diff --git a/.github/actions/trivy/action.yaml b/.github/actions/trivy/action.yaml index b7f77a45c8..a654b1d15a 100644 --- a/.github/actions/trivy/action.yaml +++ b/.github/actions/trivy/action.yaml @@ -84,7 +84,7 @@ runs: # Install Trivy as requested. # NOTE: `setup-trivy` can download a "latest" version but cannot cache it. - if: ${{ ! contains(fromJSON(steps.parsed.outputs.setup), 'none') }} - uses: aquasecurity/setup-trivy@v0.2.6 + uses: aquasecurity/setup-trivy@v0.3.1 with: cache: ${{ contains(fromJSON(steps.parsed.outputs.setup), 'cache') }} version: ${{ steps.parsed.outputs.version }} diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index c22823fbe6..98fdd4c950 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml index 154dbc25c3..4a6480bcfe 100644 --- a/.github/workflows/govulncheck.yaml +++ b/.github/workflows/govulncheck.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Install Go and produce a SARIF report. This fails only when the tool is # unable to scan. diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index da3f4f342f..f3fe26c354 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -10,7 +10,7 @@ jobs: contents: read checks: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 57524c8e34..ee92dc8b16 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -10,7 +10,7 @@ jobs: go-test: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -28,7 +28,7 @@ jobs: matrix: kubernetes: ['default'] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -55,7 +55,7 @@ jobs: matrix: kubernetes: [v1.32, v1.34] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -89,7 +89,7 @@ jobs: matrix: kubernetes: [v1.32, v1.34] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -140,7 +140,7 @@ jobs: matrix: kubernetes: [v1.32, v1.34] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -212,7 +212,7 @@ jobs: - e2e-k3d-chainsaw - e2e-k3d-kuttl steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } - uses: actions/download-artifact@v8 diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index 53d9f611ba..2b1cff8fa0 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Download Trivy uses: ./.github/actions/trivy env: @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Trivy needs a populated Go module cache to detect Go module licenses. - uses: actions/setup-go@v6 @@ -67,7 +67,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Report success only when detected secrets are listed in [.trivyignore.yaml]. - name: Scan secrets @@ -89,7 +89,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Print any detected secrets or vulnerabilities to the workflow log for # human consumption. This step fails only when Trivy is unable to scan.