diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 8bd8bcac..3f999ce7 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -38,7 +38,7 @@ jobs: permissions: contents: write steps: - - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v8.2.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v8.6.1 with: auto-commit: "true" CI: diff --git a/.github/workflows/build_forks.yml b/.github/workflows/build_forks.yml index a2583b35..6b68de48 100644 --- a/.github/workflows/build_forks.yml +++ b/.github/workflows/build_forks.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest if: github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]' steps: - - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v8.2.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v8.6.1 build: needs: pre-commit @@ -33,10 +33,10 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.6.1 - name: Restore packages artifacts - uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: artifacts-cache with: key: ${{ runner.os }}-packages-community-v2-${{ hashFiles('**/artifacts.json') }} @@ -49,7 +49,7 @@ jobs: - name: Save packages artifacts if: steps.artifacts-cache.outputs.cache-hit != 'true' - uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: key: ${{ steps.artifacts-cache.outputs.cache-primary-key }} path: artifacts_cache/** @@ -61,7 +61,7 @@ jobs: env: TARGETARCH: linux/amd64 DOCKER_PUSH: ${{ github.actor != 'dependabot[bot]'}} - uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0 + uses: docker/bake-action@3fc70e1131fee40a422dd8dd0ff22014ae20a1f3 # v5.11.0 with: targets: community @@ -109,7 +109,7 @@ jobs: - name: Verify docker-compose id: verify_compose - uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v8.2.0 + uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v8.6.1 timeout-minutes: 10 with: postman_path: test/postman/docker-compose @@ -119,7 +119,7 @@ jobs: - name: Save containers logs if: always() && steps.verify_compose.outcome != 'skipped' - uses: Alfresco/alfresco-build-tools/.github/actions/docker-dump-containers-logs@v8.2.0 + uses: Alfresco/alfresco-build-tools/.github/actions/docker-dump-containers-logs@v8.6.1 with: output-archive-name: community-logs @@ -138,7 +138,7 @@ jobs: name: ${{ env.ARTIFACT_NAME }} - name: Setup KinD cluster - uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v8.2.0 + uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v8.6.1 with: ingress-nginx-ref: controller-v1.8.2 metrics: "true" diff --git a/.github/workflows/cleanup_images.yml b/.github/workflows/cleanup_images.yml index 5a18c4e1..1d83a419 100644 --- a/.github/workflows/cleanup_images.yml +++ b/.github/workflows/cleanup_images.yml @@ -60,7 +60,7 @@ jobs: echo PACKAGE_NAMES=$(docker buildx bake --print | jq -r '${{ env.JQ_FILTER }}') >> $GITHUB_ENV - name: Remove tags after PR is closed - uses: dataaxiom/ghcr-cleanup-action@98b4022383d6ddb70ccbf6a378b4d8c67a60f066 # v1.0.13 + uses: dataaxiom/ghcr-cleanup-action@2d58aab3d24aed94070e032d3091b83d50d93534 # v1.0.15 if: github.event_name == 'pull_request' env: PR_TAGS: ${{ format('pr-{0}*', github.event.pull_request.number) }} @@ -73,7 +73,7 @@ jobs: dry-run: false - name: Remove ${{ env.CACHE_REPO }} tags older than ${{ env.PERIOD }} when requested - uses: dataaxiom/ghcr-cleanup-action@98b4022383d6ddb70ccbf6a378b4d8c67a60f066 # v1.0.13 + uses: dataaxiom/ghcr-cleanup-action@2d58aab3d24aed94070e032d3091b83d50d93534 # v1.0.15 if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.clean-old-cache) env: PERIOD: ${{ github.event_name == 'workflow_dispatch' && inputs.old-cache-period || (github.event_name != 'workflow_dispatch' && '2 weeks') }} @@ -88,7 +88,7 @@ jobs: dry-run: ${{ github.event_name == 'workflow_dispatch' && inputs.dry-run || (github.event_name != 'workflow_dispatch' && 'false') }} - name: Remove images when requested - uses: dataaxiom/ghcr-cleanup-action@98b4022383d6ddb70ccbf6a378b4d8c67a60f066 # v1.0.13 + uses: dataaxiom/ghcr-cleanup-action@2d58aab3d24aed94070e032d3091b83d50d93534 # v1.0.15 if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' with: token: ${{ secrets.DELETE_PACKAGES_GITHUB_TOKEN }} diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 37ccb0a1..a895fa3b 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -27,6 +27,6 @@ jobs: disable_secrets: true output_formats: sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 with: sarif_file: report-dir/results.sarif diff --git a/.github/workflows/reusable_build_and_test.yml b/.github/workflows/reusable_build_and_test.yml index adcf4337..5549579b 100644 --- a/.github/workflows/reusable_build_and_test.yml +++ b/.github/workflows/reusable_build_and_test.yml @@ -26,7 +26,7 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.6.1 - name: Setup nexus authentication env: @@ -39,7 +39,7 @@ jobs: echo "password ${{ secrets.NEXUS_PASSWORD }}" >> ${{ env.NETRC_PATH }} - name: Restore packages artifacts - uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: artifacts-cache with: key: ${{ runner.os }}-packages-v2-${{ hashFiles('**/artifacts.json') }}-${{ inputs.acs_version }} @@ -54,7 +54,7 @@ jobs: - name: Save packages artifacts if: steps.artifacts-cache.outputs.cache-hit != 'true' - uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: key: ${{ steps.artifacts-cache.outputs.cache-primary-key }} path: artifacts_cache/** @@ -88,7 +88,7 @@ jobs: id: bake-targets env: ACS_VERSION: ${{ inputs.acs_version }} - uses: docker/bake-action/subaction/list-targets@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0 + uses: docker/bake-action/subaction/list-targets@3fc70e1131fee40a422dd8dd0ff22014ae20a1f3 # v5.11.0 with: target: default @@ -121,7 +121,7 @@ jobs: env: ACS_VERSION: ${{ inputs.acs_version }} TARGETARCH: ${{ inputs.acs_version == '23' && 'linux/amd64,linux/arm64' || 'linux/amd64' }} - uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0 + uses: docker/bake-action@3fc70e1131fee40a422dd8dd0ff22014ae20a1f3 # v5.11.0 with: set: | *.output=type=registry,push=true @@ -195,7 +195,7 @@ jobs: - name: Verify docker-compose (${{ matrix.edition }}) id: verify_compose - uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v8.2.0 + uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v8.6.1 timeout-minutes: 10 with: postman_path: test/postman/docker-compose @@ -206,7 +206,7 @@ jobs: - name: Save containers logs (${{ matrix.edition }}) if: always() && steps.verify_compose.outcome != 'skipped' - uses: Alfresco/alfresco-build-tools/.github/actions/docker-dump-containers-logs@v8.2.0 + uses: Alfresco/alfresco-build-tools/.github/actions/docker-dump-containers-logs@v8.6.1 with: output-archive-name: ${{ matrix.edition }}-logs-${{ inputs.acs_version }} @@ -218,7 +218,7 @@ jobs: matrix: ${{ fromJson(needs.build-matrix.outputs.helm_matrix_json) }} steps: - name: Setup cluster - uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v8.2.0 + uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v8.6.1 with: ingress-nginx-ref: controller-v1.8.2 metrics: "true" diff --git a/.github/workflows/test-make.yml b/.github/workflows/test-make.yml index 85a83149..ab96d440 100644 --- a/.github/workflows/test-make.yml +++ b/.github/workflows/test-make.yml @@ -25,7 +25,7 @@ jobs: make-test: runs-on: ubuntu-latest steps: - - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.6.1 - name: Setup nexus authentication if: '! github.event.pull_request.head.repo.fork' @@ -55,7 +55,7 @@ jobs: docker images --format "{{.Repository}}:{{.Tag}}" | grep alfresco || { echo "No Alfresco image found"; exit 1; } - name: Install Grype - uses: anchore/scan-action/download-grype@5ed195cc06065322983cae4bb31e2a751feb86fd # v5.2.0 + uses: anchore/scan-action/download-grype@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 id: grype-install - name: Add Grype to PATH