updates to github actions and dependabot

bcgov · Sep 19, 2024 · 2023557 · 2023557
1 parent 792e144
commit 2023557
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 9 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/ci-api-build.and.test.yml b/.github/workflows/ci-api-build.and.test.yml
@@ -27,11 +27,11 @@ jobs:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@v4
         with:
           java-version: 17
           distribution: oracle
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -40,7 +40,7 @@ jobs:
       - name: Run unit tests
         run: mvn -f pom.xml clean package
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -49,11 +49,11 @@ jobs:
           severity: 'CRITICAL'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar

diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml
@@ -59,7 +59,7 @@ jobs:
 
     steps:
       - name: Check for required secrets
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const secrets = {

diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml
@@ -53,7 +53,7 @@ jobs:
 
     steps:
       - name: Check for required secrets
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const secrets = {

diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml
@@ -62,7 +62,7 @@ jobs:
 
     steps:
       - name: Check for required secrets
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const secrets = {

diff --git a/.github/workflows/tag-create.git.and.imagestream.tag.yml b/.github/workflows/tag-create.git.and.imagestream.tag.yml
@@ -36,7 +36,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Create tag
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
           github.rest.git.createRef({