From 58e7a279de86ae77f8f3497c71c7c17bc76b53b5 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 11:02:35 +0000
Subject: [PATCH] Update GitHub Action Versions
---
.github/workflows/actions-update.yml | 2 +-
.github/workflows/code-scan.yml | 6 +++---
.github/workflows/dbmisvc-app-deploy.yml | 10 +++++-----
.github/workflows/requirements-update.yml | 6 +++---
.github/workflows/scan.yml | 10 +++++-----
.github/workflows/test-image-build.yml | 8 ++++----
6 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/.github/workflows/actions-update.yml b/.github/workflows/actions-update.yml
index 51fd019..9013c4b 100644
--- a/.github/workflows/actions-update.yml
+++ b/.github/workflows/actions-update.yml
@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
with:
# [Required] Access token with `workflow` scope.
token: ${{ secrets.WORKFLOW_TOKEN }}
diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml
index 219fc88..7f6c626 100644
--- a/.github/workflows/code-scan.yml
+++ b/.github/workflows/code-scan.yml
@@ -15,12 +15,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checking out
- uses: actions/checkout@master
+ uses: actions/checkout@v4.2.2
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarQube Scan
- uses: sonarsource/sonarqube-scan-action@v3
+ uses: sonarsource/sonarqube-scan-action@v4.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
@@ -28,7 +28,7 @@ jobs:
# Check the Quality Gate status.
- name: SonarQube Quality Gate check
id: sonarqube-quality-gate-check
- uses: sonarsource/sonarqube-quality-gate-action@master
+ uses: sonarsource/sonarqube-quality-gate-action@v1.1.0
# Force to fail step after specific time.
timeout-minutes: 5
env:
diff --git a/.github/workflows/dbmisvc-app-deploy.yml b/.github/workflows/dbmisvc-app-deploy.yml
index 1eda739..e7642ba 100644
--- a/.github/workflows/dbmisvc-app-deploy.yml
+++ b/.github/workflows/dbmisvc-app-deploy.yml
@@ -52,15 +52,15 @@ jobs:
released: ${{ steps.semantic.outputs.new_release_published }}
channel: ${{ steps.semantic.outputs.new_release_channel }}
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
- name: Set up Python 3.11
- uses: actions/setup-python@v5
+ uses: actions/setup-python@v5.3.0
with:
python-version: 3.11
- name: Install Python packages
run: |
python -m pip install --upgrade pip
- - uses: cycjimmy/semantic-release-action@v4
+ - uses: cycjimmy/semantic-release-action@v4.1.1
id: semantic
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
@@ -89,7 +89,7 @@ jobs:
git checkout ${{ needs.metadata.outputs.branch }}
- name: Configure AWS credentials
if: steps.semantic.outputs.new_release_published == 'true' || inputs.force
- uses: aws-actions/configure-aws-credentials@v4
+ uses: aws-actions/configure-aws-credentials@v4.0.2
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ inputs.role }}
@@ -101,7 +101,7 @@ jobs:
run: git rev-parse HEAD > COMMIT
- name: Zip artifacts
if: steps.semantic.outputs.new_release_published == 'true' || inputs.force
- uses: thedoctor0/zip-release@master
+ uses: thedoctor0/zip-release@0.7.6
with:
type: "zip"
filename: "${{ inputs.filename }}"
diff --git a/.github/workflows/requirements-update.yml b/.github/workflows/requirements-update.yml
index b57c1f6..75b0290 100644
--- a/.github/workflows/requirements-update.yml
+++ b/.github/workflows/requirements-update.yml
@@ -60,12 +60,12 @@ jobs:
echo "dev_requirements=${DEV_REQUIREMENTS:-"dev-requirements.txt"}" >> "$GITHUB_OUTPUT"
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
with:
ref: ${{ steps.set_input_values.outputs.base_branch }}
- name: Setup python
- uses: actions/setup-python@v5
+ uses: actions/setup-python@v5.3.0
with:
python-version: ${{ steps.set_input_values.outputs.python_version }}
@@ -83,7 +83,7 @@ jobs:
${{ steps.set_input_values.outputs.requirements_input }}
- name: Create Pull Request
- uses: peter-evans/create-pull-request@v7
+ uses: peter-evans/create-pull-request@v7.0.5
with:
token: ${{ secrets.GH_TOKEN }}
base: ${{ steps.set_input_values.outputs.base_branch }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index 4a6b0c8..5764320 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -22,13 +22,13 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
+ uses: docker/setup-buildx-action@v3.7.1
- name: Login to DockerHub
- uses: docker/login-action@v3
+ uses: docker/login-action@v3.3.0
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
@@ -44,7 +44,7 @@ jobs:
- name: Build the image
id: buildimage
- uses: docker/build-push-action@v5
+ uses: docker/build-push-action@v6.9.0
with:
load: true
context: ./
@@ -53,7 +53,7 @@ jobs:
tags: ${{ steps.setimagename.outputs.imagename }}
- name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@master
+ uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: "aquasec/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2"
TRIVY_JAVA_DB_REPOSITORY: "aquasec/trivy-java-db:1,public.ecr.aws/aquasecurity/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1"
diff --git a/.github/workflows/test-image-build.yml b/.github/workflows/test-image-build.yml
index b9700fe..c9a4124 100644
--- a/.github/workflows/test-image-build.yml
+++ b/.github/workflows/test-image-build.yml
@@ -22,13 +22,13 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
+ uses: docker/setup-buildx-action@v3.7.1
- name: Login to DockerHub
- uses: docker/login-action@v3
+ uses: docker/login-action@v3.3.0
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
@@ -44,7 +44,7 @@ jobs:
- name: Build the image
id: buildimage
- uses: docker/build-push-action@v5
+ uses: docker/build-push-action@v6.9.0
with:
context: ./
file: ./Dockerfile