diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5950556..736645e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,13 +26,13 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT - name: Go build cache - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-release-go-build-${{ hashFiles('**/go.sum') }} - name: Go mod cache - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-release-go-mod-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index a1cc24a..fc724e1 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -31,6 +31,6 @@ jobs: with: go-version-file: "go.mod" - name: golangci-lint - uses: golangci/golangci-lint-action@v9.2.1 + uses: golangci/golangci-lint-action@v9.3.0 with: version: v2.11.4 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8d09dbc..0d4fdf9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -41,6 +41,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: results.sarif diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 0039173..849823c 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -39,12 +39,12 @@ jobs: go-version-file: "go.mod" - name: Initialize CodeQL - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: category: "/language:go" @@ -82,14 +82,14 @@ jobs: echo "image=code-marketplace:scan" >> "$GITHUB_OUTPUT" - name: Run Trivy vulnerability scanner (table output for logs) - uses: aquasecurity/trivy-action@cf5c088a69634cd13ccddc735d7926162c31f9a6 # v0.34.2 + uses: aquasecurity/trivy-action@c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8 # v0.34.2 with: image-ref: ${{ steps.build.outputs.image }} format: "table" severity: "LOW,MEDIUM,HIGH,CRITICAL" - name: Run Trivy vulnerability scanner (SARIF output for GitHub) - uses: aquasecurity/trivy-action@cf5c088a69634cd13ccddc735d7926162c31f9a6 # v0.34.2 + uses: aquasecurity/trivy-action@c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8 # v0.34.2 with: image-ref: ${{ steps.build.outputs.image }} format: "sarif" @@ -97,7 +97,7 @@ jobs: severity: "LOW,MEDIUM,HIGH,CRITICAL" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: "trivy-results.sarif" category: "Trivy" diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b1defd9..a577d38 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -45,13 +45,13 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT - name: Go Build Cache - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.**', '**.go') }} - name: Go Mod Cache - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}