diff --git a/.github/workflows/shared-build-and-test.yaml b/.github/workflows/shared-build-and-test.yaml index 14e0e5c0..ac57f516 100644 --- a/.github/workflows/shared-build-and-test.yaml +++ b/.github/workflows/shared-build-and-test.yaml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up JDK uses: actions/setup-java@v3 @@ -36,7 +36,7 @@ jobs: path: target/site/jacoco/* - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2.4.0 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2 with: scan_severity: HIGH,CRITICAL failure_severity: CRITICAL diff --git a/.github/workflows/shared-check-stable-dependency.yaml b/.github/workflows/shared-check-stable-dependency.yaml index 2bc2051a..4c028d4d 100644 --- a/.github/workflows/shared-check-stable-dependency.yaml +++ b/.github/workflows/shared-check-stable-dependency.yaml @@ -8,7 +8,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Resolve dependencies run: mvn -B dependency:resolve diff --git a/.github/workflows/shared-java-publish-versioned-package.yaml b/.github/workflows/shared-java-publish-versioned-package.yaml index 5c9a854e..6689bad2 100644 --- a/.github/workflows/shared-java-publish-versioned-package.yaml +++ b/.github/workflows/shared-java-publish-versioned-package.yaml @@ -66,7 +66,7 @@ jobs: key: ${{ secrets.GPG_KEY }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2.4.0 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2 with: scan_severity: HIGH,CRITICAL failure_severity: CRITICAL diff --git a/.github/workflows/shared-publish-docker-versioned.yaml b/.github/workflows/shared-publish-docker-versioned.yaml index 845e649a..dee6963d 100644 --- a/.github/workflows/shared-publish-docker-versioned.yaml +++ b/.github/workflows/shared-publish-docker-versioned.yaml @@ -182,7 +182,7 @@ jobs: hide-progress: true - name: Upload Trivy scan report to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: inputs.publish_vulnerabilities == 'true' with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/shared-publish-image-aws-ecr.yaml b/.github/workflows/shared-publish-image-aws-ecr.yaml index 584455ba..a8f44602 100644 --- a/.github/workflows/shared-publish-image-aws-ecr.yaml +++ b/.github/workflows/shared-publish-image-aws-ecr.yaml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 6d5988a4..c2564400 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -87,52 +87,52 @@ jobs: id-token: write steps: - name: Log in to the Docker container registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GHCR_PAT }} - name: Checkout full history - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Checkout uid2-core repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ inputs.core_branch }} repository: IABTechLab/uid2-core path: uid2-core - name: Checkout uid2-optout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ inputs.optout_branch }} repository: IABTechLab/uid2-optout path: uid2-optout - name: Checkout uid2-admin repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ inputs.admin_branch }} repository: IABTechLab/uid2-admin path: uid2-admin - name: Checkout uid2-operator repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ inputs.operator_branch }} repository: IABTechLab/uid2-operator path: uid2-operator - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: v2 repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Checkout uid2-e2e repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: IABTechLab/uid2-e2e path: uid2-e2e diff --git a/.github/workflows/shared-validate-image.yaml b/.github/workflows/shared-validate-image.yaml index 8cece3f8..1ddf9d15 100644 --- a/.github/workflows/shared-validate-image.yaml +++ b/.github/workflows/shared-validate-image.yaml @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout full history - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 @@ -70,7 +70,7 @@ jobs: echo "git_commit=$(git show --format="%h" --no-patch)" >> $GITHUB_OUTPUT - name: Log in to the Docker container registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -106,7 +106,7 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: inputs.upload_vulnerabilities with: sarif_file: 'trivy-results.sarif' diff --git a/actions/build_scan_image/action.yaml b/actions/build_scan_image/action.yaml index b91c57ed..70e893ac 100644 --- a/actions/build_scan_image/action.yaml +++ b/actions/build_scan_image/action.yaml @@ -25,7 +25,7 @@ runs: echo "git_commit=$(git show --format="%h" --no-patch)" >> $GITHUB_OUTPUT - name: Log in to the Container registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -72,7 +72,7 @@ runs: hide-progress: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' diff --git a/actions/prepare_gcp_metadata/action.yaml b/actions/prepare_gcp_metadata/action.yaml index 58d3526d..cd0f62c1 100644 --- a/actions/prepare_gcp_metadata/action.yaml +++ b/actions/prepare_gcp_metadata/action.yaml @@ -41,7 +41,7 @@ runs: access_token_lifetime: 1200s - name: Set up Cloud SDK - uses: 'google-github-actions/setup-gcloud@v1' + uses: google-github-actions/setup-gcloud@v2 - name: Log in to the GCP Registry uses: docker/login-action@v3 @@ -62,7 +62,7 @@ runs: # Get the digest IMAGE_HASH=$(docker inspect --format='{{index .RepoDigests 0}}' "${IMAGE_NAME}:${IMAGE_TAG}" | cut -d'@' -f2) - echo "::set-output name=image_hash::${IMAGE_HASH}" + echo "image_hash=${IMAGE_HASH}" >> $GITHUB_OUTPUT - name: Prepare GCP enclave metadata id: metadata diff --git a/actions/vulnerability_scan/action.yaml b/actions/vulnerability_scan/action.yaml index 94098f74..2ffde899 100644 --- a/actions/vulnerability_scan/action.yaml +++ b/actions/vulnerability_scan/action.yaml @@ -33,7 +33,7 @@ runs: hide-progress: true - name: Upload Trivy scan report to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: inputs.publish_vulnerabilities == 'true' with: sarif_file: 'trivy-results.sarif' diff --git a/actions/vulnerability_scan_filesystem/action.yaml b/actions/vulnerability_scan_filesystem/action.yaml index 85053d0d..f6857306 100644 --- a/actions/vulnerability_scan_filesystem/action.yaml +++ b/actions/vulnerability_scan_filesystem/action.yaml @@ -29,7 +29,7 @@ runs: hide-progress: true - name: Upload Trivy scan report to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: inputs.publish_vulnerabilities == 'true' with: sarif_file: 'trivy-results.sarif'