diff --git a/.github/workflows/actions-update.yml b/.github/workflows/actions-update.yml index 51fd019..9013c4b 100644 --- a/.github/workflows/actions-update.yml +++ b/.github/workflows/actions-update.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 with: # [Required] Access token with `workflow` scope. token: ${{ secrets.WORKFLOW_TOKEN }} diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml index 219fc88..b861077 100644 --- a/.github/workflows/code-scan.yml +++ b/.github/workflows/code-scan.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checking out - uses: actions/checkout@master + uses: actions/checkout@v4.2.2 with: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 - name: SonarQube Scan - uses: sonarsource/sonarqube-scan-action@v3 + uses: sonarsource/sonarqube-scan-action@v4.1.0 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} @@ -28,7 +28,7 @@ jobs: # Check the Quality Gate status. - name: SonarQube Quality Gate check id: sonarqube-quality-gate-check - uses: sonarsource/sonarqube-quality-gate-action@master + uses: sonarsource/sonarqube-quality-gate-action@v1.1.0 # Force to fail step after specific time. timeout-minutes: 5 env: diff --git a/.github/workflows/dbmisvc-app-deploy.yml b/.github/workflows/dbmisvc-app-deploy.yml index 1eda739..e7642ba 100644 --- a/.github/workflows/dbmisvc-app-deploy.yml +++ b/.github/workflows/dbmisvc-app-deploy.yml @@ -52,15 +52,15 @@ jobs: released: ${{ steps.semantic.outputs.new_release_published }} channel: ${{ steps.semantic.outputs.new_release_channel }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 - name: Set up Python 3.11 - uses: actions/setup-python@v5 + uses: actions/setup-python@v5.3.0 with: python-version: 3.11 - name: Install Python packages run: | python -m pip install --upgrade pip - - uses: cycjimmy/semantic-release-action@v4 + - uses: cycjimmy/semantic-release-action@v4.1.1 id: semantic env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} @@ -89,7 +89,7 @@ jobs: git checkout ${{ needs.metadata.outputs.branch }} - name: Configure AWS credentials if: steps.semantic.outputs.new_release_published == 'true' || inputs.force - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v4.0.2 with: aws-region: ${{ env.AWS_REGION }} role-to-assume: ${{ inputs.role }} @@ -101,7 +101,7 @@ jobs: run: git rev-parse HEAD > COMMIT - name: Zip artifacts if: steps.semantic.outputs.new_release_published == 'true' || inputs.force - uses: thedoctor0/zip-release@master + uses: thedoctor0/zip-release@0.7.6 with: type: "zip" filename: "${{ inputs.filename }}" diff --git a/.github/workflows/requirements-update.yml b/.github/workflows/requirements-update.yml index b57c1f6..75b0290 100644 --- a/.github/workflows/requirements-update.yml +++ b/.github/workflows/requirements-update.yml @@ -60,12 +60,12 @@ jobs: echo "dev_requirements=${DEV_REQUIREMENTS:-"dev-requirements.txt"}" >> "$GITHUB_OUTPUT" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 with: ref: ${{ steps.set_input_values.outputs.base_branch }} - name: Setup python - uses: actions/setup-python@v5 + uses: actions/setup-python@v5.3.0 with: python-version: ${{ steps.set_input_values.outputs.python_version }} @@ -83,7 +83,7 @@ jobs: ${{ steps.set_input_values.outputs.requirements_input }} - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@v7.0.5 with: token: ${{ secrets.GH_TOKEN }} base: ${{ steps.set_input_values.outputs.base_branch }} diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 4a6b0c8..43adf36 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -22,13 +22,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v3.7.1 - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@v3.3.0 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} @@ -44,7 +44,7 @@ jobs: - name: Build the image id: buildimage - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6.10.0 with: load: true context: ./ @@ -53,7 +53,7 @@ jobs: tags: ${{ steps.setimagename.outputs.imagename }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.29.0 env: TRIVY_DB_REPOSITORY: "aquasec/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2" TRIVY_JAVA_DB_REPOSITORY: "aquasec/trivy-java-db:1,public.ecr.aws/aquasecurity/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1" diff --git a/.github/workflows/test-image-build.yml b/.github/workflows/test-image-build.yml index b9700fe..f4905bb 100644 --- a/.github/workflows/test-image-build.yml +++ b/.github/workflows/test-image-build.yml @@ -22,13 +22,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v3.7.1 - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@v3.3.0 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} @@ -44,7 +44,7 @@ jobs: - name: Build the image id: buildimage - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6.10.0 with: context: ./ file: ./Dockerfile