github action updates

bcgov · Oct 3, 2024 · 9ae5ef1 · 9ae5ef1
1 parent 9b864f4
commit 9ae5ef1
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 22 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/ci-api-build.and.test.yml b/.github/workflows/ci-api-build.and.test.yml
@@ -18,21 +18,21 @@ on:
 jobs:
   quality_profile:
 
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     defaults:
       run:
         working-directory: api
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@v4
         with:
           java-version: 17
           distribution: oracle
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -41,7 +41,7 @@ jobs:
       - name: Run unit tests
         run: mvn -f pom.xml clean package
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -50,11 +50,11 @@ jobs:
           severity: 'CRITICAL'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar

diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml
@@ -49,8 +49,7 @@ on:
 jobs:
   build-and-deploy-dev:
     name: Build and deploy to OpenShift DEV
-    # ubuntu-20.04 can also be used.
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     environment: dev
 
     outputs:
@@ -93,14 +92,14 @@ jobs:
               core.info(`✅ All the required secrets are set`);
             }
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Determine image tags
         if: env.IMAGE_TAGS == ''
         run: |
           echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.DOCKER_ARTIFACTORY_REPO }}
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -138,7 +137,7 @@ jobs:
           oc: 4
 
         # https://github.com/redhat-actions/oc-login#readme
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Deploy API
         run: |
@@ -165,6 +164,6 @@ jobs:
           # Get status, returns 0 if rollout is successful
           oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
       - name: ZAP Scan
-        uses: zaproxy/action-api-scan@v0.2.0
+        uses: zaproxy/action-api-scan@v0.8.0
         with:
           target: 'https://${{ env.APP_NAME }}-${{ env.OPENSHIFT_NAMESPACE_DEV }}.apps.silver.devops.gov.bc.ca/v3/api-docs'
diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml
@@ -43,8 +43,7 @@ on:
 jobs:
   openshift-ci-cd:
     name: Deploy to OpenShift PROD
-    # ubuntu-20.04 can also be used.
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     environment: production
 
     outputs:
@@ -91,7 +90,7 @@ jobs:
             }
 
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Get latest tag
         uses: actions-ecosystem/action-get-latest-tag@v1
@@ -103,7 +102,7 @@ jobs:
           oc: 4
 
         # https://github.com/redhat-actions/oc-login#readme
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Deploy
         run: |

diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml
@@ -53,7 +53,7 @@ jobs:
 
   deploy-test:
     name: Deploy to OpenShift TEST
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     environment: test
 
     outputs:
@@ -100,7 +100,7 @@ jobs:
             }
 
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install oc
         uses: redhat-actions/openshift-tools-installer@v1
@@ -133,6 +133,6 @@ jobs:
           oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
 
       - name: ZAP Scan
-        uses: zaproxy/action-api-scan@v0.2.0
+        uses: zaproxy/action-api-scan@v0.8.0
         with:
           target: 'https://${{ env.APP_NAME }}-${{ env.OPENSHIFT_NAMESPACE_TEST }}.apps.silver.devops.gov.bc.ca/v3/api-docs'
diff --git a/.github/workflows/tag-create.git.and.imagestream.tag.yml b/.github/workflows/tag-create.git.and.imagestream.tag.yml
@@ -33,7 +33,7 @@ jobs:
 
     steps:
     - name: Check out repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Create tag
       uses: actions/github-script@v6
@@ -52,7 +52,7 @@ jobs:
         oc: 4
 
       # https://github.com/redhat-actions/oc-login#readme
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Tag in OpenShift
       run: |
         set -eux