From aa3a9ee8553a70ea90584ac769cd716cc75f4fb6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 31 May 2026 10:45:35 +0000 Subject: [PATCH] chore(deps): bump the gha-deps group across 1 directory with 22 updates Bumps the gha-deps group with 22 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/add-to-project](https://github.com/actions/add-to-project) | `0.5.0` | `2.0.0` | | [actions/labeler](https://github.com/actions/labeler) | `5` | `6` | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4` | `5` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5` | `6` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5` | `7` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `1` | `3` | | [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) | `3` | `4` | | [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2` | `3` | | [hadolint/hadolint-action](https://github.com/hadolint/hadolint-action) | `3.1.0` | `3.3.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4` | `5` | | [actions/stale](https://github.com/actions/stale) | `9` | `10` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `9` | Updates `actions/add-to-project` from 0.5.0 to 2.0.0 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/v0.5.0...v2.0.0) Updates `actions/labeler` from 5 to 6 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/v5...v6) Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `codecov/codecov-action` from 4 to 6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4...v6) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `azure/setup-helm` from 4 to 5 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/v4...v5) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) Updates `docker/metadata-action` from 5 to 6 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) Updates `docker/build-push-action` from 5 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v7) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `actions/download-artifact` from 4 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v8) Updates `softprops/action-gh-release` from 1 to 3 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v1...v3) Updates `peaceiris/actions-gh-pages` from 3 to 4 - [Release notes](https://github.com/peaceiris/actions-gh-pages/releases) - [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md) - [Commits](https://github.com/peaceiris/actions-gh-pages/compare/v3...v4) Updates `gitleaks/gitleaks-action` from 2 to 3 - [Release notes](https://github.com/gitleaks/gitleaks-action/releases) - [Commits](https://github.com/gitleaks/gitleaks-action/compare/v2...v3) Updates `hadolint/hadolint-action` from 3.1.0 to 3.3.0 - [Release notes](https://github.com/hadolint/hadolint-action/releases) - [Commits](https://github.com/hadolint/hadolint-action/compare/v3.1.0...v3.3.0) Updates `actions/dependency-review-action` from 4 to 5 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/v4...v5) Updates `actions/stale` from 9 to 10 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v9...v10) Updates `actions/github-script` from 7 to 9 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v9) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/labeler dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: azure/setup-helm dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: peaceiris/actions-gh-pages dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: gitleaks/gitleaks-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: hadolint/hadolint-action dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-deps - dependency-name: actions/dependency-review-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/stale dependency-version: '10' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-deps ... Signed-off-by: dependabot[bot] --- .github/workflows/add-to-project.yml | 2 +- .github/workflows/auto-label.yml | 2 +- .github/workflows/ci.yml | 46 ++++++++++++------------ .github/workflows/container-images.yml | 48 +++++++++++++------------- .github/workflows/github-pages.yml | 4 +-- .github/workflows/release.yml | 14 ++++---- .github/workflows/security-scan.yml | 44 +++++++++++------------ .github/workflows/stale-issues.yml | 2 +- .github/workflows/wave-tracking.yml | 8 ++--- .github/workflows/weekly-report.yml | 2 +- 10 files changed, 86 insertions(+), 86 deletions(-) diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml index 2ce04320..d8882f60 100644 --- a/.github/workflows/add-to-project.yml +++ b/.github/workflows/add-to-project.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Add issue to project - uses: actions/add-to-project@v0.5.0 + uses: actions/add-to-project@v2.0.0 with: project-url: https://github.com/orgs/streamspace-dev/projects/2 github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/auto-label.yml b/.github/workflows/auto-label.yml index a9a0fedb..f4b6efdf 100644 --- a/.github/workflows/auto-label.yml +++ b/.github/workflows/auto-label.yml @@ -10,6 +10,6 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@v6 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0358da95..cc0bde8b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,15 +20,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: ${{ env.NODE_VERSION }} @@ -71,15 +71,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Cache Go modules - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cache/go-build @@ -101,7 +101,7 @@ jobs: go tool cover -func=coverage.out - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v6 with: files: ./agents/k8s-agent/coverage.out flags: k8s-agent @@ -127,15 +127,15 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Cache Go modules - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cache/go-build @@ -171,7 +171,7 @@ jobs: - name: Upload coverage to Codecov if: hashFiles('api/coverage.out') != '' - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v6 with: files: ./api/coverage.out flags: api @@ -182,15 +182,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: ${{ env.NODE_VERSION }} - name: Cache node modules - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('ui/package-lock.json') }} @@ -207,7 +207,7 @@ jobs: - name: Upload coverage to Codecov if: hashFiles('ui/coverage/lcov.info') != '' - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v6 with: files: ./ui/coverage/lcov.info flags: ui @@ -219,15 +219,15 @@ jobs: needs: [lint, test-k8s-agent, test-api, test-ui] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: ${{ env.NODE_VERSION }} @@ -263,19 +263,19 @@ jobs: echo "UI build size: $(du -sh build | awk '{print $1}')" - name: Upload K8s Agent artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: k8s-agent-binary path: agents/k8s-agent/bin/k8s-agent - name: Upload Control Plane API artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: api-binary path: api/bin/api - name: Upload UI artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ui-build path: ui/build/ @@ -285,10 +285,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: 'v3.14.0' diff --git a/.github/workflows/container-images.yml b/.github/workflows/container-images.yml index c1d055c4..6ce866d3 100644 --- a/.github/workflows/container-images.yml +++ b/.github/workflows/container-images.yml @@ -35,14 +35,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -56,7 +56,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.IMAGE_PREFIX }}-k8s-agent tags: | @@ -77,7 +77,7 @@ jobs: - name: Build and push K8s Agent image id: build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: ./agents/k8s-agent file: ./agents/k8s-agent/Dockerfile @@ -193,7 +193,7 @@ jobs: - name: Upload K8s Agent SBOM if: github.event_name != 'pull_request' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-k8s-agent path: sbom-k8s-agent.spdx.json @@ -204,14 +204,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -225,7 +225,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.IMAGE_PREFIX }}-api tags: | @@ -246,7 +246,7 @@ jobs: - name: Build and push API image id: build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: ./api file: ./api/Dockerfile @@ -362,7 +362,7 @@ jobs: - name: Upload API SBOM if: github.event_name != 'pull_request' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-api path: sbom-api.spdx.json @@ -373,14 +373,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -394,7 +394,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.IMAGE_PREFIX }}-ui tags: | @@ -415,7 +415,7 @@ jobs: - name: Build and push UI image id: build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: ./ui file: ./ui/Dockerfile @@ -531,7 +531,7 @@ jobs: - name: Upload UI SBOM if: github.event_name != 'pull_request' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-ui path: sbom-ui.spdx.json @@ -566,7 +566,7 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: 'trivy-${{ matrix.component }}-results.sarif' category: 'trivy-${{ matrix.component }}' @@ -585,7 +585,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: token: ${{ secrets.GITHUB_TOKEN }} @@ -619,7 +619,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 @@ -642,7 +642,7 @@ jobs: echo "$CHANGELOG" > CHANGELOG.txt - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: 'v3.14.0' @@ -652,7 +652,7 @@ jobs: mv streamspace-${{ steps.version.outputs.VERSION_NUM }}.tgz streamspace-helm-chart.tgz - name: Download SBOMs - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: path: sboms @@ -713,7 +713,7 @@ jobs: EOF - name: Create GitHub Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v3 with: body_path: RELEASE_NOTES.md files: | diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml index c5cebeab..b276a06d 100644 --- a/.github/workflows/github-pages.yml +++ b/.github/workflows/github-pages.yml @@ -24,10 +24,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Deploy to GitHub Pages - uses: peaceiris/actions-gh-pages@v3 + uses: peaceiris/actions-gh-pages@v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./site diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 79c3d131..a8f9dbdf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 @@ -47,7 +47,7 @@ jobs: echo "EOF" >> $GITHUB_OUTPUT - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: 'v3.14.0' @@ -112,7 +112,7 @@ jobs: EOF - name: Create GitHub Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v3 with: body_path: RELEASE_NOTES.md files: | @@ -128,10 +128,10 @@ jobs: needs: release steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Checkout gh-pages branch - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: gh-pages path: gh-pages @@ -142,7 +142,7 @@ jobs: run: echo "VERSION_NUM=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: 'v3.14.0' @@ -185,7 +185,7 @@ jobs: output: 'trivy-results-${{ matrix.component }}.sarif' - name: Upload Trivy results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: 'trivy-results-${{ matrix.component }}.sarif' category: 'trivy-${{ matrix.component }}' diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 21815a19..138303a5 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -24,10 +24,10 @@ jobs: component: [api, ui, kubernetes-controller] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Build container image for scanning run: | @@ -49,7 +49,7 @@ jobs: exit-code: ${{ github.event_name == 'pull_request' && '0' || '1' }} - name: Upload Trivy results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: always() with: sarif_file: 'trivy-${{ matrix.component }}-results.sarif' @@ -66,7 +66,7 @@ jobs: - name: Upload Trivy HTML report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: trivy-${{ matrix.component }}-report path: trivy-${{ matrix.component }}-report.html @@ -80,10 +80,10 @@ jobs: component: [api, k8s-controller] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.25' @@ -109,10 +109,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '18' cache: 'npm' @@ -142,12 +142,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Full history for comprehensive scanning - name: Run Gitleaks - uses: gitleaks/gitleaks-action@v2 + uses: gitleaks/gitleaks-action@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} @@ -159,7 +159,7 @@ jobs: image: returntocorp/semgrep steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run Semgrep run: | @@ -170,7 +170,7 @@ jobs: --severity=WARNING - name: Upload Semgrep results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: always() with: sarif_file: semgrep-results.sarif @@ -189,19 +189,19 @@ jobs: language: ['go', 'javascript'] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: '/language:${{ matrix.language }}' @@ -210,7 +210,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run Kubesec continue-on-error: ${{ github.event_name == 'pull_request' }} @@ -230,7 +230,7 @@ jobs: soft_fail: ${{ github.event_name == 'pull_request' }} - name: Upload Checkov results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: always() with: sarif_file: checkov-k8s-results.sarif @@ -244,10 +244,10 @@ jobs: component: [api, ui, k8s-controller] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run Hadolint - uses: hadolint/hadolint-action@v3.1.0 + uses: hadolint/hadolint-action@v3.3.0 with: dockerfile: ${{ matrix.component }}/Dockerfile failure-threshold: warning @@ -258,11 +258,11 @@ jobs: if: github.event_name == 'pull_request' steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Dependency Review continue-on-error: true - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@v5 with: fail-on-severity: high deny-licenses: GPL-2.0, GPL-3.0 diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml index be89bf7e..84c65e10 100644 --- a/.github/workflows/stale-issues.yml +++ b/.github/workflows/stale-issues.yml @@ -11,7 +11,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: | diff --git a/.github/workflows/wave-tracking.yml b/.github/workflows/wave-tracking.yml index 6cfd048c..030292f7 100644 --- a/.github/workflows/wave-tracking.yml +++ b/.github/workflows/wave-tracking.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Check PR for Wave Label if: github.event_name == 'pull_request' - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const pr = github.context.payload.pull_request; @@ -59,7 +59,7 @@ jobs: steps: - name: Add ready-for-testing label when PR merged if: github.event.pull_request.merged == true - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const pr = github.context.payload.pull_request; @@ -92,7 +92,7 @@ jobs: if: github.event_name == 'schedule' || contains(github.event.comment.body, '/wave-status') steps: - name: Generate Wave Status Report - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const { owner, repo } = github.context.repo; @@ -138,7 +138,7 @@ jobs: if: github.event.pull_request.merged == true steps: - name: Check if all wave issues done - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const { owner, repo } = github.context.repo; diff --git a/.github/workflows/weekly-report.yml b/.github/workflows/weekly-report.yml index 22146456..ff2a2890 100644 --- a/.github/workflows/weekly-report.yml +++ b/.github/workflows/weekly-report.yml @@ -11,7 +11,7 @@ jobs: issues: write steps: - name: Generate Weekly Report - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const today = new Date();