diff --git a/.github/actions/trivy/action.yaml b/.github/actions/trivy/action.yaml index b7f77a45c8..a654b1d15a 100644 --- a/.github/actions/trivy/action.yaml +++ b/.github/actions/trivy/action.yaml @@ -84,7 +84,7 @@ runs: # Install Trivy as requested. # NOTE: `setup-trivy` can download a "latest" version but cannot cache it. - if: ${{ ! contains(fromJSON(steps.parsed.outputs.setup), 'none') }} - uses: aquasecurity/setup-trivy@v0.2.6 + uses: aquasecurity/setup-trivy@v0.3.1 with: cache: ${{ contains(fromJSON(steps.parsed.outputs.setup), 'cache') }} version: ${{ steps.parsed.outputs.version }} diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 02fffef964..e918c8cbaa 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml index 02c6a7bb53..75b2d3e2eb 100644 --- a/.github/workflows/govulncheck.yaml +++ b/.github/workflows/govulncheck.yaml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Install Go and produce a SARIF report. This fails only when the tool is # unable to scan. diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 40655be251..22eef4cc51 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -12,7 +12,7 @@ jobs: contents: read checks: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b0b49d690a..625541907f 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -12,7 +12,7 @@ jobs: go-test: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -30,7 +30,7 @@ jobs: matrix: kubernetes: ['default'] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -57,7 +57,7 @@ jobs: matrix: kubernetes: [v1.30, v1.34] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -91,7 +91,7 @@ jobs: matrix: kubernetes: [v1.30, v1.34] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } @@ -165,7 +165,7 @@ jobs: - kubernetes-k3d - e2e-k3d-kuttl steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: stable } - uses: actions/download-artifact@v8 diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index 3afc7b93e9..78bfb00145 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Download Trivy uses: ./.github/actions/trivy env: @@ -43,7 +43,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Trivy needs a populated Go module cache to detect Go module licenses. - uses: actions/setup-go@v6 @@ -69,7 +69,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Report success only when detected secrets are listed in [.trivyignore.yaml]. - name: Scan secrets @@ -91,7 +91,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Print any detected secrets or vulnerabilities to the workflow log for # human consumption. This step fails only when Trivy is unable to scan.