #v5.3.0
         env:
           FROM:       ${{ matrix.FROM }}
           MY_OS_NAME: linux
@@ -83,7 +89,7 @@ jobs:
           load: true
 
       - name: Scan image
-        uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 #v3.3.6
+        uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a #v3.6.4
         with:
           image: "localbuild/${{ matrix.FROM }}"
           fail-build: false

.github/workflows/fortify-on-demand-scan.yml

@@ -16,7 +16,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f #v4.1.3
 
       - name: Fortify on Demand Scan
         # You may pin to the exact commit or the version.

.github/workflows/gh-actions-pr.yml

@@ -20,18 +20,24 @@ jobs:
           - 'linuxmintd/mint20-amd64'
           - 'debian:bookworm'
           - 'debian:bullseye'
-          - 'debian:buster'
+          #- 'debian:buster'        # buster-backports is no longer available from deb.debian.org. Sunsetting?
           - 'opensuse/leap:15.5'
           - 'opensuse/leap:15.4'
           - 'opensuse/leap:15.3'
           - 'opensuse/leap:15.2'
+          - 'fedora:40'
+          - 'fedora:39'
           - 'fedora:38'
           - 'fedora:37'
           - 'fedora:36'
           - 'fedora:35'
           - 'fedora:34'
+          - 'rockylinux:9.3'
+          - 'rockylinux:9.2'
           - 'rockylinux:9.1'
           - 'rockylinux:9.0'
+          - 'rockylinux:8.9'
+          - 'rockylinux:8.8'
           - 'rockylinux:8.7'
           - 'rockylinux:8.6'
           - 'rockylinux:8.5'
@@ -40,7 +46,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+      uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f #v4.1.3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can check out the head.

.github/workflows/gh-actions-release.yml

@@ -27,18 +27,24 @@ jobs:
           - 'linuxmintd/mint20-amd64'
           - 'debian:bookworm'
           - 'debian:bullseye'
-          - 'debian:buster'
+          #- 'debian:buster'        # buster-backports is no longer available from deb.debian.org. Sunsetting?
           - 'opensuse/leap:15.5'
           - 'opensuse/leap:15.4'
           - 'opensuse/leap:15.3'
           - 'opensuse/leap:15.2'
+          - 'fedora:40'
+          - 'fedora:39'
           - 'fedora:38'
           - 'fedora:37'
           - 'fedora:36'
           - 'fedora:35'
           - 'fedora:34'
+          - 'rockylinux:9.3'
+          - 'rockylinux:9.2'
           - 'rockylinux:9.1'
           - 'rockylinux:9.0'
+          - 'rockylinux:8.9'
+          - 'rockylinux:8.8'
           - 'rockylinux:8.7'
           - 'rockylinux:8.6'
           - 'rockylinux:8.5'
@@ -47,7 +53,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+      uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f #v4.1.3
       with:
         fetch-depth: 2
         submodules: false
@@ -62,7 +68,7 @@ jobs:
         echo "${TAG_NAME}"
 
     - name: Docker Login
-      uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc #v2.2.0
+      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 #v3.1.0
       with:
         username: ${{ secrets.DOCKER_HUB_USER }}
         password: ${{ secrets.DOCKER_HUB_KEY }}