github action updates

bcgov · Sep 27, 2024 · 8a908b0 · 8a908b0
1 parent d40f4cf
commit 8a908b0
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 24 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/ci-api-build.and.test.yml b/.github/workflows/ci-api-build.and.test.yml
@@ -17,21 +17,21 @@ on:
 jobs:
   quality_profile:
 
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     defaults:
       run:
         working-directory: api
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@v4
         with:
           java-version: 17
           distribution: oracle
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -40,7 +40,7 @@ jobs:
       - name: Run unit tests
         run: mvn -f pom.xml clean package
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -49,11 +49,11 @@ jobs:
           severity: 'CRITICAL'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar

diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml
@@ -54,8 +54,7 @@ on:
 jobs:
   build-and-deploy-dev:
     name: Build and deploy to OpenShift DEV
-    # ubuntu-20.04 can also be used.
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     environment: dev
 
     outputs:
@@ -64,7 +63,7 @@ jobs:
 
     steps:
       - name: Check for required secrets
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const secrets = {
@@ -98,14 +97,14 @@ jobs:
               core.info(`✅ All the required secrets are set`);
             }
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Determine image tags
         if: env.IMAGE_TAGS == ''
         run: |
           echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.DOCKER_ARTIFACTORY_REPO }}
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -143,7 +142,7 @@ jobs:
           oc: 4
 
         # https://github.com/redhat-actions/oc-login#readme
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Deploy API
         run: |

diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml
@@ -48,8 +48,7 @@ on:
 jobs:
   openshift-ci-cd:
     name: Deploy to OpenShift PROD
-    # ubuntu-20.04 can also be used.
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     environment: production
 
     outputs:
@@ -58,7 +57,7 @@ jobs:
 
     steps:
       - name: Check for required secrets
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const secrets = {
@@ -96,7 +95,7 @@ jobs:
             }
 
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Get latest tag
         uses: actions-ecosystem/action-get-latest-tag@v1
@@ -108,7 +107,7 @@ jobs:
           oc: 4
 
         # https://github.com/redhat-actions/oc-login#readme
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Deploy API
         run: |

diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml
@@ -56,7 +56,7 @@ on:
 jobs:
   deploy-test:
     name: Deploy to OpenShift TEST
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     environment: test
 
     outputs:
@@ -65,7 +65,7 @@ jobs:
 
     steps:
       - name: Check for required secrets
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const secrets = {
@@ -103,7 +103,7 @@ jobs:
             }
 
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install oc
         uses: redhat-actions/openshift-tools-installer@v1

diff --git a/.github/workflows/tag-create.git.and.imagestream.tag.yml b/.github/workflows/tag-create.git.and.imagestream.tag.yml
@@ -33,10 +33,10 @@ jobs:
 
     steps:
     - name: Check out repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Create tag
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
           github.rest.git.createRef({
@@ -52,7 +52,7 @@ jobs:
         oc: 4
 
       # https://github.com/redhat-actions/oc-login#readme
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Tag in OpenShift
       run: |
         set -eux