diff --git a/.github/workflows/BETA-xray-cucumber-integration.yaml b/.github/workflows/BETA-xray-cucumber-integration.yaml index b072dc37da..f99f639906 100644 --- a/.github/workflows/BETA-xray-cucumber-integration.yaml +++ b/.github/workflows/BETA-xray-cucumber-integration.yaml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f3cdc69b3f..f4e2d93b56 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/eclipse-dash.yml b/.github/workflows/eclipse-dash.yml index 0555c7827a..efb978f182 100644 --- a/.github/workflows/eclipse-dash.yml +++ b/.github/workflows/eclipse-dash.yml @@ -17,7 +17,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/helm-chart-release.yaml b/.github/workflows/helm-chart-release.yaml index 5c50ac9186..9afdf5887d 100644 --- a/.github/workflows/helm-chart-release.yaml +++ b/.github/workflows/helm-chart-release.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml index 74e71b1924..a954977931 100644 --- a/.github/workflows/helm-test.yaml +++ b/.github/workflows/helm-test.yaml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -35,7 +35,7 @@ jobs: version: v0.20.0 - name: Build image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . push: true diff --git a/.github/workflows/helm-upgrade.yaml b/.github/workflows/helm-upgrade.yaml index a0900f0878..762675e705 100644 --- a/.github/workflows/helm-upgrade.yaml +++ b/.github/workflows/helm-upgrade.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/int-setup-testdata.yml b/.github/workflows/int-setup-testdata.yml index 12629d14e2..fc11f6c2c8 100644 --- a/.github/workflows/int-setup-testdata.yml +++ b/.github/workflows/int-setup-testdata.yml @@ -32,7 +32,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: setup python uses: actions/setup-python@v4 diff --git a/.github/workflows/int-test-automation.yml b/.github/workflows/int-test-automation.yml index e505dd2c77..aa19f1981c 100644 --- a/.github/workflows/int-test-automation.yml +++ b/.github/workflows/int-test-automation.yml @@ -13,7 +13,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index 0918fae1a3..eaeeb9c54d 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 @@ -49,7 +49,7 @@ jobs: github.actor != 'dependabot[bot]' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis @@ -91,7 +91,7 @@ jobs: outputs: image-tag: ${{ steps.version.outputs.image_tag }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build image to make sure Dockerfile is valid run: | @@ -146,7 +146,7 @@ jobs: env: DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} if: env.DOCKER_HUB_USER != '' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} diff --git a/.github/workflows/irs-load-test.yaml b/.github/workflows/irs-load-test.yaml index cd7ff73ba8..e6e931fc80 100644 --- a/.github/workflows/irs-load-test.yaml +++ b/.github/workflows/irs-load-test.yaml @@ -22,7 +22,7 @@ jobs: gatling-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/jira-publish-release.yaml b/.github/workflows/jira-publish-release.yaml index 8ddc5270ff..dc442b3705 100644 --- a/.github/workflows/jira-publish-release.yaml +++ b/.github/workflows/jira-publish-release.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set current date as env variable run: echo "NOW=$(date +'%Y-%m-%d')" >> $GITHUB_ENV diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 2979b13336..c5b7f68da9 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -24,7 +24,7 @@ jobs: security-events: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: KICS scan uses: checkmarx/kics-github-action@master @@ -53,6 +53,8 @@ jobs: # Exclude accepted queries from the build # Exclude 8d29754a-2a18-460d-a1ba-9509f8d359da - IAM Access Analyzer Not Enabled. This is a false positive for AWS configs which are not used exclude_queries: "8d29754a-2a18-460d-a1ba-9509f8d359da" + # No secret scanning + disable_secrets: true # Upload findings to GitHub Advanced Security Dashboard - name: Upload SARIF file for GitHub Advanced Security Dashboard @@ -66,4 +68,4 @@ jobs: if: always() with: name: kicsResults.json - path: kicsResults/results.json \ No newline at end of file + path: kicsResults/results.json diff --git a/.github/workflows/maven-deploy.yaml b/.github/workflows/maven-deploy.yaml index f59070333c..1ad049cf89 100644 --- a/.github/workflows/maven-deploy.yaml +++ b/.github/workflows/maven-deploy.yaml @@ -40,7 +40,7 @@ jobs: needs.secret-presence.outputs.HAS_OSSRH && github.event_name != 'pull_request' && github.ref != 'refs/heads/releases' steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml index e3553280ec..d783444d88 100644 --- a/.github/workflows/owasp.yml +++ b/.github/workflows/owasp.yml @@ -24,7 +24,7 @@ jobs: name: owasp-check steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/publish-documentation.yaml b/.github/workflows/publish-documentation.yaml index 0623173695..de2086ef85 100644 --- a/.github/workflows/publish-documentation.yaml +++ b/.github/workflows/publish-documentation.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2751b16a75..8ac4ed5861 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,18 +10,18 @@ jobs: release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Calculate Helm release version from CHANGELOG run: echo HELM_VERSION=$(cat charts/irs-helm/CHANGELOG.md | sed -n 's/.*\[\([0-9]\+\.[0-9]\+\.[0-9]\+\)\].*/\1/p' | head -n 1) >> $GITHUB_ENV - name: Update Chart.yaml appVersion - uses: mikefarah/yq@v4.34.2 + uses: mikefarah/yq@v4.35.2 with: cmd: yq -i eval '.appVersion = "${{ github.ref_name }}"' charts/irs-helm/Chart.yaml - name: Update Chart.yaml version - uses: mikefarah/yq@v4.34.2 + uses: mikefarah/yq@v4.35.2 with: cmd: yq -i eval '.version = "${{ env.HELM_VERSION }}"' charts/irs-helm/Chart.yaml diff --git a/.github/workflows/spectral.yaml b/.github/workflows/spectral.yaml index 4cb95de87b..79e3e0d111 100644 --- a/.github/workflows/spectral.yaml +++ b/.github/workflows/spectral.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: # Check out the repository - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 # Run Spectral - uses: stoplightio/spectral-action@latest diff --git a/.github/workflows/spotbugs.yml b/.github/workflows/spotbugs.yml index 59d448bd49..494513a954 100644 --- a/.github/workflows/spotbugs.yml +++ b/.github/workflows/spotbugs.yml @@ -29,7 +29,7 @@ jobs: name: spotbugs-check steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/swagger-editor-validate.yml b/.github/workflows/swagger-editor-validate.yml index 6853f4d2fc..1dd027c847 100644 --- a/.github/workflows/swagger-editor-validate.yml +++ b/.github/workflows/swagger-editor-validate.yml @@ -15,7 +15,7 @@ jobs: name: Swagger Editor Validator Remote steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Validate OpenAPI definition uses: char0n/swagger-editor-validate@v1 with: diff --git a/.github/workflows/synch-env-branch.yml b/.github/workflows/synch-env-branch.yml index f5b87320d0..3388e510d0 100644 --- a/.github/workflows/synch-env-branch.yml +++ b/.github/workflows/synch-env-branch.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Merge main into catena-x-environments run: | diff --git a/.github/workflows/tavern-integration.yml b/.github/workflows/tavern-integration.yml index d534c50cac..0e243f3fdc 100644 --- a/.github/workflows/tavern-integration.yml +++ b/.github/workflows/tavern-integration.yml @@ -43,7 +43,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup python uses: actions/setup-python@v4 diff --git a/.github/workflows/tavern.yml b/.github/workflows/tavern.yml index d41dd2481d..825e0eab82 100644 --- a/.github/workflows/tavern.yml +++ b/.github/workflows/tavern.yml @@ -45,7 +45,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup python uses: actions/setup-python@v4 diff --git a/.github/workflows/trivy-docker-hub-scan.yml b/.github/workflows/trivy-docker-hub-scan.yml index 1cf40378c2..a5c186afa9 100644 --- a/.github/workflows/trivy-docker-hub-scan.yml +++ b/.github/workflows/trivy-docker-hub-scan.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/trivy-image-scan.yml b/.github/workflows/trivy-image-scan.yml index fcde93dfa4..0acd9c7e1a 100644 --- a/.github/workflows/trivy-image-scan.yml +++ b/.github/workflows/trivy-image-scan.yml @@ -36,10 +36,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . push: true diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index ced51141a0..0dafa7fea6 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index d1f62c1d47..1e1bef3f0a 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/xray-cucumber-integration.yaml b/.github/workflows/xray-cucumber-integration.yaml index 1ac7111cfa..b08b96bf94 100644 --- a/.github/workflows/xray-cucumber-integration.yaml +++ b/.github/workflows/xray-cucumber-integration.yaml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3