From a12dbb0972ffa57a93459c423a9a239c46f79c93 Mon Sep 17 00:00:00 2001 From: valyo <582646+valyo@users.noreply.github.com> Date: Wed, 25 Sep 2024 12:13:01 +0200 Subject: [PATCH 01/12] bump actions/checkout to v4 --- .github/workflows/trivy-scan-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trivy-scan-branch.yml b/.github/workflows/trivy-scan-branch.yml index e17032ce5..2597ea7f5 100644 --- a/.github/workflows/trivy-scan-branch.yml +++ b/.github/workflows/trivy-scan-branch.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master From 2e2e00d8d0b11c0975b9cec957f0dcc06451c611 Mon Sep 17 00:00:00 2001 From: valyo <582646+valyo@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:39:22 +0200 Subject: [PATCH 02/12] add sprintlog --- SPRINTLOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SPRINTLOG.md b/SPRINTLOG.md index c8c7c7d62..afbaaf5ca 100644 --- a/SPRINTLOG.md +++ b/SPRINTLOG.md @@ -430,3 +430,7 @@ _Nothing merged during this sprint_ - Flask command to update unit quotas ([#1551](https://github.com/ScilifelabDataCentre/dds_web/pull/1551)) - Bump python base image to 3.12 and related libraries in both web and client([#1548](https://github.com/ScilifelabDataCentre/dds_web/pull/1548)) + +# 2024-09-23 - 2024-10-04 + +- Bump GitHub checkout action to v4 ([#1556](https://github.com/ScilifelabDataCentre/dds_web/pull/1556)) From 2d6abc7ca31fcaae36d7d019ed29eafc0804bfce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 08:59:00 +0200 Subject: [PATCH 03/12] bump python-black checkout version --- .github/workflows/python-black.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-black.yml b/.github/workflows/python-black.yml index 9536d5c96..3e674e485 100644 --- a/.github/workflows/python-black.yml +++ b/.github/workflows/python-black.yml @@ -15,7 +15,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: psf/black@stable with: version: ${{ env.INPUT_VERSION }} From 0eb129b03dcf74cfdf7b2516024900fa84203ec5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 09:03:05 +0200 Subject: [PATCH 04/12] prettier --- .github/workflows/prettier.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index 11177e326..99ad0661c 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -9,9 +9,9 @@ jobs: Prettier: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 - name: Install Prettier run: npm install -g prettier From 10a0df24a660346310709073c29a18858fbafa08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 09:04:28 +0200 Subject: [PATCH 05/12] yaml --- .github/workflows/lint-yaml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index e7ce78f9b..b64a8820c 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -13,7 +13,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: yaml-lint uses: ibiqlik/action-yamllint@v3 with: From 84875070e78d812e8cd5bba98a069f1f4605377a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 09:05:40 +0200 Subject: [PATCH 06/12] trivy scan branch bump --- .github/workflows/trivy-scan-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trivy-scan-branch.yml b/.github/workflows/trivy-scan-branch.yml index e17032ce5..2597ea7f5 100644 --- a/.github/workflows/trivy-scan-branch.yml +++ b/.github/workflows/trivy-scan-branch.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master From a77d36477ecfe04ac6490557bbd606971c2972f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 09:13:12 +0200 Subject: [PATCH 07/12] upload sarif snyk --- .github/workflows/snyk-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index c6c9a48e7..0d1c905fe 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -30,7 +30,7 @@ jobs: command: code test args: --sarif-file-output=snyk.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif category: snyk From 30684d3948a519d982fd8e3992cb8834509a03a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 10:50:35 +0200 Subject: [PATCH 08/12] bump all checkout actions to v4 --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker-compose-tests.yml | 2 +- .github/workflows/trivy-scheduled-dev.yml | 2 +- .github/workflows/trivy-scheduled-master.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7b2b043b5..6bd457ef8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/docker-compose-tests.yml b/.github/workflows/docker-compose-tests.yml index 8dd1e6c79..76ece1bb5 100644 --- a/.github/workflows/docker-compose-tests.yml +++ b/.github/workflows/docker-compose-tests.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run tests against database container run: docker compose -f docker-compose.yml -f tests/docker-compose-test.yml up --build --exit-code-from backend diff --git a/.github/workflows/trivy-scheduled-dev.yml b/.github/workflows/trivy-scheduled-dev.yml index 7bd34cf9d..00aaafd12 100644 --- a/.github/workflows/trivy-scheduled-dev.yml +++ b/.github/workflows/trivy-scheduled-dev.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Ensure lowercase name run: echo REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr "[:upper:]" "[:lower:]") >> $GITHUB_ENV diff --git a/.github/workflows/trivy-scheduled-master.yml b/.github/workflows/trivy-scheduled-master.yml index e2ef46b86..682a83200 100644 --- a/.github/workflows/trivy-scheduled-master.yml +++ b/.github/workflows/trivy-scheduled-master.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: master From 2dc25e8e55d0d276952a91b4ed8de49960ea8d24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 10:56:37 +0200 Subject: [PATCH 09/12] only change checkout versions --- .github/workflows/prettier.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index 99ad0661c..2cbb09232 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -11,7 +11,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v3 - name: Install Prettier run: npm install -g prettier From 7bbf20ce405c411c4d8e40bc7dc857c65f9a9ed9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 10:57:39 +0200 Subject: [PATCH 10/12] only change checkout versions --- .github/workflows/publish_and_trivyscan.yml | 2 +- .github/workflows/snyk-scan.yml | 2 +- .github/workflows/trivy-scan-branch.yml | 2 +- .github/workflows/trivy-scheduled-dev.yml | 2 +- .github/workflows/trivy-scheduled-master.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish_and_trivyscan.yml b/.github/workflows/publish_and_trivyscan.yml index f250b7fba..b81a31092 100644 --- a/.github/workflows/publish_and_trivyscan.yml +++ b/.github/workflows/publish_and_trivyscan.yml @@ -127,7 +127,7 @@ jobs: output: "trivy-results.sarif" severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to Github Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: "trivy-results.sarif" category: trivy-build diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 0d1c905fe..c6c9a48e7 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -30,7 +30,7 @@ jobs: command: code test args: --sarif-file-output=snyk.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif category: snyk diff --git a/.github/workflows/trivy-scan-branch.yml b/.github/workflows/trivy-scan-branch.yml index 2597ea7f5..25dbee8f9 100644 --- a/.github/workflows/trivy-scan-branch.yml +++ b/.github/workflows/trivy-scan-branch.yml @@ -31,7 +31,7 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: "trivy-results.sarif" category: trivy diff --git a/.github/workflows/trivy-scheduled-dev.yml b/.github/workflows/trivy-scheduled-dev.yml index 00aaafd12..338e924fe 100644 --- a/.github/workflows/trivy-scheduled-dev.yml +++ b/.github/workflows/trivy-scheduled-dev.yml @@ -33,7 +33,7 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to dev branch GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: "trivy-results-dev.sarif" category: trivy-dev diff --git a/.github/workflows/trivy-scheduled-master.yml b/.github/workflows/trivy-scheduled-master.yml index 682a83200..374bfe394 100644 --- a/.github/workflows/trivy-scheduled-master.yml +++ b/.github/workflows/trivy-scheduled-master.yml @@ -35,7 +35,7 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to master branch GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: "trivy-results-master.sarif" category: trivy-master From 68829a61b94d8ff173be24b89b055a1d39c651dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 10:58:09 +0200 Subject: [PATCH 11/12] only change checkout versions --- .github/workflows/publish_and_trivyscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_and_trivyscan.yml b/.github/workflows/publish_and_trivyscan.yml index b81a31092..f250b7fba 100644 --- a/.github/workflows/publish_and_trivyscan.yml +++ b/.github/workflows/publish_and_trivyscan.yml @@ -127,7 +127,7 @@ jobs: output: "trivy-results.sarif" severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to Github Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: "trivy-results.sarif" category: trivy-build From f443da96b1f88020945b85a88eab79489953a35e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 25 Oct 2024 10:59:27 +0200 Subject: [PATCH 12/12] only change checkout versions --- .github/workflows/trivy-scan-branch.yml | 2 +- .github/workflows/trivy-scheduled-dev.yml | 2 +- .github/workflows/trivy-scheduled-master.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/trivy-scan-branch.yml b/.github/workflows/trivy-scan-branch.yml index 25dbee8f9..2597ea7f5 100644 --- a/.github/workflows/trivy-scan-branch.yml +++ b/.github/workflows/trivy-scan-branch.yml @@ -31,7 +31,7 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: "trivy-results.sarif" category: trivy diff --git a/.github/workflows/trivy-scheduled-dev.yml b/.github/workflows/trivy-scheduled-dev.yml index 338e924fe..00aaafd12 100644 --- a/.github/workflows/trivy-scheduled-dev.yml +++ b/.github/workflows/trivy-scheduled-dev.yml @@ -33,7 +33,7 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to dev branch GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: "trivy-results-dev.sarif" category: trivy-dev diff --git a/.github/workflows/trivy-scheduled-master.yml b/.github/workflows/trivy-scheduled-master.yml index 374bfe394..682a83200 100644 --- a/.github/workflows/trivy-scheduled-master.yml +++ b/.github/workflows/trivy-scheduled-master.yml @@ -35,7 +35,7 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to master branch GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: "trivy-results-master.sarif" category: trivy-master