ci: Update 3rd-party components

Signed-off-by: Taras Drozdovskyi <[email protected]>
lf-edge · Feb 7, 2024 · 52449cc · 52449cc
1 parent e232b3c
commit 52449cc
Show file tree

Hide file tree

Showing 9 changed files with 20 additions and 46 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -16,7 +16,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Setup Golang
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
         with:
           go-version: '1.19'
 

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -26,14 +26,14 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99
+      uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923
       with:
         languages: ${{ matrix.language }}
 
     - name: Setup Golang
-      uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
       with:
         go-version: '1.19'
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99
+      uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923
diff --git a/.github/workflows/fossology-check.yml b/.github/workflows/fossology-check.yml
@@ -1,12 +1,12 @@
 name: Fossology check
-on: [pull_request]
+on: [pull_request, push]
 
-# permissions:
-#   contents: read
+permissions:
+  contents: read
 
 jobs:
   check-license:
-    name: Check license
+    name: Check license, copyright, keyword
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
@@ -19,40 +19,14 @@ jobs:
             -e GITHUB_REPO_OWNER=${{ github.repository_owner }} \
             -e GITHUB_API=${{ github.api_url }} \
             -e GITHUB_ACTIONS=true \
-            fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo nomos ojo
+            fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo nomos ojo copyright keyword
       # Upload artifact
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
+      - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8
         with:
           name: scan-fossology-report
           path: ./results
 
       # Artifact download
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935
         with:
          name: scan-fossology-report
-
-  check-copyright:
-    name: Check copyright
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-      - run: |
-          docker run --rm --name "fossologyscanner" -w "/opt/repo" -v ${PWD}:/opt/repo \
-            -e GITHUB_TOKEN=${{ github.token }} \
-            -e GITHUB_PULL_REQUEST=${{ github.event.number }} \
-            -e GITHUB_REPOSITORY=${{ github.repository }} \
-            -e GITHUB_API=${{ github.api_url }} \
-            -e GITHUB_REPO_URL=${{ github.repositoryUrl }} \
-            -e GITHUB_REPO_OWNER=${{ github.repository_owner }} \
-            -e GITHUB_ACTIONS=true \
-            fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo copyright keyword
-      # Upload artifact
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
-        with:
-          name: scan-fossology-report
-          path: ./results
-
-      # Artifact download
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
-        with:
-         name: scan-fossology-report
diff --git a/.github/workflows/go-fuzz-test.yml b/.github/workflows/go-fuzz-test.yml
@@ -16,7 +16,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Setup Golang
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
         with:
           go-version: '1.19'
 

diff --git a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml
@@ -11,7 +11,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Setup Golang
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
         with:
           go-version: '1.19'
 

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Setup Golang
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
         with:
           go-version: '1.19'
 
@@ -24,7 +24,7 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
         with:
           images: lfedge/edge-home-orchestration-go
           tags: |
@@ -45,7 +45,7 @@ jobs:
           cp configs/defdockerfiles/ubuntu_multistage Dockerfile
 
       - name: Build and push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
         with:
           context: .
           build-args: TARGETVERSION=v${{ steps.meta.outputs.version }}

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
@@ -40,14 +40,14 @@ jobs:
 
       # Upload the results as artifacts (optional).
       - name: "Upload artifact"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99
+        uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/test-suite.yml b/.github/workflows/test-suite.yml
@@ -15,7 +15,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Setup Golang
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
         with:
           go-version: '1.19'
 

diff --git a/go.mod b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang/mock v1.4.4
 	github.com/gomodule/redigo v1.8.9
-	github.com/gorilla/mux v1.8.0
+	github.com/gorilla/mux v1.8.1
 	github.com/grandcat/zeroconf v1.0.0
 	github.com/leemcloughlin/logfile v0.0.0-20201123203928-cff1c8a30a10
 	github.com/pelletier/go-toml v1.9.5