From 9da004cfd1f14c034e677c6feb0f983046c7c519 Mon Sep 17 00:00:00 2001 From: Tero Saarni Date: Thu, 25 Jan 2024 08:26:35 +0200 Subject: [PATCH] bump github actions --- .github/workflows/codeql-analysis.yml | 59 +++++++++++++-------------- .github/workflows/release.yml | 9 ++-- .github/workflows/trivy.yml | 19 +++++---- .github/workflows/unit-test.yml | 52 +++++++++++------------ 4 files changed, 70 insertions(+), 69 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b06a2c1..4af9203 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,12 +13,12 @@ name: "CodeQL" on: push: - branches: [ master ] + branches: [master] pull_request: # The branches below must be a subset of the branches above - branches: [ master ] + branches: [master] schedule: - - cron: '22 8 * * 0' + - cron: "22 8 * * 0" jobs: analyze: @@ -32,41 +32,40 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go' ] + language: ["go"] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c4b9a05..4d2a71a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,22 +3,21 @@ name: Create release and upload artifacts on: push: tags: - - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 + - "v*" # Push events to matching v*, i.e. v1.0, v20.15.10 jobs: - build: name: Build release artifacts, create release and upload artifacts runs-on: ubuntu-latest steps: - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: # https://github.com/actions/go-versions/blob/main/versions-manifest.json - go-version: 'stable' + go-version: "stable" - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get dependencies run: go get -v -t -d ./... diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 9a3602e..0221189 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -10,18 +10,19 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + # https://github.com/aquasecurity/trivy-action - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@0.16.0 + uses: aquasecurity/trivy-action@0.16.1 with: - scan-type: 'fs' - format: 'sarif' - output: 'trivy-results.sarif' - scanners: 'vuln,secret,config' - severity: 'CRITICAL,HIGH' + scan-type: "fs" + format: "sarif" + output: "trivy-results.sarif" + scanners: "vuln,secret,config" + severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: 'trivy-results.sarif' + sarif_file: "trivy-results.sarif" diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 4985968..5808ed8 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -2,38 +2,40 @@ name: unit-tests on: push: - branches: [ master ] + branches: [master] pull_request: - branches: [ master ] + branches: [master] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - - name: Set up Go - uses: actions/setup-go@v3 - with: - # https://github.com/actions/go-versions/blob/main/versions-manifest.json - go-version: 'stable' - id: go - - - name: Checkout code - uses: actions/checkout@v3 - - - name: Get dependencies - run: | - go get -v -t -d ./... - - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 - with: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + # https://github.com/actions/go-versions/blob/main/versions-manifest.json + go-version: "stable" + id: go + + - name: Get dependencies + run: | + go get -v -t -d ./... + + # https://github.com/golangci/golangci-lint-action + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: version: v1.55.2 + # Workaround for "file exists" errors while running tar. + # golangci-lint-action conflicts with caching in setup-go + skip-pkg-cache: true - - name: Build - run: make build + - name: Build + run: make build - - name: Unit tests - run: make test + - name: Unit tests + run: make test