From 63b16b4b97ea658390fd6c12dd3567a85051cfbb Mon Sep 17 00:00:00 2001 From: Jesse Jaara Date: Mon, 22 Jun 2026 14:31:30 +0300 Subject: [PATCH] Update Github Actions --- .github/workflows/check-renovatebot-config.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/dependency-scan.yml | 2 +- .github/workflows/doctoc.yml | 2 +- .../shared-build-and-publish-docker-image.yml | 12 ++++++------ .../shared-check-renovatebot-config.yml | 4 ++-- .github/workflows/shared-codeql.yml | 2 +- .github/workflows/shared-dependency-scan.yml | 4 ++-- .github/workflows/shared-run-e2e.yml | 18 +++++++++--------- .github/workflows/shared-secret-scan.yml | 6 +++--- .github/workflows/test-healthcheck-action.yml | 2 +- .../test-setup-e2e-environment-action.yml | 2 +- .../setup-e2e-environment/action.yml | 2 +- renovatebot/jore4-default-preset.json5 | 2 +- 14 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/check-renovatebot-config.yml b/.github/workflows/check-renovatebot-config.yml index 767ff38..d8e8c11 100644 --- a/.github/workflows/check-renovatebot-config.yml +++ b/.github/workflows/check-renovatebot-config.yml @@ -11,6 +11,6 @@ permissions: jobs: validate: - uses: HSLdevcom/jore4-tools/.github/workflows/shared-check-renovatebot-config.yml@shared-check-renovatebot-config-v2 + uses: HSLdevcom/jore4-tools/.github/workflows/shared-check-renovatebot-config.yml@main with: config_file_path: renovatebot/jore4-default-preset.json5 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 26ad49f..6a7224e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -18,6 +18,6 @@ permissions: jobs: analyze: - uses: HSLdevcom/jore4-tools/.github/workflows/shared-codeql.yml@shared-ghas-workflows-v2 + uses: HSLdevcom/jore4-tools/.github/workflows/shared-codeql.yml@main with: languages: '["actions", "python"]' diff --git a/.github/workflows/dependency-scan.yml b/.github/workflows/dependency-scan.yml index 042d818..327f86c 100644 --- a/.github/workflows/dependency-scan.yml +++ b/.github/workflows/dependency-scan.yml @@ -9,4 +9,4 @@ permissions: jobs: dependency-scan: - uses: HSLdevcom/jore4-tools/.github/workflows/shared-dependency-scan.yml@shared-ghas-workflows-v2 + uses: HSLdevcom/jore4-tools/.github/workflows/shared-dependency-scan.yml@main diff --git a/.github/workflows/doctoc.yml b/.github/workflows/doctoc.yml index e087aca..8cbe9e5 100644 --- a/.github/workflows/doctoc.yml +++ b/.github/workflows/doctoc.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Run doctoc on README run: npx doctoc README.md diff --git a/.github/workflows/shared-build-and-publish-docker-image.yml b/.github/workflows/shared-build-and-publish-docker-image.yml index 83d272f..6c1e2fa 100644 --- a/.github/workflows/shared-build-and-publish-docker-image.yml +++ b/.github/workflows/shared-build-and-publish-docker-image.yml @@ -89,15 +89,15 @@ jobs: - name: Set up QEMU if: ${{ inputs.build_arm64_image }} - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 with: platforms: 'arm64' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Azure login - uses: azure/login@v2 + uses: azure/login@v3 with: client-id: ${{ secrets.azure_client_id }} tenant-id: ${{ secrets.azure_tenant_id }} @@ -110,17 +110,17 @@ jobs: # Checkout is needed when context is local "." # Otherwise the repository code will not be fetched for the build if: ${{ inputs.context == '.' }} - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Download artifacts if: ${{ inputs.artifact-id }} - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: artifact-ids: ${{ inputs.artifact-id }} path: ${{ inputs.artifact-path }} - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: tags: | ${{ steps.variables.outputs.docker_image }} diff --git a/.github/workflows/shared-check-renovatebot-config.yml b/.github/workflows/shared-check-renovatebot-config.yml index 2efde59..15dda43 100644 --- a/.github/workflows/shared-check-renovatebot-config.yml +++ b/.github/workflows/shared-check-renovatebot-config.yml @@ -22,11 +22,11 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: submodules: ${{ inputs.checkout_submodules }} - name: Validate config - uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 + uses: suzuki-shunsuke/github-action-renovate-config-validator@ee9f69e1f683ed0d08225086482b34fc9abe9300 # 2.1.0 with: config_file_path: ${{ inputs.config_file_path }} diff --git a/.github/workflows/shared-codeql.yml b/.github/workflows/shared-codeql.yml index 6878c1f..195d57e 100644 --- a/.github/workflows/shared-codeql.yml +++ b/.github/workflows/shared-codeql.yml @@ -40,7 +40,7 @@ jobs: language: ${{ fromJSON(inputs.languages) }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Set up Java if: matrix.language == 'java-kotlin' && inputs.java_version != '' diff --git a/.github/workflows/shared-dependency-scan.yml b/.github/workflows/shared-dependency-scan.yml index eb05fc2..f408b61 100644 --- a/.github/workflows/shared-dependency-scan.yml +++ b/.github/workflows/shared-dependency-scan.yml @@ -12,9 +12,9 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Dependency Review - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@v5 with: config-file: HSLdevcom/jore4-tools/.github/dependency-scan-config.yaml@main diff --git a/.github/workflows/shared-run-e2e.yml b/.github/workflows/shared-run-e2e.yml index 2e65d70..743582c 100644 --- a/.github/workflows/shared-run-e2e.yml +++ b/.github/workflows/shared-run-e2e.yml @@ -156,7 +156,7 @@ jobs: containers: [1, 2, 3, 4, 5, 6, 7, 8] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Start e2e env id: start-e2e-env uses: HSLdevcom/jore4-tools/github-actions/setup-e2e-environment@setup-e2e-environment-v11 @@ -234,7 +234,7 @@ jobs: cat ${{ github.workspace }}/durations.out.json - name: Upload test durations - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: "e2e-test-durations-${{ strategy.job-index }}" path: ${{ github.workspace }}/durations.out.json @@ -250,7 +250,7 @@ jobs: - name: Upload test reports as an artifact # Should be run especially when tests fail if: always() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: cypress-test-results-${{ strategy.job-index }} path: ${{ github.workspace }}/ctrf-report.json @@ -276,7 +276,7 @@ jobs: - name: Upload test reports as an artifact if: always() && steps.copy_test_reports.outputs.test_reports_exist == 'true' - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: cypress-docker-reports-${{ strategy.job-index }} path: ${{ github.workspace }}/test-reports @@ -316,7 +316,7 @@ jobs: - name: Upload Docker server logs as an artifact if: always() && steps.collect_docker_logs.outputs.test_server_logs_exist == 'true' - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: cypress-server-logs-${{ strategy.job-index }} path: ${{ github.workspace }}/docker-logs @@ -328,14 +328,14 @@ jobs: - run_e2e_tests steps: - name: Download E2E Test Results - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 continue-on-error: true with: pattern: cypress-test-results-* path: ${{ github.workspace }}/ctrf - name: Publish Test Report - uses: ctrf-io/github-test-reporter@024bc4b64d997ca9da86833c6b9548c55c620e40 # v1.0.26 + uses: ctrf-io/github-test-reporter@e500b992f936420eb633c91644cf10d4d71df700 # v1.1.0 with: report-path: "ctrf/*/*.json" summary-report: true @@ -352,7 +352,7 @@ jobs: - run_e2e_tests steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: fetch-depth: 0 repository: "HSLdevcom/jore4-ci-data" @@ -360,7 +360,7 @@ jobs: ssh-key: ${{ secrets.jore4_ci_data_repo_ssh_key }} - name: Download E2E Test Durations - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: pattern: e2e-test-durations-* path: ${{ github.workspace }}/split-durations diff --git a/.github/workflows/shared-secret-scan.yml b/.github/workflows/shared-secret-scan.yml index 40c46e7..4f2d25d 100644 --- a/.github/workflows/shared-secret-scan.yml +++ b/.github/workflows/shared-secret-scan.yml @@ -38,12 +38,12 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: fetch-depth: 0 - name: Secret Scanning - uses: trufflesecurity/trufflehog@ef6e76c3c4023279497fab4721ffa071a722fd05 # v3.92.4 + uses: trufflesecurity/trufflehog@30d5bb91af1a771378349dbbb0c82129392acf70 # v3.95.6 with: extra_args: --results=verified,unverified,unknown --exclude-detectors=AWS @@ -62,7 +62,7 @@ jobs: steps: - name: Send ${{ matrix.alert_type }} alert if: matrix.enabled - uses: dawidd6/action-send-mail@6e71c855c9a091d80a519621b9fd3e8d252ca40c # v7 + uses: dawidd6/action-send-mail@42942bc2f8fba4e611b459a018967a6a7c78c68c # v17 with: server_address: smtp.gmail.com server_port: 465 diff --git a/.github/workflows/test-healthcheck-action.yml b/.github/workflows/test-healthcheck-action.yml index 05b1336..c34a4eb 100644 --- a/.github/workflows/test-healthcheck-action.yml +++ b/.github/workflows/test-healthcheck-action.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Startup sample HTTP server run: docker run -d -p 8080:80 nginxdemos/hello diff --git a/.github/workflows/test-setup-e2e-environment-action.yml b/.github/workflows/test-setup-e2e-environment-action.yml index c8c7a80..d2d9506 100644 --- a/.github/workflows/test-setup-e2e-environment-action.yml +++ b/.github/workflows/test-setup-e2e-environment-action.yml @@ -58,7 +58,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Create a temporary custom docker compose file for testing run: | diff --git a/github-actions/setup-e2e-environment/action.yml b/github-actions/setup-e2e-environment/action.yml index 28465f5..669e401 100644 --- a/github-actions/setup-e2e-environment/action.yml +++ b/github-actions/setup-e2e-environment/action.yml @@ -114,7 +114,7 @@ runs: - name: Download docker-compose bundle from GHA artifact if: ${{ inputs.docker_compose_bundle_gha_artifact }} - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: jore4-docker-compose-bundle path: ${{ github.workspace }}/docker diff --git a/renovatebot/jore4-default-preset.json5 b/renovatebot/jore4-default-preset.json5 index 28fafdf..ce11b53 100644 --- a/renovatebot/jore4-default-preset.json5 +++ b/renovatebot/jore4-default-preset.json5 @@ -26,7 +26,7 @@ ], // what branches to look for updates - baseBranches: ["main"], + baseBranchPatterns: ["main"], // to reduce PR rebases, only rebase when the PR is conflicted. Except if group is marked as // automerge, in which case we do want the PR to be always up to date rebaseWhen: "auto",