ci: upgrade artifact actions

.github/workflows/reusable-publish-oci-artifacts.yaml

@@ -23,13 +23,13 @@ jobs:
 
     steps:
       - name: Download x86_64 plugins
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: plugins-x86_64-${{ inputs.suffix }}.tar.gz
           path: /tmp/plugins-x86_64
 
       - name: Download aarch64 plugins
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: plugins-aarch64-${{ inputs.suffix }}.tar.gz
           path: /tmp/plugins-aarch64
@@ -42,7 +42,7 @@ jobs:
       - name: Setup Golang
         uses: actions/setup-go@v3
         with:
-          go-version: '^1.21'
+          go-version: "^1.21"
 
       - name: Build registry artifact tool
         working-directory: build/registry
@@ -68,7 +68,7 @@ jobs:
 
   # Create signatures of the plugin artifacts as OCI artifacts
   sign-oci-artifacts:
-    needs: [ publish-oci-artifacts ]
+    needs: [publish-oci-artifacts]
     runs-on: ubuntu-latest
 
     if: ${{ needs.publish-oci-artifacts.outputs.matrix != '[]' }}

.github/workflows/reusable_build_packages.yaml

@@ -10,11 +10,11 @@ on:
         description: Suffix for uploading packages (dev or stable)
         required: true
         type: string
-        
+
 jobs:
   build-packages:
     name: build-packages-${{ matrix.arch }}
-    runs-on: ${{ (matrix.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }}
+    runs-on: ${{ (matrix.arch == 'aarch64' && 'github-arm64-2c-8gb') || 'ubuntu-22.04' }}
     strategy:
       matrix:
         arch: [x86_64, aarch64]
@@ -42,12 +42,12 @@ jobs:
 
       - name: Safe directory
         run: git config --global --add safe.directory $GITHUB_WORKSPACE
-          
+
       - name: Run build 🏗️
         run: ${{ inputs.makecommand }}
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: plugins-${{ matrix.arch }}-${{ inputs.suffix }}.tar.gz
           path: output/*.tar.gz

.github/workflows/reusable_build_rules_tool.yaml

@@ -12,15 +12,15 @@ on:
         required: false
         default: falcosecurity/rules
         type: string
-        
+
 jobs:
   build-rules-checker:
     runs-on: ubuntu-latest
     steps:
       - name: Setup Golang
         uses: actions/setup-go@v3
         with:
-          go-version: '1.19.0'
+          go-version: "1.19.0"
 
       - name: Checkout rules
         uses: actions/checkout@v3
@@ -30,13 +30,13 @@ jobs:
       - name: Build checker tool
         working-directory: build/checker
         run: go build -o ${{ inputs.output }}
-      
+
       - name: Test checker tool
         working-directory: build/checker
         run: go test ./... -cover
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: rules-tool.tar.gz
           path: build/checker/${{ inputs.output }}

.github/workflows/reusable_publish_packages.yaml

@@ -6,32 +6,32 @@ on:
         description: Suffix for uploading packages (dev or stable)
         required: true
         type: string
-        
+
 permissions:
   id-token: write
   contents: read
 
 env:
   AWS_S3_BUCKET: falco-distribution
   AWS_S3_PREFIX: plugins
-  AWS_S3_REGION: eu-west-1        
-        
+  AWS_S3_REGION: eu-west-1
+
 jobs:
   publish-packages:
     runs-on: ubuntu-latest
     steps:
       - name: Download x86_64 plugins
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: plugins-x86_64-${{ inputs.suffix }}.tar.gz
           path: /tmp/plugins-x86_64
-          
+
       - name: Download aarch64 plugins
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: plugins-aarch64-${{ inputs.suffix }}.tar.gz
           path: /tmp/plugins-aarch64
-          
+
       - name: Configure AWS credentials 🔧⚙️
         uses: aws-actions/configure-aws-credentials@v2
         with:
@@ -42,5 +42,4 @@ jobs:
         run: |
           for package in /tmp/plugins-*/*.tar.gz; do
             aws s3 cp --no-progress $package s3://${{ env.AWS_S3_BUCKET}}/${{ env.AWS_S3_PREFIX }}/${{ inputs.suffix }}/
-          done    
-
+          done

.github/workflows/reusable_suggest_rules_version.yaml

@@ -52,22 +52,22 @@ jobs:
         run: ./.github/get-latest-plugin-version.sh ${{ inputs.plugin }}
 
       - name: Download rules tool
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: rules-tool.tar.gz
-      
+
       # note: here we're loading the locally-built plugins, whereas another
       # solution would be to pull them with falcoctl. The flaw with this
       # approach is that we load the same plugin for both the "old" and the
       # "new" rulesets. The issue would be that the job would fail whenever
       # the two rulesets depend on plugins with different majors.
       # todo(jasondellaluce): fix this corner case in the future
       - name: Download plugins
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: ${{ inputs.plugins-artifact }}
           path: /tmp/plugins-${{ inputs.arch }}
-      
+
       - name: Extract plugins
         run: |
           for archive in /tmp/plugins-*/*.tar.gz; do
@@ -77,7 +77,7 @@ jobs:
             sudo mkdir -p /usr/share/falco/plugins
             sudo cp -r *.so /usr/share/falco/plugins || true
             popd && rm -fr tmpdir
-          done    
+          done
 
       - name: Compare changed files with previous versions
         id: compare
@@ -114,7 +114,7 @@ jobs:
           cp ${{ steps.compare.outputs.comment_file }} ./pr/COMMENT-${{ inputs.job-index }}
 
       - name: Upload PR info as artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: steps.compare.outputs.comment_file != ''
         with:
           name: pr-${{ inputs.job-index }}
@@ -127,10 +127,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download PR infos
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: tmp-artifacts
-      
+
       - name: Save PR info
         run: |
           mkdir -p ./pr
@@ -149,7 +149,7 @@ jobs:
           echo ""
 
       - name: Upload PR info as artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: pr
           path: pr/

.github/workflows/reusable_validate_plugins.yaml

@@ -34,7 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     container: golang:1.18
     env:
-      GOFLAGS: '-buildvcs=false'
+      GOFLAGS: "-buildvcs=false"
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -47,12 +47,12 @@ jobs:
         run: ./.github/setup-plugin-config-rules.sh ${{ inputs.plugin }}
 
       - name: Download rules tool
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: rules-tool.tar.gz
 
       - name: Download plugins
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: ${{ inputs.plugins-artifact }}
           path: /tmp/plugins-${{ inputs.arch }}
@@ -66,13 +66,13 @@ jobs:
 
           mkdir -p /etc/falco/falco
           mkdir -p /usr/share/falco/plugins
-          
+
           # avoids git exit status 128: detected dubious ownership in repository
           git config --global --add safe.directory $(pwd)
 
           for plugin_name in $loaded_plugins; do
               echo Installing locally-built plugin "$plugin_name"...
-          
+
               # At release time we only build the released plugin, so it's possible
               # that validation requires a plugin that we haven't built locally.
               # in those cases, we build it on-the-fly perform validation with it.
@@ -122,28 +122,28 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Install system dependencies
-        run:  sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq
-      
+        run: sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq
+
       - name: Setup plugin config and rules
         id: get-config
         run: ./.github/setup-plugin-config-rules.sh ${{ inputs.plugin }}
 
       - name: Download plugins
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: ${{ inputs.plugins-artifact }}
           path: /tmp/plugins-${{ inputs.arch }}
 
       - name: Download rules tool
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: rules-tool.tar.gz
 
       - name: Download falcoctl
         run: |
           curl --fail -LS "https://github.com/falcosecurity/falcoctl/releases/download/v${{ inputs.falcoctl-version }}/falcoctl_${{ inputs.falcoctl-version }}_linux_${{ inputs.arch == 'x86_64' && 'amd64' || 'arm64' }}.tar.gz" | tar -xz
           sudo install -o root -g root -m 0755 falcoctl /usr/local/bin/falcoctl
-  
+
       # note(jsondellaluce): exploring the set of all dependencies including their
       # alternatives and all the possible combinations of different versions would
       # result in a combinatorial explosion. As such, we take the simple route
@@ -223,4 +223,4 @@ jobs:
               "${{ inputs.rules-checker }}" \
               "${{ steps.get-config.outputs.config_file }}" \
               "$rules_files"
-          done 
+          done