From 5c16625c08b1f7cc6ecf55b4122d9bc3b177ec3a Mon Sep 17 00:00:00 2001 From: Uchinda Padmaperuma <89894943+uchinda-sph@users.noreply.github.com> Date: Wed, 7 Aug 2024 11:56:32 +0800 Subject: [PATCH 1/2] update GitHub Security Alerts for JIRA workflow --- .github/workflows/github-security-alerts-jira.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/github-security-alerts-jira.yaml b/.github/workflows/github-security-alerts-jira.yaml index 0f57cf1..f3aabe5 100644 --- a/.github/workflows/github-security-alerts-jira.yaml +++ b/.github/workflows/github-security-alerts-jira.yaml @@ -51,7 +51,7 @@ jobs: - ${{ inputs.runner_label }} steps: - name: "Sync Security Alerts to JIRA Issues" - uses: reload/github-security-jira@v1.3.1 + uses: reload/github-security-jira@v1.5.0 env: GH_SECURITY_TOKEN: ${{ secrets.ORG_GITHUB_TOKEN }} JIRA_TOKEN: ${{ secrets.JIRA_TOKEN }} From d33155db0809e1bc1170494ce4e22a8190e406e6 Mon Sep 17 00:00:00 2001 From: Uchinda Padmaperuma <89894943+uchinda-sph@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:52:10 +0800 Subject: [PATCH 2/2] Update the workflow versions --- .github/workflows/aqua-security.yaml | 6 +++--- .github/workflows/fortify-android.yaml | 4 ++-- .github/workflows/fortify-sarif-export.yaml | 5 +++-- .github/workflows/fortify.yaml | 7 ++++--- .github/workflows/meta.yaml | 2 +- .github/workflows/package-creation-ecr.yaml | 8 ++++---- .github/workflows/postman-integration-testing.yml | 2 +- .github/workflows/prisma.yaml | 6 +++--- .github/workflows/sonarqube.yaml | 2 +- 9 files changed, 22 insertions(+), 20 deletions(-) diff --git a/.github/workflows/aqua-security.yaml b/.github/workflows/aqua-security.yaml index bc45c80..2111aa5 100644 --- a/.github/workflows/aqua-security.yaml +++ b/.github/workflows/aqua-security.yaml @@ -101,7 +101,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set Variable id: set-vars @@ -116,7 +116,7 @@ jobs: shell: bash - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: role-skip-session-tagging: true role-to-assume: ${{ inputs.aws_iam_role_arn }} @@ -133,7 +133,7 @@ jobs: if: ${{ (inputs.docker_tag_name =='') && (inputs.ecr_image_name !='') && (inputs.aws_account_id != '') }} - name: Docker Build and Push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ${{ inputs.docker_file_context }} file: ${{ inputs.docker_file }} diff --git a/.github/workflows/fortify-android.yaml b/.github/workflows/fortify-android.yaml index 46640a1..f419c1d 100644 --- a/.github/workflows/fortify-android.yaml +++ b/.github/workflows/fortify-android.yaml @@ -52,7 +52,7 @@ jobs: steps: # Check out source code - name: Check Out Source Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # Fetch at least the immediate parents so that if this is a pull request then we can checkout the head. fetch-depth: 2 @@ -111,7 +111,7 @@ jobs: ### Clean up of build folder - name: Save sourceanalyzer Logs - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 if: failure() with: name: scancentral-logs diff --git a/.github/workflows/fortify-sarif-export.yaml b/.github/workflows/fortify-sarif-export.yaml index 542bec3..bcb36d4 100644 --- a/.github/workflows/fortify-sarif-export.yaml +++ b/.github/workflows/fortify-sarif-export.yaml @@ -41,13 +41,14 @@ jobs: steps: # Check out source code - name: Check Out Source Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # Fetch at least the immediate parents so that if this is a pull request then we can checkout the head. fetch-depth: 2 - name: Setup Java - uses: actions/setup-java@v1 + uses: actions/setup-java@v4 with: + distribution: zulu java-version: 11 # Pull SAST issues from Fortify on Demand and generate GitHub-optimized SARIF output - name: Export Results diff --git a/.github/workflows/fortify.yaml b/.github/workflows/fortify.yaml index a737504..5567418 100644 --- a/.github/workflows/fortify.yaml +++ b/.github/workflows/fortify.yaml @@ -54,7 +54,7 @@ jobs: steps: # Check out source code - name: Check Out Source Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # Fetch at least the immediate parents so that if this is a pull request then we can checkout the head. fetch-depth: 2 @@ -66,8 +66,9 @@ jobs: # Java version to use depends on the Java version required to run your build (if any), # and the Java version supported by the ScanCentral Client version that you are running - name: Setup Java - uses: actions/setup-java@v1 + uses: actions/setup-java@v4 with: + distribution: zulu java-version: 11 ### Set up Fortify ScanCentral Client ### @@ -93,7 +94,7 @@ jobs: ### Archive ScanCentral Client logs on failure ### - name: Save ScanCentral Logs - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 if: failure() with: name: scancentral-logs diff --git a/.github/workflows/meta.yaml b/.github/workflows/meta.yaml index 1217b93..ec8db58 100644 --- a/.github/workflows/meta.yaml +++ b/.github/workflows/meta.yaml @@ -9,7 +9,7 @@ jobs: actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - uses: reviewdog/action-actionlint@v1 if: github.event_name == 'pull_request' - name: Check workflow files diff --git a/.github/workflows/package-creation-ecr.yaml b/.github/workflows/package-creation-ecr.yaml index b90c878..704b295 100644 --- a/.github/workflows/package-creation-ecr.yaml +++ b/.github/workflows/package-creation-ecr.yaml @@ -46,10 +46,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: role-skip-session-tagging: true role-to-assume: ${{ inputs.iam_role_arn }} @@ -69,7 +69,7 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Build and push Docker mutable image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} REPOSITORY: ${{ inputs.ecr_repository }} @@ -82,7 +82,7 @@ jobs: if: inputs.tag_mutability - name: Build and push Docker immutable image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} REPOSITORY: ${{ inputs.ecr_repository }} diff --git a/.github/workflows/postman-integration-testing.yml b/.github/workflows/postman-integration-testing.yml index a2dfdae..24de6c2 100644 --- a/.github/workflows/postman-integration-testing.yml +++ b/.github/workflows/postman-integration-testing.yml @@ -42,7 +42,7 @@ jobs: node-version: [18.x] steps: - name: Checkout newshub-postman collection - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: ${{inputs.repository_name}} ref: ${{inputs.repository_branch}} # main branch uses the github.ref_name diff --git a/.github/workflows/prisma.yaml b/.github/workflows/prisma.yaml index f2326e9..15ce403 100644 --- a/.github/workflows/prisma.yaml +++ b/.github/workflows/prisma.yaml @@ -45,7 +45,7 @@ jobs: steps: - name: Check out the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup image tag run: | @@ -60,7 +60,7 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Build the image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: push: false load: true @@ -72,7 +72,7 @@ jobs: if: inputs.action_cache != true - name: Build the image with cache - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: push: false load: true diff --git a/.github/workflows/sonarqube.yaml b/.github/workflows/sonarqube.yaml index dc58afc..218367c 100644 --- a/.github/workflows/sonarqube.yaml +++ b/.github/workflows/sonarqube.yaml @@ -26,7 +26,7 @@ jobs: - ${{ inputs.default_runner_override_label }} - ${{ inputs.runner_label }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - uses: sonarsource/sonarqube-scan-action@master