diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7314ffbf4d..6f891e70be 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -69,4 +69,4 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/dependabot-to-jira.yml b/.github/workflows/dependabot-to-jira.yml index 46dd6fe34f..b15af19429 100644 --- a/.github/workflows/dependabot-to-jira.yml +++ b/.github/workflows/dependabot-to-jira.yml @@ -15,6 +15,9 @@ jobs: steps: - name: create ticket id: create_ticket + env: + PR_TITLE: ${{ github.event.pull_request.title }} + PR_HTML_URL: ${{ github.event.pull_request.html_url }} run: | response_code=$(curl -s \ -o response.txt \ @@ -26,8 +29,8 @@ jobs: "project": { "key": "BC" }, - "summary": "${{ github.event.pull_request.title }} in ${{ github.event.repository.name }}", - "description": "h4. Task:\n${{ github.event.pull_request.title }}\n${{ github.event.pull_request.html_url }}\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment", + "summary": "$PR_TITLE in ${{ github.event.repository.name }}", + "description": "h4. Task:\n$PR_TITLE\n$PR_HTML_URL\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment", "issuetype": { "id": "10100" }, diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 905f065f3c..bee96e0565 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -11,6 +11,6 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@v4 - name: 'Dependency Review' - uses: actions/dependency-review-action@v3 + uses: actions/dependency-review-action@v4 with: - allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0 + allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, AGPL-3.0 diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index f09970ce6d..4047904808 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -44,7 +44,7 @@ jobs: type=ref,event=branch,enable=false,priority=600 type=sha,enable=true,priority=600,prefix= - name: Log into registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -56,7 +56,7 @@ jobs: - name: Set up Docker Buildx if: ${{ env.IMAGE_EXISTS == 0 }} - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} @@ -88,17 +88,22 @@ jobs: branch: ${{ steps.extract_branch_meta.outputs.branch }} sha: ${{ steps.extract_branch_meta.outputs.sha }} steps: - - name: Extract branch name + - name: Extract branch meta shell: bash id: extract_branch_meta + env: + PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} + PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} + BRANCH_REF_NAME: ${{ github.ref_name}} + BRANCH_SHA: ${{ github.sha }} run: | - if [ "${{ github.event_name }}" == 'pull_request' ]; then - echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT - echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT - else - echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT - echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT - fi + if [ "${{ github.event_name }}" == 'pull_request' ]; then + echo "branch=$PR_HEAD_REF" >> $GITHUB_OUTPUT + echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT + else + echo "branch=$BRANCH_REF_NAME" >> $GITHUB_OUTPUT + echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT + fi deploy: needs: @@ -136,7 +141,7 @@ jobs: security-events: write steps: - name: run trivy vulnerability scanner - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 + uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9 with: image-ref: 'ghcr.io/${{ github.repository }}-default:${{ needs.branch_meta.outputs.sha }}' format: 'sarif' @@ -145,7 +150,7 @@ jobs: ignore-unfixed: true - name: upload trivy results if: ${{ always() }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index 8113590756..a6b03be425 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -29,13 +29,13 @@ jobs: type=semver,pattern={{major}}.{{minor}} - name: Log into docker registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Log into quay registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -64,7 +64,7 @@ jobs: contents: write steps: - name: create sbom - uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 + uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9 with: scan-type: 'image' format: 'cyclonedx'