diff --git a/.github/workflows/build-all.yml b/.github/workflows/build-all.yml index 29c5d9c..bbaefab 100644 --- a/.github/workflows/build-all.yml +++ b/.github/workflows/build-all.yml @@ -20,7 +20,7 @@ jobs: os_matrix: "{\"os_version\":[\"debian10\",\"debian11\",\"ubuntu16\",\"ubuntu18\",\"ubuntu20\"]}" steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Lowercase repo owner id: repo_owner run: echo "lowercase=$(echo ${{ github.repository_owner }} | tr \"[:upper:]\" \"[:lower:]\")" >>$GITHUB_OUTPUT @@ -34,11 +34,11 @@ jobs: matrix: ${{ fromJson(needs.workflow_setup.outputs.os_matrix) }} steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ matrix.os_version }}-${{ github.sha }} @@ -46,7 +46,7 @@ jobs: ${{ runner.os }}-buildx-${{ matrix.os_version }} ${{ runner.os }}-buildx - name: Build node image based on ${{ matrix.os_version }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: file: build/Dockerfile.${{ matrix.os_version }} context: ./build @@ -56,7 +56,7 @@ jobs: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Upload docker image artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: indy_node_${{ matrix.os_version }} path: /tmp/indy_node_${{ matrix.os_version }}.tar @@ -76,11 +76,11 @@ jobs: needs: workflow_setup steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-controler @@ -88,7 +88,7 @@ jobs: ${{ runner.os }}-buildx-controller ${{ runner.os }}-buildx - name: Build node controller image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: ./controller push: false @@ -97,7 +97,7 @@ jobs: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Upload docker image artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: indy_node_controller path: /tmp/indy_node_controller.tar @@ -115,18 +115,18 @@ jobs: fail-fast: false steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 with: driver-opts: network=host - name: Download node artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: indy_node_${{ matrix.os_version }} path: /tmp - name: Download controller artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: indy_node_controller path: /tmp @@ -148,7 +148,7 @@ jobs: ./parse_validator_info.sh echo "::endgroup::" - name: Safe ledger_state.json for later inspection - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.os_version }}-tmp-test-${{ github.sha }}-ledger_state.json path: ledger_state.json @@ -167,7 +167,7 @@ jobs: steps.ledger.outputs.n2_unreachable != 0 || steps.ledger.outputs.n3_unreachable != 0 || steps.ledger.outputs.n4_unreachable != 0 - uses: actions/github-script@v3 + uses: actions/github-script@v7 with: script: core.setFailed('${{ matrix.os_version }} - Not all nodes are in sync!') - name: Send node restart command @@ -183,7 +183,7 @@ jobs: echo "::set-output name=count::$(echo "$OUTPUT" | awk -F= '$1>${{ steps.node-restart.outputs.restart-time }}' | wc -l)" - name: Fail if not all nodes restarted if: steps.nodes_restarted.outputs.count != 4 - uses: actions/github-script@v3 + uses: actions/github-script@v7 with: script: core.setFailed('${{ matrix.os_version }} - Not all nodes have been restarted') @@ -203,7 +203,7 @@ jobs: matrix: ${{ fromJson(needs.workflow_setup.outputs.os_matrix) }} steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: indy-node-version id: indy-node-version shell: bash @@ -215,9 +215,9 @@ jobs: echo "::endgroup::" echo "nodeVersion=${nodeVersion}">> $GITHUB_OUTPUT - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ matrix.os_version }}-${{ github.sha }} @@ -225,14 +225,14 @@ jobs: ${{ runner.os }}-buildx-${{ matrix.os_version }} ${{ runner.os }}-buildx - name: Log in to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Meta for indy_node id: meta_indy_node - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ghcr.io/${{ needs.workflow_setup.outputs.repo_owner }}/indy-node-container/indy_node flavor: | @@ -248,7 +248,7 @@ jobs: org.opencontainers.image.description=Indy Node Container based on ${{ matrix.os_version }} org.opencontainers.image.vendor=Hyperledger - name: Push indy node based on ${{ matrix.os_version }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: file: build/Dockerfile.${{ matrix.os_version }} context: ./build @@ -268,11 +268,11 @@ jobs: if: ${{ github.event_name != 'pull_request' }} steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-controler @@ -280,14 +280,14 @@ jobs: ${{ runner.os }}-buildx-controller ${{ runner.os }}-buildx - name: Log in to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Meta for indy_node_controller id: meta_indy_node_controller - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ghcr.io/${{ needs.workflow_setup.outputs.repo_owner }}/indy-node-container/indy_node_controller flavor: | @@ -303,7 +303,7 @@ jobs: org.opencontainers.image.description=Indy Node Container Controller org.opencontainers.image.vendor=Hyperledger - name: Push indy node controller - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: ./controller push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/trivy-all.yml b/.github/workflows/trivy-all.yml index efb4e55..415d8e5 100644 --- a/.github/workflows/trivy-all.yml +++ b/.github/workflows/trivy-all.yml @@ -28,7 +28,7 @@ jobs: os_version: [ debian10, debian11, ubuntu16, ubuntu18, ubuntu20 ] steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: indy-node-version id: indy-node-version shell: bash @@ -54,14 +54,14 @@ jobs: sed -i 's/"name": "Trivy",/"name": "Trivy${{ matrix.os_version }}Latest",/g' trivy-indy-node-${{ steps.indy-node-version.outputs.nodeVersion }}-${{ matrix.os_version }}.sarif - name: 'Safe trivy-indy-node-${{ matrix.os_version }}.sarif' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: trivy-indy-node-${{ steps.indy-node-version.outputs.nodeVersion }}-${{ matrix.os_version }}.sarif path: trivy-indy-node-${{ steps.indy-node-version.outputs.nodeVersion }}-${{ matrix.os_version }}.sarif retention-days: 8 - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-indy-node-${{ steps.indy-node-version.outputs.nodeVersion }}-${{ matrix.os_version }}.sarif'