diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 34c5bab..35b157f 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -10,8 +10,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master + uses: ludeeus/action-shellcheck@2 with: severity: error diff --git a/.github/workflows/simplerisk-jammy-push_to_github.yml b/.github/workflows/simplerisk-jammy-push_to_github.yml index a210e53..cac8416 100644 --- a/.github/workflows/simplerisk-jammy-push_to_github.yml +++ b/.github/workflows/simplerisk-jammy-push_to_github.yml @@ -30,26 +30,26 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0 + uses: sigstore/cosign-installer@v3 with: - cosign-release: 'v1.13.1' + cosign-release: 'v2.2.0' # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + uses: docker/setup-buildx-action@v3 # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -59,7 +59,7 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} @@ -67,7 +67,7 @@ jobs: # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + uses: docker/build-push-action@v5 with: context: "simplerisk" file: "simplerisk/jammy/Dockerfile" diff --git a/.github/workflows/simplerisk-jammy.yml b/.github/workflows/simplerisk-jammy.yml index 57036ed..c086201 100644 --- a/.github/workflows/simplerisk-jammy.yml +++ b/.github/workflows/simplerisk-jammy.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 - name: Build Docker container uses: docker/build-push-action@v5 with: @@ -24,13 +24,13 @@ jobs: file: ${{ env.DOCKERFILE_PATH }} tags: ${{ env.IMAGE_TAG }} - name: Run linter with Dockle - uses: erzz/dockle-action@v1.4.0 + uses: erzz/dockle-action@v1 with: image: ${{ env.IMAGE_TAG }} failure-threshold: FATAL dockle-host: "unix:///var/run/docker.sock" - name: Scan vulnerabilities with Grype - uses: anchore/scan-action@v3.3.6 + uses: anchore/scan-action@v3 with: image: ${{ env.IMAGE_TAG }} only-fixed: true diff --git a/.github/workflows/simplerisk-minimal-php81-push_to_github.yml b/.github/workflows/simplerisk-minimal-php81-push_to_github.yml index 4170233..07e1b59 100644 --- a/.github/workflows/simplerisk-minimal-php81-push_to_github.yml +++ b/.github/workflows/simplerisk-minimal-php81-push_to_github.yml @@ -30,26 +30,26 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0 + uses: sigstore/cosign-installer@v3 with: - cosign-release: 'v1.13.1' + cosign-release: 'v2.2.0' # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + uses: docker/setup-buildx-action@v3 # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -59,7 +59,7 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} @@ -67,7 +67,7 @@ jobs: # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + uses: docker/build-push-action@v5 with: context: "simplerisk-minimal" file: "simplerisk-minimal/php81/Dockerfile" diff --git a/.github/workflows/simplerisk-minimal-php81.yml b/.github/workflows/simplerisk-minimal-php81.yml index b2b635e..9a594db 100644 --- a/.github/workflows/simplerisk-minimal-php81.yml +++ b/.github/workflows/simplerisk-minimal-php81.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 - name: Build Docker container uses: docker/build-push-action@v5 with: @@ -24,13 +24,13 @@ jobs: file: ${{ env.DOCKERFILE_PATH }} tags: ${{ env.IMAGE_TAG }} - name: Run linter with Dockle - uses: erzz/dockle-action@v1.4.0 + uses: erzz/dockle-action@v1 with: image: ${{ env.IMAGE_TAG }} failure-threshold: FATAL dockle-host: "unix:///var/run/docker.sock" - name: Scan vulnerabilities with Grype - uses: anchore/scan-action@v3.3.6 + uses: anchore/scan-action@v3 with: image: ${{ env.IMAGE_TAG }} only-fixed: true