diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 70e112ab9315..d4c58fbd5d22 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,14 +38,14 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25" # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,4 +56,4 @@ jobs: run: | go build . - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/detector-tests.yml b/.github/workflows/detector-tests.yml index a777ccb6aa84..cf78cc5f5ac2 100644 --- a/.github/workflows/detector-tests.yml +++ b/.github/workflows/detector-tests.yml @@ -14,10 +14,10 @@ jobs: contents: "read" id-token: "write" steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 - name: Install gotestsum - uses: jaxxstorm/action-install-gh-release@v1.14.0 + uses: jaxxstorm/action-install-gh-release@v3.0.0 # immutable release; no rolling @v3 tag with: repo: gotestyourself/gotestsum - uses: rwx-research/setup-captain@v1 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 81183974787e..4170ca7aae36 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -15,8 +15,8 @@ jobs: name: golangci-lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 with: go-version: "1.25" - name: golangci-lint @@ -29,8 +29,8 @@ jobs: name: man-page-staleness runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 with: go-version: "1.25" - name: Regenerate man page @@ -48,7 +48,7 @@ jobs: image: returntocorp/semgrep if: (github.actor != 'dependabot[bot]') steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - run: semgrep --config=hack/semgrep-rules/detectors.yaml pkg/detectors/ checksecretparts: # Reports detector packages that construct detectors.Result without @@ -56,8 +56,8 @@ jobs: name: checksecretparts runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 with: go-version: "1.25" - name: Run checksecretparts diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml index a75bbd98f20f..a2c9d2c5afe7 100644 --- a/.github/workflows/performance.yml +++ b/.github/workflows/performance.yml @@ -11,13 +11,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ github.head_ref }} - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25" @@ -54,7 +54,7 @@ jobs: echo PREVIOUS_TAG=$(cat previous_tag.txt) >> $GITHUB_ENV - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ env.PREVIOUS_TAG }} diff --git a/.github/workflows/release-bot.yml b/.github/workflows/release-bot.yml index 75db4b81ba83..594d6143abb1 100644 --- a/.github/workflows/release-bot.yml +++ b/.github/workflows/release-bot.yml @@ -14,12 +14,12 @@ jobs: steps: - name: Login to GCP id: auth - uses: "google-github-actions/auth@v2" + uses: "google-github-actions/auth@v3" with: credentials_json: ${{ secrets.GCP_SA_TRUFFLE_RELEASE_BOT }} - name: Login to GAR - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: us-central1-docker.pkg.dev username: _json_key diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e12dbb0ca5e2..7c9fd27adb73 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,24 +18,24 @@ jobs: steps: # Setup steps - no external side effects. - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 - name: Docker Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Docker Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25" - name: Cosign install @@ -64,7 +64,7 @@ jobs: # version. The release is NOT marked latest (make_latest: false), so # /releases/latest still points to the previous good release. - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@v7 with: distribution: goreleaser-pro version: latest diff --git a/.github/workflows/secrets.yml b/.github/workflows/secrets.yml index 0b0614a99cd1..345fdf4a3eca 100644 --- a/.github/workflows/secrets.yml +++ b/.github/workflows/secrets.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ github.head_ref }} diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 8390c5d9d1a6..2ef1cc2d0c8f 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -8,9 +8,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25" - name: Smoke @@ -23,9 +23,9 @@ jobs: timeout-minutes: 5 steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25" - name: Run trufflehog diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dc98c2327855..ae51d3dde0db 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,13 +18,13 @@ jobs: id-token: "write" steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25" - id: "auth" - uses: "google-github-actions/auth@v2" + uses: "google-github-actions/auth@v3" with: workload_identity_provider: "projects/811013774421/locations/global/workloadIdentityPools/github-pool/providers/github-provider" service_account: "github-ci-external@trufflehog-testing.iam.gserviceaccount.com" @@ -48,7 +48,7 @@ jobs: secret: ${{ secrets.BUILDPULSE_SECRET_ACCESS_KEY }} tags: integration - name: Annotate test results - uses: mikepenz/action-junit-report@v5 + uses: mikepenz/action-junit-report@v6 if: success() || failure() # always run even if the previous step fails with: report_paths: "tmp/test-results/*.xml" @@ -60,9 +60,9 @@ jobs: contents: "read" steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25" - name: Test