diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index b526eeb..ffe789e 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
diff --git a/.github/workflows/sync-ghes.yaml b/.github/workflows/sync-ghes.yaml
index ddd0484..6a3da68 100644
--- a/.github/workflows/sync-ghes.yaml
+++ b/.github/workflows/sync-ghes.yaml
@@ -10,7 +10,7 @@ jobs:
contents: write
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- run: |
git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
git config user.email "cschleiden@github.com"
diff --git a/.github/workflows/validate-data.yaml b/.github/workflows/validate-data.yaml
index 7f8701d..43f5578 100644
--- a/.github/workflows/validate-data.yaml
+++ b/.github/workflows/validate-data.yaml
@@ -10,7 +10,7 @@ jobs:
contents: read
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
diff --git a/CODEOWNERS b/CODEOWNERS
index 2ed2e33..50abb26 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1,5 +1,5 @@
-* @actions/actions-workflow-development-reviewers
+* @actions/actions-workflow-development-reviewers @actions/starter-workflows
-/code-scanning/ @actions/advanced-security-code-scanning @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph
-/code-scanning/dependency-review.yml @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph
-/pages/ @actions/pages @actions/actions-workflow-development-reviewers
+/code-scanning/ @actions/advanced-security-code-scanning @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph @actions/starter-workflows
+/code-scanning/dependency-review.yml @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph @actions/starter-workflows
+/pages/ @actions/pages @actions/actions-workflow-development-reviewers @actions/starter-workflows
diff --git a/ci/ada.yml b/ci/ada.yml
index 417ed2e..ecb01cd 100644
--- a/ci/ada.yml
+++ b/ci/ada.yml
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Set up GNAT toolchain
run: >
diff --git a/ci/android.yml b/ci/android.yml
index 221fca5..80a33b4 100644
--- a/ci/android.yml
+++ b/ci/android.yml
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: set up JDK 11
uses: actions/setup-java@v3
with:
diff --git a/ci/ant.yml b/ci/ant.yml
index e9dba01..517a37a 100644
--- a/ci/ant.yml
+++ b/ci/ant.yml
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
diff --git a/ci/blank.yml b/ci/blank.yml
index 607e2cf..8decfee 100644
--- a/ci/blank.yml
+++ b/ci/blank.yml
@@ -23,7 +23,7 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Runs a single command using the runners shell
- name: Run a one-line script
diff --git a/ci/c-cpp.yml b/ci/c-cpp.yml
index 14d2eb9..087efee 100644
--- a/ci/c-cpp.yml
+++ b/ci/c-cpp.yml
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: configure
run: ./configure
- name: make
diff --git a/ci/clojure.yml b/ci/clojure.yml
index a76631a..06396a8 100644
--- a/ci/clojure.yml
+++ b/ci/clojure.yml
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Install dependencies
run: lein deps
- name: Run tests
diff --git a/ci/cmake-multi-platform.yml b/ci/cmake-multi-platform.yml
index 8762e9f..6d49398 100644
--- a/ci/cmake-multi-platform.yml
+++ b/ci/cmake-multi-platform.yml
@@ -45,7 +45,7 @@ jobs:
c_compiler: cl
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set reusable strings
# Turn repeated input strings (such as the build output directory) into step outputs. These step outputs can be used throughout the workflow file.
diff --git a/ci/cmake-single-platform.yml b/ci/cmake-single-platform.yml
index ccc318b..1e89f2f 100644
--- a/ci/cmake-single-platform.yml
+++ b/ci/cmake-single-platform.yml
@@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Configure CMake
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
diff --git a/ci/crystal.yml b/ci/crystal.yml
index 18cc825..0b4f570 100644
--- a/ci/crystal.yml
+++ b/ci/crystal.yml
@@ -15,7 +15,7 @@ jobs:
image: crystallang/crystal
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Install dependencies
run: shards install
- name: Run tests
diff --git a/ci/d.yml b/ci/d.yml
index 350eeee..e268298 100644
--- a/ci/d.yml
+++ b/ci/d.yml
@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: dlang-community/setup-dlang@4c99aa991ce7d19dd3064de0a4f2f6b2f152e2d7
- name: 'Build & Test'
diff --git a/ci/dart.yml b/ci/dart.yml
index 7bf352f..35c0ee6 100644
--- a/ci/dart.yml
+++ b/ci/dart.yml
@@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Note: This workflow uses the latest stable version of the Dart SDK.
# You can specify other versions if desired, see documentation here:
diff --git a/ci/deno.yml b/ci/deno.yml
index 92338c9..abbf294 100644
--- a/ci/deno.yml
+++ b/ci/deno.yml
@@ -23,7 +23,7 @@ jobs:
steps:
- name: Setup repo
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Setup Deno
# uses: denoland/setup-deno@v1
diff --git a/ci/django.yml b/ci/django.yml
index 79550cc..0503635 100644
--- a/ci/django.yml
+++ b/ci/django.yml
@@ -16,7 +16,7 @@ jobs:
python-version: [3.7, 3.8, 3.9]
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
diff --git a/ci/docker-image.yml b/ci/docker-image.yml
index cc9cd6e..be757cc 100644
--- a/ci/docker-image.yml
+++ b/ci/docker-image.yml
@@ -13,6 +13,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml
index ff80b66..8a042a5 100644
--- a/ci/docker-publish.yml
+++ b/ci/docker-publish.yml
@@ -35,7 +35,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
diff --git a/ci/dotnet-desktop.yml b/ci/dotnet-desktop.yml
index fd82a39..ad99b56 100644
--- a/ci/dotnet-desktop.yml
+++ b/ci/dotnet-desktop.yml
@@ -63,19 +63,19 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
# Install the .NET Core workload
- name: Install .NET Core
- uses: actions/setup-dotnet@v3
+ uses: actions/setup-dotnet@v4
with:
- dotnet-version: 6.0.x
+ dotnet-version: 8.0.x
# Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild
- name: Setup MSBuild.exe
- uses: microsoft/setup-msbuild@v1.0.2
+ uses: microsoft/setup-msbuild@v2
# Execute all unit tests in the solution
- name: Execute unit tests
diff --git a/ci/dotnet.yml b/ci/dotnet.yml
index f11f050..b869d6e 100644
--- a/ci/dotnet.yml
+++ b/ci/dotnet.yml
@@ -15,11 +15,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Setup .NET
- uses: actions/setup-dotnet@v3
+ uses: actions/setup-dotnet@v4
with:
- dotnet-version: 6.0.x
+ dotnet-version: 8.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
diff --git a/ci/elixir.yml b/ci/elixir.yml
index 58f0b27..43b32be 100644
--- a/ci/elixir.yml
+++ b/ci/elixir.yml
@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Elixir
uses: erlef/setup-beam@61e01a43a562a89bfc54c7f9a378ff67b03e4a21 # v1.16.0
with:
diff --git a/ci/erlang.yml b/ci/erlang.yml
index 984b83a..d8dcb76 100644
--- a/ci/erlang.yml
+++ b/ci/erlang.yml
@@ -19,7 +19,7 @@ jobs:
image: erlang:22.0.7
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Compile
run: rebar3 compile
- name: Run tests
diff --git a/ci/gem-push.yml b/ci/gem-push.yml
index dd6d867..262d9bc 100644
--- a/ci/gem-push.yml
+++ b/ci/gem-push.yml
@@ -15,7 +15,7 @@ jobs:
packages: write
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Ruby 2.6
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
# change this to (see https://github.com/ruby/setup-ruby#versioning):
diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml
index a36e782..35c829b 100644
--- a/ci/generator-generic-ossf-slsa3-publish.yml
+++ b/ci/generator-generic-ossf-slsa3-publish.yml
@@ -23,7 +23,7 @@ jobs:
digests: ${{ steps.hash.outputs.digests }}
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# ========================================================
#
diff --git a/ci/go.yml b/ci/go.yml
index 9f74f87..2154740 100644
--- a/ci/go.yml
+++ b/ci/go.yml
@@ -14,7 +14,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
diff --git a/ci/haskell.yml b/ci/haskell.yml
index 5693f90..6be4162 100644
--- a/ci/haskell.yml
+++ b/ci/haskell.yml
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-haskell@v1
with:
ghc-version: '8.10.3'
diff --git a/ci/ios.yml b/ci/ios.yml
index 693a7d5..e1dca4b 100644
--- a/ci/ios.yml
+++ b/ci/ios.yml
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Set Default Scheme
run: |
scheme_list=$(xcodebuild -list -json | tr -d "\n")
diff --git a/ci/jekyll-docker.yml b/ci/jekyll-docker.yml
index 6a98dea..4ae36d7 100644
--- a/ci/jekyll-docker.yml
+++ b/ci/jekyll-docker.yml
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Build the site in the jekyll/builder container
run: |
docker run \
diff --git a/ci/laravel.yml b/ci/laravel.yml
index e778d7b..267c798 100644
--- a/ci/laravel.yml
+++ b/ci/laravel.yml
@@ -15,7 +15,7 @@ jobs:
- uses: shivammathur/setup-php@15c43e89cdef867065b0213be354c2841860869e
with:
php-version: '8.0'
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Copy .env
run: php -r "file_exists('.env') || copy('.env.example', '.env');"
- name: Install Dependencies
@@ -28,8 +28,8 @@ jobs:
run: |
mkdir -p database
touch database/database.sqlite
- - name: Execute tests (Unit and Feature tests) via PHPUnit
+ - name: Execute tests (Unit and Feature tests) via PHPUnit/Pest
env:
DB_CONNECTION: sqlite
DB_DATABASE: database/database.sqlite
- run: vendor/bin/phpunit
+ run: php artisan test
diff --git a/ci/makefile.yml b/ci/makefile.yml
index 1b53855..5b6d2e6 100644
--- a/ci/makefile.yml
+++ b/ci/makefile.yml
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: configure
run: ./configure
diff --git a/ci/maven-publish.yml b/ci/maven-publish.yml
index dab69fe..954e6c8 100644
--- a/ci/maven-publish.yml
+++ b/ci/maven-publish.yml
@@ -16,7 +16,7 @@ jobs:
packages: write
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
diff --git a/ci/maven.yml b/ci/maven.yml
index f97113e..47816ee 100644
--- a/ci/maven.yml
+++ b/ci/maven.yml
@@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
diff --git a/ci/msbuild.yml b/ci/msbuild.yml
index a52ec35..25ed6d1 100644
--- a/ci/msbuild.yml
+++ b/ci/msbuild.yml
@@ -28,7 +28,7 @@ jobs:
runs-on: windows-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1.0.2
diff --git a/ci/node.js.yml b/ci/node.js.yml
index f230593..688a227 100644
--- a/ci/node.js.yml
+++ b/ci/node.js.yml
@@ -20,7 +20,7 @@ jobs:
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
diff --git a/ci/npm-grunt.yml b/ci/npm-grunt.yml
index 0bcbd1c..0039895 100644
--- a/ci/npm-grunt.yml
+++ b/ci/npm-grunt.yml
@@ -15,7 +15,7 @@ jobs:
node-version: [14.x, 16.x, 18.x]
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
diff --git a/ci/npm-gulp.yml b/ci/npm-gulp.yml
index 7d79002..19bed27 100644
--- a/ci/npm-gulp.yml
+++ b/ci/npm-gulp.yml
@@ -15,7 +15,7 @@ jobs:
node-version: [14.x, 16.x, 18.x]
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
diff --git a/ci/npm-publish-github-packages.yml b/ci/npm-publish-github-packages.yml
index e790f4d..1899709 100644
--- a/ci/npm-publish-github-packages.yml
+++ b/ci/npm-publish-github-packages.yml
@@ -11,7 +11,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 16
@@ -25,7 +25,7 @@ jobs:
contents: read
packages: write
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 16
diff --git a/ci/npm-publish.yml b/ci/npm-publish.yml
index 6cdebaf..0049296 100644
--- a/ci/npm-publish.yml
+++ b/ci/npm-publish.yml
@@ -11,7 +11,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 16
@@ -22,7 +22,7 @@ jobs:
needs: build
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 16
diff --git a/ci/objective-c-xcode.yml b/ci/objective-c-xcode.yml
index 1373878..8c73fce 100644
--- a/ci/objective-c-xcode.yml
+++ b/ci/objective-c-xcode.yml
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Set Default Scheme
run: |
scheme_list=$(xcodebuild -list -json | tr -d "\n")
diff --git a/ci/php.yml b/ci/php.yml
index a3bdfd7..0cf8c96 100644
--- a/ci/php.yml
+++ b/ci/php.yml
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Validate composer.json and composer.lock
run: composer validate --strict
diff --git a/ci/pylint.yml b/ci/pylint.yml
index 383e65c..c73e032 100644
--- a/ci/pylint.yml
+++ b/ci/pylint.yml
@@ -9,7 +9,7 @@ jobs:
matrix:
python-version: ["3.8", "3.9", "3.10"]
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
diff --git a/ci/python-app.yml b/ci/python-app.yml
index 9945382..5963096 100644
--- a/ci/python-app.yml
+++ b/ci/python-app.yml
@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v3
with:
diff --git a/ci/python-package-conda.yml b/ci/python-package-conda.yml
index 384f9b7..f358604 100644
--- a/ci/python-package-conda.yml
+++ b/ci/python-package-conda.yml
@@ -9,7 +9,7 @@ jobs:
max-parallel: 5
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v3
with:
diff --git a/ci/python-package.yml b/ci/python-package.yml
index 249ceef..19247ca 100644
--- a/ci/python-package.yml
+++ b/ci/python-package.yml
@@ -19,7 +19,7 @@ jobs:
python-version: ["3.9", "3.10", "3.11"]
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
diff --git a/ci/python-publish.yml b/ci/python-publish.yml
index bdaab28..b7a704b 100644
--- a/ci/python-publish.yml
+++ b/ci/python-publish.yml
@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v3
with:
diff --git a/ci/r.yml b/ci/r.yml
index 68f02d7..6d58427 100644
--- a/ci/r.yml
+++ b/ci/r.yml
@@ -25,7 +25,7 @@ jobs:
r-version: ['3.6.3', '4.1.1']
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up R ${{ matrix.r-version }}
uses: r-lib/actions/setup-r@f57f1301a053485946083d7a45022b278929a78a
with:
diff --git a/ci/ruby.yml b/ci/ruby.yml
index 9e94081..1eaba46 100644
--- a/ci/ruby.yml
+++ b/ci/ruby.yml
@@ -25,7 +25,7 @@ jobs:
ruby-version: ['2.6', '2.7', '3.0']
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Ruby
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
# change this to (see https://github.com/ruby/setup-ruby#versioning):
diff --git a/ci/rubyonrails.yml b/ci/rubyonrails.yml
index d62b552..17e08b4 100644
--- a/ci/rubyonrails.yml
+++ b/ci/rubyonrails.yml
@@ -27,7 +27,7 @@ jobs:
DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Add or replace dependency steps here
- name: Install Ruby and gems
uses: ruby/setup-ruby@v1
@@ -44,7 +44,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Install Ruby and gems
uses: ruby/setup-ruby@v1
with:
diff --git a/ci/rust.yml b/ci/rust.yml
index d51f1af..cda1f64 100644
--- a/ci/rust.yml
+++ b/ci/rust.yml
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Build
run: cargo build --verbose
- name: Run tests
diff --git a/ci/scala.yml b/ci/scala.yml
index 14ba966..83b09f7 100644
--- a/ci/scala.yml
+++ b/ci/scala.yml
@@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
diff --git a/ci/super-linter.yml b/ci/super-linter.yml
index 275b34f..01dc63b 100644
--- a/ci/super-linter.yml
+++ b/ci/super-linter.yml
@@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0
diff --git a/ci/swift.yml b/ci/swift.yml
index 91276e3..f2da0d0 100644
--- a/ci/swift.yml
+++ b/ci/swift.yml
@@ -15,7 +15,7 @@ jobs:
runs-on: macos-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Build
run: swift build -v
- name: Run tests
diff --git a/ci/symfony.yml b/ci/symfony.yml
index 4b957e1..4ca1764 100644
--- a/ci/symfony.yml
+++ b/ci/symfony.yml
@@ -24,7 +24,7 @@ jobs:
- uses: shivammathur/setup-php@2cb9b829437ee246e9b3cac53555a39208ca6d28
with:
php-version: '8.0'
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Copy .env.test.local
run: php -r "file_exists('.env.test.local') || copy('.env.test', '.env.test.local');"
- name: Cache Composer packages
diff --git a/ci/webpack.yml b/ci/webpack.yml
index 2b8b18a..9e967c0 100644
--- a/ci/webpack.yml
+++ b/ci/webpack.yml
@@ -15,7 +15,7 @@ jobs:
node-version: [14.x, 16.x, 18.x]
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
diff --git a/code-scanning/anchore-syft.yml b/code-scanning/anchore-syft.yml
index 8180622..99d4dd0 100644
--- a/code-scanning/anchore-syft.yml
+++ b/code-scanning/anchore-syft.yml
@@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Scan the image and upload dependency results
diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml
index 818fb70..2bbc55e 100644
--- a/code-scanning/anchore.yml
+++ b/code-scanning/anchore.yml
@@ -32,7 +32,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out the code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Run the Anchore Grype scan action
diff --git a/code-scanning/bearer.yml b/code-scanning/bearer.yml
index 7e66e57..7971be9 100644
--- a/code-scanning/bearer.yml
+++ b/code-scanning/bearer.yml
@@ -26,7 +26,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout project source
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Scan code using Bearer CLI
- name: Run Report
id: report
diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml
index 197300c..0d1cb05 100644
--- a/code-scanning/brakeman.yml
+++ b/code-scanning/brakeman.yml
@@ -31,7 +31,7 @@ jobs:
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Customize the ruby version depending on your needs
- name: Setup Ruby
diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml
index 6214ab1..7feeb25 100644
--- a/code-scanning/checkmarx-one.yml
+++ b/code-scanning/checkmarx-one.yml
@@ -38,7 +38,7 @@ jobs:
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# This step creates the Checkmarx One scan
- name: Checkmarx One scan
uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc
diff --git a/code-scanning/checkmarx.yml b/code-scanning/checkmarx.yml
index 582488a..b4a99f3 100644
--- a/code-scanning/checkmarx.yml
+++ b/code-scanning/checkmarx.yml
@@ -35,7 +35,7 @@ jobs:
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
- name: Checkmarx CxFlow Action
uses: checkmarx-ts/checkmarx-cxflow-github-action@49d8269b14ca87910ba003d47a31fa0c7a11f2fe
diff --git a/code-scanning/cloudrail.yml b/code-scanning/cloudrail.yml
index e5defa3..8273881 100644
--- a/code-scanning/cloudrail.yml
+++ b/code-scanning/cloudrail.yml
@@ -24,7 +24,7 @@ jobs:
steps:
- name: Clone repo
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# For Terraform, Cloudrail requires the plan as input. So we generate it using
# the Terraform core binary.
diff --git a/code-scanning/codacy.yml b/code-scanning/codacy.yml
index bbb2118..c3cd9f5 100644
--- a/code-scanning/codacy.yml
+++ b/code-scanning/codacy.yml
@@ -36,7 +36,7 @@ jobs:
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml
index 808449d..6fdadb1 100644
--- a/code-scanning/codeql.yml
+++ b/code-scanning/codeql.yml
@@ -21,18 +21,21 @@ on:
jobs:
analyze:
- name: Analyze
+ name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
- # - https://gh.io/using-larger-runners
- # Consider using larger runners for possible analysis time improvements.
+ # - https://gh.io/using-larger-runners (GitHub.com only)
+ # Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
# required for all workflows
security-events: write
+ # required to fetch internal or private CodeQL packs
+ packages: read
+
# only required for workflows in private repositories
actions: read
contents: read
@@ -40,12 +43,15 @@ jobs:
strategy:
fail-fast: false
matrix:
- language: [ $detected-codeql-languages ]
- # CodeQL supports [ $supported-codeql-languages ]
- # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both
- # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
- # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
+ $codeql-languages-matrix
+ # CodeQL supports the following values keywords for 'language': $supported-codeql-languages
+ # Use `c-cpp` to analyze code written in C, C++ or both
+ # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+ # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+ # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+ # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+ # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+ # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v4
@@ -55,6 +61,7 @@ jobs:
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
+ build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
@@ -62,21 +69,20 @@ jobs:
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
-
- # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
- # If this step fails, then you should remove it and run the build manually (see below)
- - name: Autobuild
- uses: github/codeql-action/autobuild@v3
-
+ # If the analyze step fails for one of the languages you are analyzing with
+ # "We were unable to automatically build your code", modify the matrix above
+ # to set the build mode to "manual" for that language. Then modify this step
+ # to build your code.
# âšī¸ Command-line programs to run using the OS shell.
# đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
- # If the Autobuild fails above, remove it and uncomment the following three lines.
- # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
- # - run: |
- # echo "Run, Build Application using script"
- # ./location_of_script_within_repo/buildscript.sh
+ - if: matrix.build-mode == 'manual'
+ run: |
+ echo 'If you are using a "manual" build mode for one or more of the' \
+ 'languages you are analyzing, replace this with the commands to build' \
+ 'your code, for example:'
+ echo ' make bootstrap'
+ echo ' make release'
+ exit 1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
diff --git a/code-scanning/codescan.yml b/code-scanning/codescan.yml
index 0959d23..c4858c6 100644
--- a/code-scanning/codescan.yml
+++ b/code-scanning/codescan.yml
@@ -29,7 +29,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Cache files
uses: actions/cache@v3
with:
diff --git a/code-scanning/contrast-scan.yml b/code-scanning/contrast-scan.yml
index ff3d9d3..1950d3a 100644
--- a/code-scanning/contrast-scan.yml
+++ b/code-scanning/contrast-scan.yml
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
# check out project
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Since Contrast Scan is designed to run against your deployable artifact, the steps to build your artifact should go here.
# -name: Build Project
# ...
diff --git a/code-scanning/credo.yml b/code-scanning/credo.yml
index c1fb8d1..8c8c8be 100644
--- a/code-scanning/credo.yml
+++ b/code-scanning/credo.yml
@@ -41,7 +41,7 @@ jobs:
otp: [version]
elixir: [version]
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f
with:
otp-version: ${{matrix.otp}}
diff --git a/code-scanning/crunch42.yml b/code-scanning/crunch42.yml
index 94ea23b..693bf5f 100644
--- a/code-scanning/crunch42.yml
+++ b/code-scanning/crunch42.yml
@@ -42,7 +42,7 @@ jobs:
security-events: write # for 42Crunch/api-security-audit-action to upload results to Github Code Scanning
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: 42Crunch REST API Static Security Testing
uses: 42Crunch/api-security-audit-action@fc01ea7a89e6268875868f9d89598af7a9899ae0
diff --git a/code-scanning/datree.yml b/code-scanning/datree.yml
index 2e44682..a892cf8 100644
--- a/code-scanning/datree.yml
+++ b/code-scanning/datree.yml
@@ -27,7 +27,7 @@ jobs:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Run Datree policy check
continue-on-error: true
uses: datreeio/action-datree@de67ae7a5133d719dc794e1b75682cd4c5f94d8a
diff --git a/code-scanning/defender-for-devops.yml b/code-scanning/defender-for-devops.yml
index 71971cd..07aa7d1 100644
--- a/code-scanning/defender-for-devops.yml
+++ b/code-scanning/defender-for-devops.yml
@@ -32,7 +32,7 @@ jobs:
runs-on: windows-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-dotnet@v3
with:
dotnet-version: |
diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml
index 15aeb45..76a116b 100644
--- a/code-scanning/detekt.yml
+++ b/code-scanning/detekt.yml
@@ -13,7 +13,7 @@
# 4. Manually, on demand, via the "workflow_dispatch" event
#
# The workflow should work with no modifications, but you might like to use a
-# later version of the Detekt CLI by modifing the $DETEKT_RELEASE_TAG
+# later version of the Detekt CLI by modifying the $DETEKT_RELEASE_TAG
# environment variable.
name: Scan with Detekt
@@ -45,7 +45,7 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Gets the download URL associated with the $DETEKT_RELEASE_TAG
- name: Get Detekt download URL
diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml
index 4abd6ca..98daab8 100644
--- a/code-scanning/devskim.yml
+++ b/code-scanning/devskim.yml
@@ -23,7 +23,7 @@ jobs:
security-events: write
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Run DevSkim scanner
uses: microsoft/DevSkim-Action@v1
diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml
index 1ad0e26..670fe62 100644
--- a/code-scanning/endorlabs.yml
+++ b/code-scanning/endorlabs.yml
@@ -21,10 +21,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
#### Package Build Instructions
### Use this section to define the build steps used by your software package.
- ### Endor Labs builds your software for you where possible but the required build tools must be made availible.
+ ### Endor Labs builds your software for you where possible but the required build tools must be made available.
# - name: Setup Java
# uses: actions/setup-java@v3
# with:
diff --git a/code-scanning/eslint.yml b/code-scanning/eslint.yml
index fcb4f21..876ea2b 100644
--- a/code-scanning/eslint.yml
+++ b/code-scanning/eslint.yml
@@ -28,7 +28,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Install ESLint
run: |
diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml
index 4ed8792..d564b68 100644
--- a/code-scanning/flawfinder.yml
+++ b/code-scanning/flawfinder.yml
@@ -24,7 +24,7 @@ jobs:
security-events: write
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: flawfinder_scan
uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c
diff --git a/code-scanning/fortify.yml b/code-scanning/fortify.yml
index 5e7c422..c52b70e 100644
--- a/code-scanning/fortify.yml
+++ b/code-scanning/fortify.yml
@@ -39,7 +39,7 @@ jobs:
steps:
# Check out source code
- name: Check Out Source Code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Java is required to run the various Fortify utilities.
# When scanning a Java application, please use the appropriate Java version for building your application.
diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml
index ed70289..62eb9ec 100644
--- a/code-scanning/frogbot-scan-and-fix.yml
+++ b/code-scanning/frogbot-scan-and-fix.yml
@@ -21,7 +21,7 @@ jobs:
create-fix-pull-requests:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# IMPORTANT:
# 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix
diff --git a/code-scanning/hadolint.yml b/code-scanning/hadolint.yml
index 68aebaa..2d901a4 100644
--- a/code-scanning/hadolint.yml
+++ b/code-scanning/hadolint.yml
@@ -30,7 +30,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Run hadolint
uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
diff --git a/code-scanning/jscrambler-code-integrity.yml b/code-scanning/jscrambler-code-integrity.yml
index cbc9345..69d7c42 100644
--- a/code-scanning/jscrambler-code-integrity.yml
+++ b/code-scanning/jscrambler-code-integrity.yml
@@ -27,7 +27,7 @@ jobs:
permissions:
contents: read
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 18
diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml
index c432673..98fd8e0 100644
--- a/code-scanning/kubesec.yml
+++ b/code-scanning/kubesec.yml
@@ -24,7 +24,7 @@ jobs:
security-events: write
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Run kubesec scanner
uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
diff --git a/code-scanning/lintr.yml b/code-scanning/lintr.yml
index 8a6de57..01ce719 100644
--- a/code-scanning/lintr.yml
+++ b/code-scanning/lintr.yml
@@ -33,7 +33,7 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Setup R
uses: r-lib/actions/setup-r@4e1feaf90520ec1215d1882fdddfe3411c08e492
diff --git a/code-scanning/mayhem-for-api.yml b/code-scanning/mayhem-for-api.yml
index 64fe71a..9e533fe 100644
--- a/code-scanning/mayhem-for-api.yml
+++ b/code-scanning/mayhem-for-api.yml
@@ -42,7 +42,7 @@ jobs:
contents: read
security-events: write
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Run your API in the background. Ideally, the API would run in debug
# mode & send stacktraces back on "500 Internal Server Error" responses
diff --git a/code-scanning/mobsf.yml b/code-scanning/mobsf.yml
index 2146248..9f876ae 100644
--- a/code-scanning/mobsf.yml
+++ b/code-scanning/mobsf.yml
@@ -25,7 +25,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v3
diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml
index 172d855..0700989 100644
--- a/code-scanning/msvc.yml
+++ b/code-scanning/msvc.yml
@@ -34,7 +34,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Configure CMake
run: cmake -B ${{ env.build }}
diff --git a/code-scanning/njsscan.yml b/code-scanning/njsscan.yml
index 81e3650..8062259 100644
--- a/code-scanning/njsscan.yml
+++ b/code-scanning/njsscan.yml
@@ -30,7 +30,7 @@ jobs:
name: njsscan code scanning
steps:
- name: Checkout the code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: nodejsscan scan
id: njsscan
uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
diff --git a/code-scanning/nowsecure-mobile-sbom.yml b/code-scanning/nowsecure-mobile-sbom.yml
index b9cf039..539b038 100644
--- a/code-scanning/nowsecure-mobile-sbom.yml
+++ b/code-scanning/nowsecure-mobile-sbom.yml
@@ -42,7 +42,7 @@ jobs:
contents: read
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Build your application
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
diff --git a/code-scanning/nowsecure.yml b/code-scanning/nowsecure.yml
index 7b5ba8f..324a533 100644
--- a/code-scanning/nowsecure.yml
+++ b/code-scanning/nowsecure.yml
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Build your application
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
diff --git a/code-scanning/ossar.yml b/code-scanning/ossar.yml
index 63a7515..ad46e1d 100644
--- a/code-scanning/ossar.yml
+++ b/code-scanning/ossar.yml
@@ -32,7 +32,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Ensure a compatible version of dotnet is installed.
# The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
diff --git a/code-scanning/osv-scanner.yml b/code-scanning/osv-scanner.yml
new file mode 100644
index 0000000..2aa7150
--- /dev/null
+++ b/code-scanning/osv-scanner.yml
@@ -0,0 +1,48 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities,
+# in addition to a PR check which fails if new vulnerabilities are introduced.
+#
+# For more examples and options, including how to ignore specific vulnerabilities,
+# see https://google.github.io/osv-scanner/github-action/
+
+name: OSV-Scanner
+
+on:
+ pull_request:
+ branches: [ $default-branch, $protected-branches ]
+ merge_group:
+ branches: [ $default-branch, $protected-branches ]
+ schedule:
+ - cron: $cron-weekly
+ push:
+ branches: [ $default-branch, $protected-branches ]
+
+permissions:
+ # Require writing security events to upload SARIF file to security tab
+ security-events: write
+ # Read commit contents
+ contents: read
+
+jobs:
+ scan-scheduled:
+ if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
+ uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+ with:
+ # Example of specifying custom arguments
+ scan-args: |-
+ -r
+ --skip-git
+ ./
+ scan-pr:
+ if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
+ uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+ with:
+ # Example of specifying custom arguments
+ scan-args: |-
+ -r
+ --skip-git
+ ./
diff --git a/code-scanning/phpmd.yml b/code-scanning/phpmd.yml
index 686551a..58ca4f8 100644
--- a/code-scanning/phpmd.yml
+++ b/code-scanning/phpmd.yml
@@ -38,7 +38,7 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@aa1fe473f9c687b6fb896056d771232c0bc41161
diff --git a/code-scanning/pmd.yml b/code-scanning/pmd.yml
index 6b5b7ea..ed5eec9 100644
--- a/code-scanning/pmd.yml
+++ b/code-scanning/pmd.yml
@@ -24,7 +24,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
diff --git a/code-scanning/policy-validator-cfn.yaml b/code-scanning/policy-validator-cfn.yaml
new file mode 100644
index 0000000..b2cd163
--- /dev/null
+++ b/code-scanning/policy-validator-cfn.yaml
@@ -0,0 +1,84 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow will validate the IAM policies in the CloudFormation (CFN) templates with using the standard and custom checks in AWS IAM Access Analyzer
+# To use this workflow, you will need to complete the following set up steps before start using it:
+# 1. Configure an AWS IAM role to use the Access Analyzer's ValidatePolicy, CheckNoNewAccess and CheckAccessNotGranted. This IAM role must be configured to call from the GitHub Actions, use the following [doc](https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/) for steps. In the below workflow, ARN of such role is stored in the GitHub secrets with name `POLICY_VALIDATOR_ROLE`
+# 2. If you're using CHECK_NO_NEW_ACCESS policy-check-type, you need to create a reference policy. Use the guide [here](https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples?tab=readme-ov-file#how-do-i-write-my-own-reference-policies) and store it your GitHub repo.
+# 3. If you're using the CHECK_ACCESS_NOT_GRANTED policy-check-type, identify the list of critical actions that shouldn't be granted access by the policies in the given CFN templates.
+# 4. Start using the GitHub actions by generating the GitHub events matching the defined criteria in your workflow.
+name: Validate AWS IAM policies in CloudFormation templates using Policy Validator
+on:
+ push:
+ branches: [$default-branch, $protected-branches]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [$default-branch]
+env:
+ AWS_ROLE: MY_ROLE # set this with the role ARN which has permissions to invoke access-analyzer:ValidatePolicy,access-analyzer:CheckNoNewAccess, access-analyzer:CheckAccessNotGranted and can be used in GitHub actions
+ REGION: MY_AWS_REGION # set this to your preferred AWS region where you plan to deploy your policies, e.g. us-west-1
+ TEMPLATE_PATH: FILE_PATH_TO_CFN_TEMPLATE # set to the file path to the CloudFormation template.
+ ACTIONS: MY_LIST_OF_ACTIONS # set to pass list of actions in the format action1, action2,.. This is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
+ REFERENCE_POLICY: REFERENCE_POLICY # set to pass a JSON formatted file that specifies the path to the reference policy that is used for a permissions comparison. For example, if you stored such path in a GitHub secret with name REFERENCE_IDENTITY_POLICY , you can pass ${{ secrets.REFERENCE_IDENTITY_POLICY }}. If not you have the reference policy in the repository, you can directly pass it's file path. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
+ REFERENCE_POLICY_TYPE: TYPE_OF_REFERENCE_POLICY # set to pass the policy type associated with the IAM policy under analysis and the reference policy. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
+jobs:
+ policy-validator:
+ runs-on: ubuntu-latest # Virtual machine to run the workflow (configurable)
+ # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow
+ # https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
+ permissions:
+ id-token: write # This is required for requesting the JWT
+ contents: read # This is required for actions/checkout
+ name: Policy Validator checks for AWS IAM policies
+ steps:
+ # checkout the repo for workflow to access the contents
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+ # Configure AWS Credentials. More configuration details here - https://github.com/aws-actions/configure-aws-credentials
+ - name: Configure AWS Credentials
+ uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+ with:
+ role-to-assume: ${{ env.AWS_ROLE }}
+ aws-region: ${{ env.REGION }}
+ # Run the VALIDATE_POLICY check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
+ - name: Run AWS AccessAnalyzer ValidatePolicy check
+ id: run-aws-validate-policy
+ uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
+ with:
+ policy-check-type: "VALIDATE_POLICY"
+ template-path: ${{ env.TEMPLATE_PATH}}
+ region: ${{ env.REGION }}
+ # Print result from VALIDATE_POLICY check
+ - name: Print the result for ValidatePolicy check
+ if: success() || failure()
+ run: echo "${{ steps.run-aws-validate-policy.outputs.result }}"
+ # Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
+ - name: Run AWS AccessAnalyzer CheckAccessNotGranted check
+ id: run-aws-check-access-not-granted
+ uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
+ with:
+ policy-check-type: "CHECK_ACCESS_NOT_GRANTED"
+ template-path: ${{ env.TEMPLATE_PATH}}
+ actions: ${{ env.ACTIONS }}
+ region: ${{ env.REGION }}
+ # Print result from CHECK_ACCESS_NOT_GRANTED check
+ - name: Print the result for CheckAccessNotGranted check
+ if: success() || failure()
+ run: echo "${{ steps.run-aws-check-access-not-granted.outputs.result }}"
+ # Run the CHECK_NO_NEW_ACCESS check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
+ # reference-policy is stored in GitHub secrets
+ - name: Run AWS AccessAnalyzer CheckNoNewAccess check
+ id: run-aws-check-no-new-access
+ uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
+ with:
+ policy-check-type: "CHECK_NO_NEW_ACCESS"
+ template-path: ${{ env.TEMPLATE_PATH}}
+ reference-policy: ${{ env.REFERENCE }}
+ reference-policy-type: ${{ env.REFERENCE_POLICY_TYPE }}
+ region: ${{env.REGION }}
+ # Print result from CHECK_NO_NEW_ACCESS check
+ - name: Print the result for CheckNoNewAccess check
+ if: success() || failure()
+ run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}"
diff --git a/code-scanning/policy-validator-tf.yaml b/code-scanning/policy-validator-tf.yaml
new file mode 100644
index 0000000..1ca77b5
--- /dev/null
+++ b/code-scanning/policy-validator-tf.yaml
@@ -0,0 +1,87 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow will validate the IAM policies in the terraform (TF) templates with using the standard and custom checks in AWS IAM Access Analyzer
+# To use this workflow, you will need to complete the following set up steps before start using it:
+# 1. Configure an AWS IAM role to use the Access Analyzer's ValidatePolicy, CheckNoNewAccess and CheckAccessNotGranted. This IAM role must be configured to call from the GitHub Actions, use the following [doc](https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/) for steps.
+# 2. If you're using CHECK_NO_NEW_ACCESS policy-check-type, you need to create a reference policy. Use the guide [here](https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples?tab=readme-ov-file#how-do-i-write-my-own-reference-policies) and store it your GitHub repo.
+# 3. If you're using the CHECK_ACCESS_NOT_GRANTED policy-check-type, identify the list of critical actions that shouldn't be granted access by the policies in the TF templates.
+# 4. Start using the GitHub actions by generating the GitHub events matching the defined criteria in your workflow.
+
+name: Validate AWS IAM policies in Terraform templates using Policy Validator
+on:
+ push:
+ branches: [$default-branch, $protected-branches]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [$default-branch]
+env:
+ AWS_ROLE: MY_ROLE # set this with the role ARN which has permissions to invoke access-analyzer:ValidatePolicy,access-analyzer:CheckNoNewAccess, access-analyzer:CheckAccessNotGranted and can be used in GitHub actions
+ REGION: MY_AWS_REGION # set this to your preferred AWS region where you plan to deploy your policies, e.g. us-west-1
+ TEMPLATE_PATH: FILE_PATH_TO_THE_TF_PLAN # set this to the file path to the terraform plan in JSON
+ ACTIONS: MY_LIST_OF_ACTIONS # set to pass list of actions in the format action1, action2,.. This is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
+ REFERENCE_POLICY: REFERENCE_POLICY # set to pass a JSON formatted file that specifies the path to the reference policy that is used for a permissions comparison. For example, if you stored such path in a GitHub secret with name REFERENCE_IDENTITY_POLICY , you can pass ${{ secrets.REFERENCE_IDENTITY_POLICY }}. If not you have the reference policy in the repository, you can directly pass it's path. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
+ REFERENCE_POLICY_TYPE: TYPE_OF_REFERENCE_POLICY # set to pass the policy type associated with the IAM policy under analysis and the reference policy. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
+
+jobs:
+ policy-validator:
+ runs-on: ubuntu-latest # Virtual machine to run the workflow (configurable)
+ #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow
+ #https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
+ permissions:
+ id-token: write # This is required for requesting the JWT
+ contents: read # This is required for actions/checkout
+ # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners
+ name: Policy Validator checks for AWS IAM policies
+ steps:
+ # checkout the repo for workflow to access the contents
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+ # Configure AWS Credentials. More configuration details here- https://github.com/aws-actions/configure-aws-credentials
+ - name: Configure AWS Credentials
+ uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+ with:
+ role-to-assume: ${{ env.AWS_ROLE }}
+ aws-region: ${{ env.REGION }}
+ # Run the VALIDATE_POLICY check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
+ - name: Run AWS AccessAnalyzer ValidatePolicy check
+ id: run-aws-validate-policy
+ uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
+ with:
+ policy-check-type: "VALIDATE_POLICY"
+ template-path: ${{ env.TEMPLATE_PATH }}
+ region: ${{ env.REGION }}
+ # Print result from VALIDATE_POLICY check
+ - name: Print the result for ValidatePolicy check
+ if: success() || failure()
+ run: echo "${{ steps.run-aws-validate-policy.outputs.result }}"
+ # Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
+ - name: Run AWS AccessAnalyzer CheckAccessNotGranted check
+ id: run-aws-check-access-not-granted
+ uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
+ with:
+ policy-check-type: "CHECK_ACCESS_NOT_GRANTED"
+ template-path: ${{ env.TEMPLATE_PATH }}
+ actions: ${{ env.ACTIONS }}
+ region: ${{ env.REGION }}
+ # Print result from CHECK_ACCESS_NOT_GRANTED check
+ - name: Print the result for CheckAccessNotGranted check
+ if: success() || failure()
+ run: echo "${{ steps.run-aws-check-access-not-granted.outputs.result }}"
+ # Run the CHECK_NO_NEW_ACCESS check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
+ # reference-policy is stored in GitHub secrets
+ - name: Run AWS AccessAnalyzer CheckNoNewAccess check
+ id: run-aws-check-no-new-access
+ uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
+ with:
+ policy-check-type: "CHECK_NO_NEW_ACCESS"
+ template-path: ${{ env.TEMPLATE_PATH }}
+ reference-policy: ${{ env.REFERENCE_POLICY }}
+ reference-policy-type: ${{ env.REFERENCE_POLICY_TYPE }}
+ region: ${{ env.REGION }}
+ # Print result from CHECK_NO_NEW_ACCESS check
+ - name: Print the result CheckNoNewAccess check
+ if: success() || failure()
+ run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}"
diff --git a/code-scanning/powershell.yml b/code-scanning/powershell.yml
index 1e8a426..52f65a0 100644
--- a/code-scanning/powershell.yml
+++ b/code-scanning/powershell.yml
@@ -29,7 +29,7 @@ jobs:
name: PSScriptAnalyzer
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Run PSScriptAnalyzer
uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
diff --git a/code-scanning/prisma.yml b/code-scanning/prisma.yml
index 9b24386..4b84b21 100644
--- a/code-scanning/prisma.yml
+++ b/code-scanning/prisma.yml
@@ -34,7 +34,7 @@ jobs:
name: Run Prisma Cloud IaC Scan to check
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- id: iac-scan
name: Run Scan on CFT files in the repository
uses: prisma-cloud-shiftleft/iac-scan-action@53278c231c438216d99b463308a3cbed351ba0c3
diff --git a/code-scanning/properties/osv-scanner.properties.json b/code-scanning/properties/osv-scanner.properties.json
new file mode 100644
index 0000000..2ea1d36
--- /dev/null
+++ b/code-scanning/properties/osv-scanner.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "OSV Scanner",
+ "creator": "Google",
+ "description": "Vulnerability scanner for your dependencies using data provided by https://osv.dev",
+ "iconName": "osv",
+ "categories": ["Code Scanning", "JavaScript", "Python", "Java", "PHP", "C#", "R", "Ruby", "Rust", "Swift", "Go", "TypeScript"]
+}
diff --git a/code-scanning/properties/policy-validator-cfn.properties.json b/code-scanning/properties/policy-validator-cfn.properties.json
new file mode 100644
index 0000000..496b368
--- /dev/null
+++ b/code-scanning/properties/policy-validator-cfn.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Policy Validator for CloudFormation",
+ "creator": "Amazon Web Services",
+ "description": "Validate AWS IAM Policies in CloudFormation Templates powered IAM Access Analyzer",
+ "iconName": "aws",
+ "categories": ["Code Scanning", "AWS", "Python"]
+}
diff --git a/code-scanning/properties/policy-validator-tf.properties.json b/code-scanning/properties/policy-validator-tf.properties.json
new file mode 100644
index 0000000..f683f49
--- /dev/null
+++ b/code-scanning/properties/policy-validator-tf.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Policy Validator for Terraform",
+ "creator": "Amazon Web Services",
+ "description": "Validate AWS IAM Policies in Terraform Templates powered IAM Access Analyzer",
+ "iconName": "aws",
+ "categories": ["Code Scanning", "AWS", "Python"]
+}
diff --git a/code-scanning/psalm.yml b/code-scanning/psalm.yml
index 1e88766..dddbfdd 100644
--- a/code-scanning/psalm.yml
+++ b/code-scanning/psalm.yml
@@ -27,7 +27,7 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Psalm Security Scan
uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287
diff --git a/code-scanning/puppet-lint.yml b/code-scanning/puppet-lint.yml
index 047ff00..e039085 100644
--- a/code-scanning/puppet-lint.yml
+++ b/code-scanning/puppet-lint.yml
@@ -33,7 +33,7 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Setup Ruby
uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
diff --git a/code-scanning/pyre.yml b/code-scanning/pyre.yml
index 3c32e8b..791dbaa 100644
--- a/code-scanning/pyre.yml
+++ b/code-scanning/pyre.yml
@@ -33,7 +33,7 @@ jobs:
security-events: write
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
submodules: true
diff --git a/code-scanning/pysa.yml b/code-scanning/pysa.yml
index a9e3c81..a60a99f 100644
--- a/code-scanning/pysa.yml
+++ b/code-scanning/pysa.yml
@@ -35,7 +35,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
submodules: true
diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml
index e2347db..feef351 100644
--- a/code-scanning/rubocop.yml
+++ b/code-scanning/rubocop.yml
@@ -23,7 +23,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# If running on a self-hosted runner, check it meets the requirements
# listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
diff --git a/code-scanning/rust-clippy.yml b/code-scanning/rust-clippy.yml
index 90583f3..4f50c3e 100644
--- a/code-scanning/rust-clippy.yml
+++ b/code-scanning/rust-clippy.yml
@@ -28,7 +28,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
- uses: actions/checkout@v2
+ uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
@@ -52,4 +52,4 @@ jobs:
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: rust-clippy-results.sarif
- wait-for-processing: true
\ No newline at end of file
+ wait-for-processing: true
diff --git a/code-scanning/scorecard.yml b/code-scanning/scorecard.yml
index 19b9b00..162c788 100644
--- a/code-scanning/scorecard.yml
+++ b/code-scanning/scorecard.yml
@@ -32,19 +32,19 @@ jobs:
steps:
- name: "Checkout code"
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+ uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
- # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+ # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
@@ -59,14 +59,15 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
- uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+ uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
with:
name: SARIF file
path: results.sarif
retention-days: 5
- # Upload the results to GitHub's code scanning dashboard.
+ # Upload the results to GitHub's code scanning dashboard (optional).
+ # Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+ uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
with:
sarif_file: results.sarif
diff --git a/code-scanning/securitycodescan.yml b/code-scanning/securitycodescan.yml
index 7a93d8a..5d5e87b 100644
--- a/code-scanning/securitycodescan.yml
+++ b/code-scanning/securitycodescan.yml
@@ -21,7 +21,7 @@ jobs:
SCS:
runs-on: windows-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
- uses: microsoft/setup-msbuild@v1.0.2
diff --git a/code-scanning/semgrep.yml b/code-scanning/semgrep.yml
index 23486e4..f21aa9a 100644
--- a/code-scanning/semgrep.yml
+++ b/code-scanning/semgrep.yml
@@ -32,7 +32,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout project source
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Scan code using project's configuration on https://semgrep.dev/manage
- uses: returntocorp/semgrep-action@fcd5ab7459e8d91cb1777481980d1b18b4fc6735
diff --git a/code-scanning/snyk-container.yml b/code-scanning/snyk-container.yml
index c3756c8..edbea1d 100644
--- a/code-scanning/snyk-container.yml
+++ b/code-scanning/snyk-container.yml
@@ -33,7 +33,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Build a Docker image
run: docker build -t your/image-to-test .
- name: Run Snyk to check Docker image for vulnerabilities
diff --git a/code-scanning/snyk-infrastructure.yml b/code-scanning/snyk-infrastructure.yml
index aedf2a3..a5605a3 100644
--- a/code-scanning/snyk-infrastructure.yml
+++ b/code-scanning/snyk-infrastructure.yml
@@ -32,7 +32,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Run Snyk to check configuration files for security issues
# Snyk can be used to break the build when it detects security issues.
# In this case we want to upload the issues to GitHub Code Scanning
diff --git a/code-scanning/snyk-security.yml b/code-scanning/snyk-security.yml
index 715fa1b..4941e00 100644
--- a/code-scanning/snyk-security.yml
+++ b/code-scanning/snyk-security.yml
@@ -35,7 +35,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Snyk CLI to check for security issues
# Snyk can be used to break the build when it detects security issues.
# In this case we want to upload the SAST issues to GitHub Code Scanning
diff --git a/code-scanning/sobelow.yml b/code-scanning/sobelow.yml
index 61d376f..6dd4ffe 100644
--- a/code-scanning/sobelow.yml
+++ b/code-scanning/sobelow.yml
@@ -32,7 +32,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- id: run-action
uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912
- name: Upload report
diff --git a/code-scanning/soos-dast-scan.yml b/code-scanning/soos-dast-scan.yml
index 335aa03..b3e470e 100644
--- a/code-scanning/soos-dast-scan.yml
+++ b/code-scanning/soos-dast-scan.yml
@@ -36,7 +36,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Run SOOS DAST Analysis
- uses: soos-io/soos-dast-github-action@d0ee0d8feb02c1881e6a1d785bf2078662631150
+ uses: soos-io/soos-dast-github-action@a7f2cb2dfd143cb3224712d902ca0a1da0198ea9
with:
client_id: ${{ secrets.SOOS_CLIENT_ID }}
api_key: ${{ secrets.SOOS_API_KEY }}
@@ -45,6 +45,6 @@ jobs:
target_url: "https://www.example.com/"
output_format: "sarif"
- name: Upload SOOS DAST SARIF Report
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
with:
- sarif_file: results.sarif
\ No newline at end of file
+ sarif_file: results.sarif
diff --git a/code-scanning/stackhawk.yml b/code-scanning/stackhawk.yml
index 64e9b9b..cac0507 100644
--- a/code-scanning/stackhawk.yml
+++ b/code-scanning/stackhawk.yml
@@ -49,7 +49,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Start your service
run: ./your-service.sh & # âī¸ Update this to run your own service to be scanned
diff --git a/code-scanning/synopsys-action.yml b/code-scanning/synopsys-action.yml
index 78855d6..f78def5 100644
--- a/code-scanning/synopsys-action.yml
+++ b/code-scanning/synopsys-action.yml
@@ -20,7 +20,7 @@ jobs:
contents: read
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Synopsys Action
uses: synopsys-sig/synopsys-action@v1.6.0
with:
diff --git a/code-scanning/synopsys-io.yml b/code-scanning/synopsys-io.yml
index 61169e2..df50d9d 100644
--- a/code-scanning/synopsys-io.yml
+++ b/code-scanning/synopsys-io.yml
@@ -25,7 +25,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Synopsys Intelligent Security Scan
id: prescription
diff --git a/code-scanning/sysdig-scan.yml b/code-scanning/sysdig-scan.yml
index 8c13a4b..c9a0edb 100644
--- a/code-scanning/sysdig-scan.yml
+++ b/code-scanning/sysdig-scan.yml
@@ -28,7 +28,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Build the Docker image
# Tag image to be built
diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml
index 48ee4d2..388fc37 100644
--- a/code-scanning/tfsec.yml
+++ b/code-scanning/tfsec.yml
@@ -24,10 +24,10 @@ jobs:
steps:
- name: Clone repo
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Run tfsec
- uses: aquasecurity/tfsec-sarif-action@9a83b5c3524f825c020e356335855741fd02745f
+ uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608
with:
sarif_file: tfsec.sarif
diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml
index e4d38cd..ec90221 100644
--- a/code-scanning/trivy.yml
+++ b/code-scanning/trivy.yml
@@ -27,7 +27,7 @@ jobs:
runs-on: "ubuntu-20.04"
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Build an image from Dockerfile
run: |
diff --git a/code-scanning/veracode.yml b/code-scanning/veracode.yml
index 04fc814..379493f 100644
--- a/code-scanning/veracode.yml
+++ b/code-scanning/veracode.yml
@@ -32,7 +32,7 @@ jobs:
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
repository: ''
diff --git a/code-scanning/xanitizer.yml b/code-scanning/xanitizer.yml
index 8fd5c7b..32c977e 100644
--- a/code-scanning/xanitizer.yml
+++ b/code-scanning/xanitizer.yml
@@ -57,7 +57,7 @@ jobs:
steps:
# Check out the repository
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Set up the correct Java version for your project
# Please comment out, if your project does not contain Java source code.
diff --git a/code-scanning/zscaler-iac-scan.yml b/code-scanning/zscaler-iac-scan.yml
index e880bdf..7a2fc00 100644
--- a/code-scanning/zscaler-iac-scan.yml
+++ b/code-scanning/zscaler-iac-scan.yml
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name : Code Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name : Zscaler IAC Scan
uses : ZscalerCWP/Zscaler-IaC-Action@8d2afb33b10b4bd50e2dc2c932b37c6e70ac1087
id : zscaler-iac-scan
diff --git a/code-scanning/zscan.yml b/code-scanning/zscan.yml
index 01c3b05..018e473 100644
--- a/code-scanning/zscan.yml
+++ b/code-scanning/zscan.yml
@@ -36,7 +36,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Execute gradle build
run: ./gradlew build # Change this to build your mobile application
diff --git a/deployments/alibabacloud.yml b/deployments/alibabacloud.yml
index 96d5d38..526169e 100644
--- a/deployments/alibabacloud.yml
+++ b/deployments/alibabacloud.yml
@@ -49,7 +49,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# 1.1 Login to ACR
- name: Login to ACR with the AccessKey pair
@@ -59,7 +59,7 @@ jobs:
access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
- # 1.2 Buid and push image to ACR
+ # 1.2 Build and push image to ACR
- name: Build and push image to ACR
run: |
docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" .
@@ -76,7 +76,7 @@ jobs:
tag: "${{ env.TAG }}"
# 2.1 (Optional) Login to ACR EE
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Login to ACR EE with the AccessKey pair
uses: aliyun/acr-login@v1
with:
diff --git a/deployments/aws.yml b/deployments/aws.yml
index af7d87d..3a1caa9 100644
--- a/deployments/aws.yml
+++ b/deployments/aws.yml
@@ -51,7 +51,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
diff --git a/deployments/azure-container-webapp.yml b/deployments/azure-container-webapp.yml
index 2f686e6..57d6386 100644
--- a/deployments/azure-container-webapp.yml
+++ b/deployments/azure-container-webapp.yml
@@ -42,7 +42,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
diff --git a/deployments/azure-functions-app-container.yml b/deployments/azure-functions-app-container.yml
index 1173b95..8333878 100644
--- a/deployments/azure-functions-app-container.yml
+++ b/deployments/azure-functions-app-container.yml
@@ -40,7 +40,7 @@ jobs:
environment: dev
steps:
- name: 'Checkout GitHub Action'
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: 'Login via Azure CLI'
uses: azure/login@v1
diff --git a/deployments/azure-functions-app-dotnet.yml b/deployments/azure-functions-app-dotnet.yml
index 824614e..bf1169b 100644
--- a/deployments/azure-functions-app-dotnet.yml
+++ b/deployments/azure-functions-app-dotnet.yml
@@ -33,7 +33,7 @@ jobs:
environment: dev
steps:
- name: 'Checkout GitHub Action'
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
# - name: 'Login via Azure CLI'
diff --git a/deployments/azure-functions-app-java-gradle.yml b/deployments/azure-functions-app-java-gradle.yml
index 36c50b8..131e287 100644
--- a/deployments/azure-functions-app-java-gradle.yml
+++ b/deployments/azure-functions-app-java-gradle.yml
@@ -38,7 +38,7 @@ jobs:
environment: dev
steps:
- name: 'Checkout GitHub Action'
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
# - name: 'Login via Azure CLI'
diff --git a/deployments/azure-functions-app-java.yml b/deployments/azure-functions-app-java.yml
index 5608328..e7b78c0 100644
--- a/deployments/azure-functions-app-java.yml
+++ b/deployments/azure-functions-app-java.yml
@@ -33,7 +33,7 @@ jobs:
environment: dev
steps:
- name: 'Checkout GitHub Action'
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
# - name: 'Login via Azure CLI'
diff --git a/deployments/azure-functions-app-nodejs.yml b/deployments/azure-functions-app-nodejs.yml
index 916f396..6c2e45c 100644
--- a/deployments/azure-functions-app-nodejs.yml
+++ b/deployments/azure-functions-app-nodejs.yml
@@ -35,7 +35,7 @@ jobs:
environment: dev
steps:
- name: 'Checkout GitHub Action'
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
# - name: 'Login via Azure CLI'
diff --git a/deployments/azure-functions-app-powershell.yml b/deployments/azure-functions-app-powershell.yml
index 5d62316..9ffc628 100644
--- a/deployments/azure-functions-app-powershell.yml
+++ b/deployments/azure-functions-app-powershell.yml
@@ -32,7 +32,7 @@ jobs:
environment: dev
steps:
- name: 'Checkout GitHub Action'
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
# - name: 'Login via Azure CLI'
diff --git a/deployments/azure-functions-app-python.yml b/deployments/azure-functions-app-python.yml
index 6452a18..2c50d8a 100644
--- a/deployments/azure-functions-app-python.yml
+++ b/deployments/azure-functions-app-python.yml
@@ -33,7 +33,7 @@ jobs:
environment: dev
steps:
- name: 'Checkout GitHub Action'
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
# - name: 'Login via Azure CLI'
diff --git a/deployments/azure-kubernetes-service-helm.yml b/deployments/azure-kubernetes-service-helm.yml
index c3b521e..a6c666b 100644
--- a/deployments/azure-kubernetes-service-helm.yml
+++ b/deployments/azure-kubernetes-service-helm.yml
@@ -55,7 +55,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Logs in with your Azure credentials
- name: Azure login
@@ -79,7 +79,7 @@ jobs:
needs: [buildImage]
steps:
# Checks out the repository this file is in
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Logs in with your Azure credentials
- name: Azure login
diff --git a/deployments/azure-kubernetes-service-kompose.yml b/deployments/azure-kubernetes-service-kompose.yml
index c2edcea..a222528 100644
--- a/deployments/azure-kubernetes-service-kompose.yml
+++ b/deployments/azure-kubernetes-service-kompose.yml
@@ -53,7 +53,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Logs in with your Azure credentials
- name: Azure login
@@ -77,7 +77,7 @@ jobs:
needs: [buildImage]
steps:
# Checks out the repository this file is in
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Logs in with your Azure credentials
- name: Azure login
diff --git a/deployments/azure-kubernetes-service-kustomize.yml b/deployments/azure-kubernetes-service-kustomize.yml
index 1b8aa99..e27e04e 100644
--- a/deployments/azure-kubernetes-service-kustomize.yml
+++ b/deployments/azure-kubernetes-service-kustomize.yml
@@ -53,7 +53,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Logs in with your Azure credentials
- name: Azure login
@@ -77,7 +77,7 @@ jobs:
needs: [buildImage]
steps:
# Checks out the repository this file is in
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Logs in with your Azure credentials
- name: Azure login
diff --git a/deployments/azure-kubernetes-service.yml b/deployments/azure-kubernetes-service.yml
index f5450e5..649eb72 100644
--- a/deployments/azure-kubernetes-service.yml
+++ b/deployments/azure-kubernetes-service.yml
@@ -49,7 +49,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Logs in with your Azure credentials
- name: Azure login
@@ -73,7 +73,7 @@ jobs:
needs: [buildImage]
steps:
# Checks out the repository this file is in
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# Logs in with your Azure credentials
- name: Azure login
diff --git a/deployments/azure-staticwebapp.yml b/deployments/azure-staticwebapp.yml
index 8fe07ce..bc9bc62 100644
--- a/deployments/azure-staticwebapp.yml
+++ b/deployments/azure-staticwebapp.yml
@@ -38,7 +38,7 @@ jobs:
runs-on: ubuntu-latest
name: Build and Deploy Job
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
submodules: true
- name: Build And Deploy
diff --git a/deployments/azure-webapps-dotnet-core.yml b/deployments/azure-webapps-dotnet-core.yml
index 005aef2..b4bfafb 100644
--- a/deployments/azure-webapps-dotnet-core.yml
+++ b/deployments/azure-webapps-dotnet-core.yml
@@ -37,7 +37,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v2
diff --git a/deployments/azure-webapps-java-jar-gradle.yml b/deployments/azure-webapps-java-jar-gradle.yml
index b1c1df9..63a45cc 100644
--- a/deployments/azure-webapps-java-jar-gradle.yml
+++ b/deployments/azure-webapps-java-jar-gradle.yml
@@ -37,7 +37,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Java version
uses: actions/setup-java@v3.0.0
diff --git a/deployments/azure-webapps-java-jar.yml b/deployments/azure-webapps-java-jar.yml
index c29d871..608fb8e 100644
--- a/deployments/azure-webapps-java-jar.yml
+++ b/deployments/azure-webapps-java-jar.yml
@@ -37,7 +37,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Java version
uses: actions/setup-java@v3.0.0
diff --git a/deployments/azure-webapps-node.yml b/deployments/azure-webapps-node.yml
index c72b1be..147d4e6 100644
--- a/deployments/azure-webapps-node.yml
+++ b/deployments/azure-webapps-node.yml
@@ -34,7 +34,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v3
diff --git a/deployments/azure-webapps-php.yml b/deployments/azure-webapps-php.yml
index b3aee8d..1182c2a 100644
--- a/deployments/azure-webapps-php.yml
+++ b/deployments/azure-webapps-php.yml
@@ -37,7 +37,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@7c0b4c8c8ebed23eca9ec2802474895d105b11bc
diff --git a/deployments/azure-webapps-python.yml b/deployments/azure-webapps-python.yml
index 0ce3ce9..656f95c 100644
--- a/deployments/azure-webapps-python.yml
+++ b/deployments/azure-webapps-python.yml
@@ -36,7 +36,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up Python version
uses: actions/setup-python@v3.0.0
diff --git a/deployments/google.yml b/deployments/google.yml
index 846452a..deb9877 100644
--- a/deployments/google.yml
+++ b/deployments/google.yml
@@ -37,7 +37,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Configure Workload Identity Federation and generate an access token.
- id: 'auth'
diff --git a/deployments/ibm.yml b/deployments/ibm.yml
index 53a58c5..eaec275 100644
--- a/deployments/ibm.yml
+++ b/deployments/ibm.yml
@@ -32,7 +32,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Download and Install IBM Cloud CLI
- name: Install IBM Cloud CLI
diff --git a/deployments/openshift.yml b/deployments/openshift.yml
index 8504059..1c3fc43 100644
--- a/deployments/openshift.yml
+++ b/deployments/openshift.yml
@@ -124,7 +124,7 @@ jobs:
}
- name: Check out repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Determine app name
if: env.APP_NAME == ''
diff --git a/deployments/tencent.yml b/deployments/tencent.yml
index 3d22854..bf75b56 100644
--- a/deployments/tencent.yml
+++ b/deployments/tencent.yml
@@ -37,7 +37,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Build
- name: Build Docker image
diff --git a/deployments/terraform.yml b/deployments/terraform.yml
index c06f685..25d2963 100644
--- a/deployments/terraform.yml
+++ b/deployments/terraform.yml
@@ -66,7 +66,7 @@ jobs:
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
diff --git a/icons/osv.svg b/icons/osv.svg
new file mode 100644
index 0000000..c01aeee
--- /dev/null
+++ b/icons/osv.svg
@@ -0,0 +1,29 @@
+
+
+
+
diff --git a/icons/soos.svg b/icons/soos.svg
index 17a31fc..7480560 100644
--- a/icons/soos.svg
+++ b/icons/soos.svg
@@ -1,17 +1 @@
-
-
-
+
\ No newline at end of file
diff --git a/pages/astro.yml b/pages/astro.yml
index 0929af5..25db103 100644
--- a/pages/astro.yml
+++ b/pages/astro.yml
@@ -42,11 +42,13 @@ jobs:
echo "manager=yarn" >> $GITHUB_OUTPUT
echo "command=install" >> $GITHUB_OUTPUT
echo "runner=yarn" >> $GITHUB_OUTPUT
+ echo "lockfile=yarn.lock" >> $GITHUB_OUTPUT
exit 0
elif [ -f "${{ github.workspace }}/package.json" ]; then
echo "manager=npm" >> $GITHUB_OUTPUT
echo "command=ci" >> $GITHUB_OUTPUT
echo "runner=npx --no-install" >> $GITHUB_OUTPUT
+ echo "lockfile=package-lock.json" >> $GITHUB_OUTPUT
exit 0
else
echo "Unable to determine package manager"
@@ -57,10 +59,10 @@ jobs:
with:
node-version: "20"
cache: ${{ steps.detect-package-manager.outputs.manager }}
- cache-dependency-path: ${{ env.BUILD_PATH }}/package-lock.json
+ cache-dependency-path: ${{ env.BUILD_PATH }}/${{ steps.detect-package-manager.outputs.lockfile }}
- name: Setup Pages
id: pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
- name: Install dependencies
run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }}
working-directory: ${{ env.BUILD_PATH }}
diff --git a/pages/gatsby.yml b/pages/gatsby.yml
index c82a2f7..1bcc667 100644
--- a/pages/gatsby.yml
+++ b/pages/gatsby.yml
@@ -58,7 +58,7 @@ jobs:
cache: ${{ steps.detect-package-manager.outputs.manager }}
- name: Setup Pages
id: pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
with:
# Automatically inject pathPrefix in your Gatsby configuration file.
#
diff --git a/pages/hugo.yml b/pages/hugo.yml
index 6e40b04..141ad91 100644
--- a/pages/hugo.yml
+++ b/pages/hugo.yml
@@ -31,7 +31,7 @@ jobs:
build:
runs-on: ubuntu-latest
env:
- HUGO_VERSION: 0.120.4
+ HUGO_VERSION: 0.124.1
steps:
- name: Install Hugo CLI
run: |
@@ -45,7 +45,7 @@ jobs:
submodules: recursive
- name: Setup Pages
id: pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
- name: Install Node.js dependencies
run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true"
- name: Build with Hugo
diff --git a/pages/jekyll-gh-pages.yml b/pages/jekyll-gh-pages.yml
index 8d5586c..2874cc0 100644
--- a/pages/jekyll-gh-pages.yml
+++ b/pages/jekyll-gh-pages.yml
@@ -29,7 +29,7 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
- name: Build with Jekyll
uses: actions/jekyll-build-pages@v1
with:
diff --git a/pages/jekyll.yml b/pages/jekyll.yml
index 17fec3f..f07bc39 100644
--- a/pages/jekyll.yml
+++ b/pages/jekyll.yml
@@ -41,7 +41,7 @@ jobs:
cache-version: 0 # Increment this number if you need to re-download cached gems
- name: Setup Pages
id: pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
- name: Build with Jekyll
# Outputs to the './_site' directory by default
run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
diff --git a/pages/mdbook.yml b/pages/mdbook.yml
index 6ea654d..cf79f4e 100644
--- a/pages/mdbook.yml
+++ b/pages/mdbook.yml
@@ -39,7 +39,7 @@ jobs:
cargo install --version ${MDBOOK_VERSION} mdbook
- name: Setup Pages
id: pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
- name: Build with mdBook
run: mdbook build
- name: Upload artifact
diff --git a/pages/nextjs.yml b/pages/nextjs.yml
index f91a07d..e2c9ab6 100644
--- a/pages/nextjs.yml
+++ b/pages/nextjs.yml
@@ -54,7 +54,7 @@ jobs:
node-version: "20"
cache: ${{ steps.detect-package-manager.outputs.manager }}
- name: Setup Pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
with:
# Automatically inject basePath in your Next.js configuration file and disable
# server side image optimization (https://nextjs.org/docs/api-reference/next/image#unoptimized).
@@ -75,8 +75,6 @@ jobs:
run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }}
- name: Build with Next.js
run: ${{ steps.detect-package-manager.outputs.runner }} next build
- - name: Static HTML export with Next.js
- run: ${{ steps.detect-package-manager.outputs.runner }} next export
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
diff --git a/pages/nuxtjs.yml b/pages/nuxtjs.yml
index 5ceb0e8..25a6862 100644
--- a/pages/nuxtjs.yml
+++ b/pages/nuxtjs.yml
@@ -52,7 +52,7 @@ jobs:
node-version: "20"
cache: ${{ steps.detect-package-manager.outputs.manager }}
- name: Setup Pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
with:
# Automatically inject router.base in your Nuxt configuration file and set
# target to static (https://nuxtjs.org/docs/configuration-glossary/configuration-target/).
diff --git a/pages/static.yml b/pages/static.yml
index 819974a..5640380 100644
--- a/pages/static.yml
+++ b/pages/static.yml
@@ -32,7 +32,7 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Pages
- uses: actions/configure-pages@v4
+ uses: actions/configure-pages@v5
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with: