diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml index 2ce0432..d8882f6 100644 --- a/.github/workflows/add-to-project.yml +++ b/.github/workflows/add-to-project.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Add issue to project - uses: actions/add-to-project@v0.5.0 + uses: actions/add-to-project@v2.0.0 with: project-url: https://github.com/orgs/streamspace-dev/projects/2 github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/auto-label.yml b/.github/workflows/auto-label.yml index a9a0fed..f4b6efd 100644 --- a/.github/workflows/auto-label.yml +++ b/.github/workflows/auto-label.yml @@ -10,6 +10,6 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@v6 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0358da9..cc0bde8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,15 +20,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: ${{ env.NODE_VERSION }} @@ -71,15 +71,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Cache Go modules - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cache/go-build @@ -101,7 +101,7 @@ jobs: go tool cover -func=coverage.out - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v6 with: files: ./agents/k8s-agent/coverage.out flags: k8s-agent @@ -127,15 +127,15 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Cache Go modules - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cache/go-build @@ -171,7 +171,7 @@ jobs: - name: Upload coverage to Codecov if: hashFiles('api/coverage.out') != '' - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v6 with: files: ./api/coverage.out flags: api @@ -182,15 +182,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: ${{ env.NODE_VERSION }} - name: Cache node modules - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('ui/package-lock.json') }} @@ -207,7 +207,7 @@ jobs: - name: Upload coverage to Codecov if: hashFiles('ui/coverage/lcov.info') != '' - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v6 with: files: ./ui/coverage/lcov.info flags: ui @@ -219,15 +219,15 @@ jobs: needs: [lint, test-k8s-agent, test-api, test-ui] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: ${{ env.NODE_VERSION }} @@ -263,19 +263,19 @@ jobs: echo "UI build size: $(du -sh build | awk '{print $1}')" - name: Upload K8s Agent artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: k8s-agent-binary path: agents/k8s-agent/bin/k8s-agent - name: Upload Control Plane API artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: api-binary path: api/bin/api - name: Upload UI artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ui-build path: ui/build/ @@ -285,10 +285,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: 'v3.14.0' diff --git a/.github/workflows/container-images.yml b/.github/workflows/container-images.yml index c1d055c..6ce866d 100644 --- a/.github/workflows/container-images.yml +++ b/.github/workflows/container-images.yml @@ -35,14 +35,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -56,7 +56,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.IMAGE_PREFIX }}-k8s-agent tags: | @@ -77,7 +77,7 @@ jobs: - name: Build and push K8s Agent image id: build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: ./agents/k8s-agent file: ./agents/k8s-agent/Dockerfile @@ -193,7 +193,7 @@ jobs: - name: Upload K8s Agent SBOM if: github.event_name != 'pull_request' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-k8s-agent path: sbom-k8s-agent.spdx.json @@ -204,14 +204,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -225,7 +225,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.IMAGE_PREFIX }}-api tags: | @@ -246,7 +246,7 @@ jobs: - name: Build and push API image id: build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: ./api file: ./api/Dockerfile @@ -362,7 +362,7 @@ jobs: - name: Upload API SBOM if: github.event_name != 'pull_request' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-api path: sbom-api.spdx.json @@ -373,14 +373,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -394,7 +394,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.IMAGE_PREFIX }}-ui tags: | @@ -415,7 +415,7 @@ jobs: - name: Build and push UI image id: build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: ./ui file: ./ui/Dockerfile @@ -531,7 +531,7 @@ jobs: - name: Upload UI SBOM if: github.event_name != 'pull_request' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-ui path: sbom-ui.spdx.json @@ -566,7 +566,7 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: 'trivy-${{ matrix.component }}-results.sarif' category: 'trivy-${{ matrix.component }}' @@ -585,7 +585,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: token: ${{ secrets.GITHUB_TOKEN }} @@ -619,7 +619,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 @@ -642,7 +642,7 @@ jobs: echo "$CHANGELOG" > CHANGELOG.txt - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: 'v3.14.0' @@ -652,7 +652,7 @@ jobs: mv streamspace-${{ steps.version.outputs.VERSION_NUM }}.tgz streamspace-helm-chart.tgz - name: Download SBOMs - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: path: sboms @@ -713,7 +713,7 @@ jobs: EOF - name: Create GitHub Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v3 with: body_path: RELEASE_NOTES.md files: | diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml index c5cebea..b276a06 100644 --- a/.github/workflows/github-pages.yml +++ b/.github/workflows/github-pages.yml @@ -24,10 +24,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Deploy to GitHub Pages - uses: peaceiris/actions-gh-pages@v3 + uses: peaceiris/actions-gh-pages@v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./site diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 79c3d13..a8f9dbd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 @@ -47,7 +47,7 @@ jobs: echo "EOF" >> $GITHUB_OUTPUT - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: 'v3.14.0' @@ -112,7 +112,7 @@ jobs: EOF - name: Create GitHub Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v3 with: body_path: RELEASE_NOTES.md files: | @@ -128,10 +128,10 @@ jobs: needs: release steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Checkout gh-pages branch - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: gh-pages path: gh-pages @@ -142,7 +142,7 @@ jobs: run: echo "VERSION_NUM=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: 'v3.14.0' @@ -185,7 +185,7 @@ jobs: output: 'trivy-results-${{ matrix.component }}.sarif' - name: Upload Trivy results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: 'trivy-results-${{ matrix.component }}.sarif' category: 'trivy-${{ matrix.component }}' diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 21815a1..138303a 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -24,10 +24,10 @@ jobs: component: [api, ui, kubernetes-controller] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Build container image for scanning run: | @@ -49,7 +49,7 @@ jobs: exit-code: ${{ github.event_name == 'pull_request' && '0' || '1' }} - name: Upload Trivy results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: always() with: sarif_file: 'trivy-${{ matrix.component }}-results.sarif' @@ -66,7 +66,7 @@ jobs: - name: Upload Trivy HTML report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: trivy-${{ matrix.component }}-report path: trivy-${{ matrix.component }}-report.html @@ -80,10 +80,10 @@ jobs: component: [api, k8s-controller] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.25' @@ -109,10 +109,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '18' cache: 'npm' @@ -142,12 +142,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Full history for comprehensive scanning - name: Run Gitleaks - uses: gitleaks/gitleaks-action@v2 + uses: gitleaks/gitleaks-action@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} @@ -159,7 +159,7 @@ jobs: image: returntocorp/semgrep steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run Semgrep run: | @@ -170,7 +170,7 @@ jobs: --severity=WARNING - name: Upload Semgrep results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: always() with: sarif_file: semgrep-results.sarif @@ -189,19 +189,19 @@ jobs: language: ['go', 'javascript'] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: '/language:${{ matrix.language }}' @@ -210,7 +210,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run Kubesec continue-on-error: ${{ github.event_name == 'pull_request' }} @@ -230,7 +230,7 @@ jobs: soft_fail: ${{ github.event_name == 'pull_request' }} - name: Upload Checkov results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: always() with: sarif_file: checkov-k8s-results.sarif @@ -244,10 +244,10 @@ jobs: component: [api, ui, k8s-controller] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run Hadolint - uses: hadolint/hadolint-action@v3.1.0 + uses: hadolint/hadolint-action@v3.3.0 with: dockerfile: ${{ matrix.component }}/Dockerfile failure-threshold: warning @@ -258,11 +258,11 @@ jobs: if: github.event_name == 'pull_request' steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Dependency Review continue-on-error: true - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@v5 with: fail-on-severity: high deny-licenses: GPL-2.0, GPL-3.0 diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml index be89bf7..84c65e1 100644 --- a/.github/workflows/stale-issues.yml +++ b/.github/workflows/stale-issues.yml @@ -11,7 +11,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: | diff --git a/.github/workflows/wave-tracking.yml b/.github/workflows/wave-tracking.yml index 6cfd048..030292f 100644 --- a/.github/workflows/wave-tracking.yml +++ b/.github/workflows/wave-tracking.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Check PR for Wave Label if: github.event_name == 'pull_request' - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const pr = github.context.payload.pull_request; @@ -59,7 +59,7 @@ jobs: steps: - name: Add ready-for-testing label when PR merged if: github.event.pull_request.merged == true - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const pr = github.context.payload.pull_request; @@ -92,7 +92,7 @@ jobs: if: github.event_name == 'schedule' || contains(github.event.comment.body, '/wave-status') steps: - name: Generate Wave Status Report - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const { owner, repo } = github.context.repo; @@ -138,7 +138,7 @@ jobs: if: github.event.pull_request.merged == true steps: - name: Check if all wave issues done - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const { owner, repo } = github.context.repo; diff --git a/.github/workflows/weekly-report.yml b/.github/workflows/weekly-report.yml index 2214645..ff2a289 100644 --- a/.github/workflows/weekly-report.yml +++ b/.github/workflows/weekly-report.yml @@ -11,7 +11,7 @@ jobs: issues: write steps: - name: Generate Weekly Report - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const today = new Date();