chore: tidy and bump workflow deps

csatib02 · csatib02 · commit 060c81e22b60 · 2025-02-04T10:48:43.000+01:00
Signed-off-by: Bence Csati &lt;bence.csati@axoflow.com&gt;
diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
@@ -49,21 +49,21 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
+        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
       - name: Set image name
         id: image-name
         run: echo "value=ghcr.io/${{ github.repository }}" >> "$GITHUB_OUTPUT"
 
       - name: Gather build metadata
         id: meta
-        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
         with:
           images: ${{ steps.image-name.outputs.value }}
           flavor: |
@@ -75,15 +75,15 @@ jobs:
       # Multiple exporters are not supported yet
       # See https://github.com/moby/buildkit/pull/2760
       - name: Determine build output
-        uses: haya14busa/action-cond@1d6e8a12b20cdb4f1954feef9aa475b9c390cab5 # v1.1.1
+        uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1
         id: build-output
         with:
           cond: ${{ inputs.publish }}
           if_true: type=image,push=true
           if_false: type=oci,dest=image.tar
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -92,7 +92,7 @@ jobs:
 
       - name: Build and push image
         id: build
-        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
+        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
         with:
           context: .
           platforms: linux/amd64,linux/arm64
@@ -116,21 +116,23 @@ jobs:
           tar -xf image.tar -C image
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # 0.11.2
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
         with:
           input: image
           format: sarif
           output: trivy-results.sarif
 
       - name: Upload Trivy scan results as artifact
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: "[${{ github.job }}] Trivy scan results"
           path: trivy-results.sarif
           retention-days: 5
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: trivy-results.sarif
-
diff --git a/.github/workflows/go-lint-and-test.yml b/.github/workflows/go-lint-and-test.yml
@@ -7,53 +7,64 @@ on:
     branches: [ main ]
 
 jobs:
-  check-license:
-    name: Check licenses
+  license-check:
+    name: License check
     runs-on: ubuntu-latest
+
     steps:
-    - name: Set up Go
-      uses: actions/setup-go@v3
-      with:
-        go-version: '1.23'
-    - name: Check out code
-      uses: actions/checkout@v3
-    - name: Cache licenses
-      uses: actions/cache@v3
-      with:
-        key: licensei-cache-${{ hashFiles('go.sum') }}
-        path: ".licensei.cache"
-        restore-keys: licensei-cache
-    - name: Ensure licensei cache
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-      run: make .licensei.cache
-    - name: Run license check
-      run: make check-license
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Go
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version-file: '.go-version'
+
+      - name: Cache licenses
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          key: licensei-cache-${{ hashFiles('go.sum') }}
+          path: ".licensei.cache"
+          restore-keys: licensei-cache
+
+      - name: Ensure licensei cache
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: make .licensei.cache
+
+      - name: Run license check
+        run: make check-license
 
   run-test:
     name: Go tests
     runs-on: ubuntu-latest
+
     steps:
-    - name: Set up Go
-      uses: actions/setup-go@v3
-      with:
-        go-version: '1.23'
-    - name: Check out code
-      uses: actions/checkout@v3
-    - name: Run tests
-      run: make test
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Go
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version-file: '.go-version'
+
+      - name: Run tests
+        run: make test
 
   run-lint:
     name: Go lint
     runs-on: ubuntu-latest
+
     steps:
-    - name: Set up Go
-      uses: actions/setup-go@v3
-      with:
-        go-version: '1.23'
-    - name: Check out code
-      uses: actions/checkout@v3
-    - name: Run lint
-      run: make lint
-      env:
-        LINTER_FLAGS: '--timeout 5m'
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Go
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version-file: '.go-version'
+
+      - name: Lint
+        run: make lint
+        env:
+          LINTER_FLAGS: '--timeout 5m'
diff --git a/.go-version b/.go-version
@@ -0,0 +1 @@
+1.23.5
diff --git a/Makefile b/Makefile
@@ -11,9 +11,9 @@ GO_LDFLAGS := -X 'main.Version=${GIT_TAG}'
 BIN ?= ${PWD}/bin/${GOOS}/${GOARCH}
 
 LICENSEI := ${BIN}/licensei
-LICENSEI_VERSION = v0.8.0
+LICENSEI_VERSION = v0.9.0
 GOLANGCI_LINT := ${BIN}/golangci-lint
-GOLANGCI_LINT_VERSION := v1.61.0
+GOLANGCI_LINT_VERSION := v1.63.4
 
 .PHONY: fmt
 fmt: ## format Go sources
