Upgrade GitHub Actions to latest versions #25
6
.github/workflows/cd.yml
vendored
6
.github/workflows/cd.yml
vendored
@@ -83,7 +83,7 @@ jobs:
|
|||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Set up kubectl
|
- name: Set up kubectl
|
||||||
uses: azure/setup-kubectl@v3
|
uses: azure/setup-kubectl@v4
|
||||||
with:
|
with:
|
||||||
version: 'v1.28.0'
|
version: 'v1.28.0'
|
||||||
|
|
||||||
@@ -129,7 +129,7 @@ jobs:
|
|||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Set up kubectl
|
- name: Set up kubectl
|
||||||
uses: azure/setup-kubectl@v3
|
uses: azure/setup-kubectl@v4
|
||||||
with:
|
with:
|
||||||
version: 'v1.28.0'
|
version: 'v1.28.0'
|
||||||
|
|
||||||
@@ -216,7 +216,7 @@ jobs:
|
|||||||
name: ${{ needs.pre-deployment.outputs.deploy_env }}
|
name: ${{ needs.pre-deployment.outputs.deploy_env }}
|
||||||
steps:
|
steps:
|
||||||
- name: Set up kubectl
|
- name: Set up kubectl
|
||||||
uses: azure/setup-kubectl@v3
|
uses: azure/setup-kubectl@v4
|
||||||
with:
|
with:
|
||||||
version: 'v1.28.0'
|
version: 'v1.28.0'
|
||||||
|
|
||||||
|
|||||||
8
.github/workflows/ci.yml
vendored
8
.github/workflows/ci.yml
vendored
@@ -126,7 +126,7 @@ jobs:
|
|||||||
pytest tests/integration/ -v --junitxml=integration-junit.xml
|
pytest tests/integration/ -v --junitxml=integration-junit.xml
|
||||||
|
|
||||||
- name: Upload coverage reports
|
- name: Upload coverage reports
|
||||||
uses: codecov/codecov-action@v3
|
uses: codecov/codecov-action@v5
|
||||||
with:
|
with:
|
||||||
file: ./coverage.xml
|
file: ./coverage.xml
|
||||||
flags: unittests
|
flags: unittests
|
||||||
@@ -210,7 +210,7 @@ jobs:
|
|||||||
type=raw,value=latest,enable={{is_default_branch}}
|
type=raw,value=latest,enable={{is_default_branch}}
|
||||||
|
|
||||||
- name: Build and push Docker image
|
- name: Build and push Docker image
|
||||||
uses: docker/build-push-action@v5
|
uses: docker/build-push-action@v6
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
target: production
|
target: production
|
||||||
@@ -236,7 +236,7 @@ jobs:
|
|||||||
output: 'trivy-results.sarif'
|
output: 'trivy-results.sarif'
|
||||||
|
|
||||||
- name: Upload Trivy scan results
|
- name: Upload Trivy scan results
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: 'trivy-results.sarif'
|
sarif_file: 'trivy-results.sarif'
|
||||||
@@ -272,7 +272,7 @@ jobs:
|
|||||||
"
|
"
|
||||||
|
|
||||||
- name: Deploy to GitHub Pages
|
- name: Deploy to GitHub Pages
|
||||||
uses: peaceiris/actions-gh-pages@v3
|
uses: peaceiris/actions-gh-pages@v4
|
||||||
with:
|
with:
|
||||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
publish_dir: ./docs
|
publish_dir: ./docs
|
||||||
|
|||||||
20
.github/workflows/security-scan.yml
vendored
20
.github/workflows/security-scan.yml
vendored
@@ -46,7 +46,7 @@ jobs:
|
|||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
|
||||||
- name: Upload Bandit results to GitHub Security
|
- name: Upload Bandit results to GitHub Security
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: bandit-results.sarif
|
sarif_file: bandit-results.sarif
|
||||||
@@ -70,7 +70,7 @@ jobs:
|
|||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
|
||||||
- name: Upload Semgrep results to GitHub Security
|
- name: Upload Semgrep results to GitHub Security
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: semgrep.sarif
|
sarif_file: semgrep.sarif
|
||||||
@@ -119,7 +119,7 @@ jobs:
|
|||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
|
||||||
- name: Upload Snyk results to GitHub Security
|
- name: Upload Snyk results to GitHub Security
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: snyk-results.sarif
|
sarif_file: snyk-results.sarif
|
||||||
@@ -153,7 +153,7 @@ jobs:
|
|||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
- name: Build Docker image for scanning
|
- name: Build Docker image for scanning
|
||||||
uses: docker/build-push-action@v5
|
uses: docker/build-push-action@v6
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
target: production
|
target: production
|
||||||
@@ -170,14 +170,14 @@ jobs:
|
|||||||
output: 'trivy-results.sarif'
|
output: 'trivy-results.sarif'
|
||||||
|
|
||||||
- name: Upload Trivy results to GitHub Security
|
- name: Upload Trivy results to GitHub Security
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: 'trivy-results.sarif'
|
sarif_file: 'trivy-results.sarif'
|
||||||
category: trivy
|
category: trivy
|
||||||
|
|
||||||
- name: Run Grype vulnerability scanner
|
- name: Run Grype vulnerability scanner
|
||||||
uses: anchore/scan-action@v3
|
uses: anchore/scan-action@v7
|
||||||
id: grype-scan
|
id: grype-scan
|
||||||
with:
|
with:
|
||||||
image: 'wifi-densepose:scan'
|
image: 'wifi-densepose:scan'
|
||||||
@@ -186,7 +186,7 @@ jobs:
|
|||||||
output-format: sarif
|
output-format: sarif
|
||||||
|
|
||||||
- name: Upload Grype results to GitHub Security
|
- name: Upload Grype results to GitHub Security
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: ${{ steps.grype-scan.outputs.sarif }}
|
sarif_file: ${{ steps.grype-scan.outputs.sarif }}
|
||||||
@@ -202,7 +202,7 @@ jobs:
|
|||||||
summary: true
|
summary: true
|
||||||
|
|
||||||
- name: Upload Docker Scout results
|
- name: Upload Docker Scout results
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: scout-results.sarif
|
sarif_file: scout-results.sarif
|
||||||
@@ -231,7 +231,7 @@ jobs:
|
|||||||
soft_fail: true
|
soft_fail: true
|
||||||
|
|
||||||
- name: Upload Checkov results to GitHub Security
|
- name: Upload Checkov results to GitHub Security
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: checkov-results.sarif
|
sarif_file: checkov-results.sarif
|
||||||
@@ -256,7 +256,7 @@ jobs:
|
|||||||
exclude_queries: 'a7ef1e8c-fbf8-4ac1-b8c7-2c3b0e6c6c6c'
|
exclude_queries: 'a7ef1e8c-fbf8-4ac1-b8c7-2c3b0e6c6c6c'
|
||||||
|
|
||||||
- name: Upload KICS results to GitHub Security
|
- name: Upload KICS results to GitHub Security
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v4
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
sarif_file: kics-results/results.sarif
|
sarif_file: kics-results/results.sarif
|
||||||
|
|||||||
Reference in New Issue
Block a user