update actions used

Checkmarx · Jan 30, 2024 · 6281e1f · 6281e1f
1 parent 5b1113c
commit 6281e1f
Show file tree

Hide file tree

Showing 45 changed files with 98 additions and 97 deletions.
diff --git a/.github/workflows/alert-update-flags.yaml b/.github/workflows/alert-update-flags.yaml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout project
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 2
       - name: Execute diff and send email

diff --git a/.github/workflows/alert-update-terraform-modules.yaml b/.github/workflows/alert-update-terraform-modules.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Execute diff and send email

diff --git a/.github/workflows/check-apache-license.yaml b/.github/workflows/check-apache-license.yaml
@@ -2,7 +2,7 @@ name: check-apache-license
 on:
   pull_request_target:
     types: [opened, synchronize, edited, reopened]
-    branches: 
+    branches:
       - master
 jobs:
   check-license:
@@ -12,7 +12,7 @@ jobs:
       USERNAME: ${{ github.event.pull_request.user.login }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -51,4 +51,4 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
     - name: Workflow failed
       if: env.CHECK_FAILED == 'true'
-      run: exit 1
+      run: exit 1
diff --git a/.github/workflows/check-go-coverage.yaml b/.github/workflows/check-go-coverage.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set up Go 1.20.x
@@ -26,4 +26,4 @@ jobs:
         if: env.coverage < 80
         run: |
           echo "Go coverage is lower than 80%: ${{ env.coverage }}%"
-          exit 1
+          exit 1
diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml
@@ -14,7 +14,7 @@ jobs:
       color: ${{ steps.testcov.outputs.color }}
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set up Go 1.20.x
@@ -47,7 +47,7 @@ jobs:
     needs: coverage
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: gh-pages
       - name: Configure git commit author

diff --git a/.github/workflows/go-ci-metrics.yaml b/.github/workflows/go-ci-metrics.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
           python-version: "3.x"
@@ -36,7 +36,7 @@ jobs:
     needs: metrics
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: gh-pages
       - name: Configure git commit author

diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml
@@ -19,7 +19,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
       - name: Set up Go 1.20.x
@@ -42,7 +42,7 @@ jobs:
         working-directory: .github/scripts/server-mock
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Cache Docker layers
         uses: actions/cache@v3
         with:
@@ -57,7 +57,7 @@ jobs:
         run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v5.0.0
         with:
           load: true
           context: ./

diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml
@@ -20,7 +20,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
       - name: Set up Go 1.20.x
@@ -43,7 +43,7 @@ jobs:
         working-directory: .github/scripts/server-mock
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Cache Docker layers
         uses: actions/cache@v3
         with:
@@ -55,7 +55,7 @@ jobs:
         run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v5.0.0
         with:
           load: true
           context: ./

diff --git a/.github/workflows/go-generate-antlr-parser.yaml b/.github/workflows/go-generate-antlr-parser.yaml
@@ -12,11 +12,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Build ANTLR image
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v5.0.0
         id: build_antlr_image
         with:
           context: .

diff --git a/.github/workflows/kics-gh-action.yaml b/.github/workflows/kics-gh-action.yaml
@@ -9,7 +9,7 @@ jobs:
   kics-scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Run KICS Scan
         uses: checkmarx/kics-github-action@v1.7.0
         with:

diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout project
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Get current date

diff --git a/.github/workflows/release-commits.yaml b/.github/workflows/release-commits.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Go 1.20.x
         uses: actions/setup-go@v4
         with:

diff --git a/.github/workflows/release-docker-github-actions.yaml b/.github/workflows/release-docker-github-actions.yaml
@@ -13,11 +13,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Check out the tag
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.version }}
       - name: Set up QEMU
@@ -26,14 +26,14 @@ jobs:
           image: tonistiigi/binfmt:latest
           platforms: linux/amd64,linux/arm64
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v2.1.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push Github Action Image to Docker Hub
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v5.0.0
         id: build_gh_action
         with:
           context: .
@@ -46,7 +46,7 @@ jobs:
             SENTRY_DSN=${{ secrets.SENTRY_DSN }}
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
       - name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Export Image Digests

diff --git a/.github/workflows/release-extract-info.yaml b/.github/workflows/release-extract-info.yaml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
           python-version: "3.x"

diff --git a/.github/workflows/release-kics-queries-repo-branch.yaml b/.github/workflows/release-kics-queries-repo-branch.yaml
@@ -10,7 +10,7 @@ jobs:
       REPO_NAME: "kics-queries-repo"
     steps:
     - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Set up Git credentials
       run: |

diff --git a/.github/workflows/sec-checks.yaml b/.github/workflows/sec-checks.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@master
@@ -19,7 +19,8 @@ jobs:
           ignore-unfixed: true
           format: 'sarif'
           output: 'trivy-results.sarif'
-          severity: 'CRITICAL'
+          severity: 'MEDIUM,HIGH,CRITICAL'
+          exit-code: '1'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
@@ -34,14 +35,14 @@ jobs:
         kics-docker: [ "Dockerfile"]
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v5.0.0
         with:
           load: true
           context: ./

diff --git a/.github/workflows/statistics.yaml b/.github/workflows/statistics.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Go 1.20.x
         uses: actions/setup-go@v4
         with:

diff --git a/.github/workflows/update-docs-queries.yaml b/.github/workflows/update-docs-queries.yaml
@@ -16,7 +16,7 @@ jobs:
         uses: styfle/cancel-workflow-action@0.11.0
         with:
           access_token: ${{ github.token }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: actions/setup-python@v4

diff --git a/.github/workflows/update-docs-release.yaml b/.github/workflows/update-docs-release.yaml
@@ -16,7 +16,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Checkout project
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Get release version

diff --git a/.github/workflows/update-infra-version.yaml b/.github/workflows/update-infra-version.yaml
@@ -12,7 +12,7 @@ jobs:
     if: "!github.event.release.prerelease"
     steps:
       - name: Checkout project
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Update Terraform Cloud Integration

diff --git a/.github/workflows/update-install-script.yaml b/.github/workflows/update-install-script.yaml
@@ -13,7 +13,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Checkout project
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Get Godownloader

diff --git a/.github/workflows/validate-arm-samples.yaml b/.github/workflows/validate-arm-samples.yaml
@@ -9,7 +9,7 @@ jobs:
   lint-json-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           persist-credentials: false
       - uses: actions/setup-node@v4

diff --git a/.github/workflows/validate-issues.yaml b/.github/workflows/validate-issues.yaml
@@ -10,20 +10,20 @@ jobs:
       TITLE: ${{ github.event.issue.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         persist-credentials: false
         sparse-checkout: |
           .github/scripts/pr-issue-info/issue-fail.md
           .github/scripts/pr-issue-info/get_title_types.py
           .github/issue-title-types.yaml
-    - name: Set up Python 
+    - name: Set up Python
       uses: actions/setup-python@v4
       with:
         python-version: "3.x"
     - name: Install dependencies
       run: python3 -m pip install --upgrade pip pyyaml
-    - name: Check issue title 
+    - name: Check issue title
       env:
         FILE_PATH: .github/issue-title-types.yaml
       run: |
@@ -69,7 +69,7 @@ jobs:
       TITLE: ${{ github.event.issue.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -120,7 +120,7 @@ jobs:
         if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)" || echo "$BODY" | grep -iqP "steps to reproduce" || echo "$BODY" | grep -iqP "actual behavior" || echo "$BODY" | grep -iqP "expected behavior"; then
           echo "Adding 'bug' label..."
           curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["bug"]}'
-        else 
+        else
           if echo "$LABELS" | grep -q "bug"; then
             echo "Removing 'bug' label..."
             curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/bug
@@ -131,13 +131,13 @@ jobs:
         if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)" || echo "$BODY" | grep -iqP "### Platform" || echo "$BODY" | grep -iqP "### Provider"; then
           echo "Adding 'query' label... "
           curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["query"]}'
-        else 
+        else
           if echo "$LABELS" | grep -q "query"; then
             echo "Removing 'query' label..."
             curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/query
           fi
         fi
-    - name: Set up Python 
+    - name: Set up Python
       uses: actions/setup-python@v4
       with:
         python-version: "3.x"