From f607c77556d1054a059c6dafb2ca1e4afd72be09 Mon Sep 17 00:00:00 2001 From: hoellen Date: Thu, 30 Apr 2026 21:54:11 +0200 Subject: [PATCH] chore: update cicd packages --- .github/workflows/build.yml | 18 ++++++++---------- .github/workflows/scan.yml | 20 ++++++++++---------- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1ccb15b..b357342 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,7 +8,7 @@ on: - version-* schedule: # Build the image regularly (each Friday) - - cron: '23 04 * * 5' + - cron: "23 04 * * 5" env: REGISTRY: ghcr.io @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v6 - name: Extract version for tags run: | @@ -37,16 +37,14 @@ jobs: - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@main - with: - cosign-release: 'v2.2.2' + uses: sigstore/cosign-installer@v4.1.1 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v4 - name: Login to registry if: github.event_name != 'pull_request' - uses: docker/login-action@v1 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.repository_owner }} @@ -54,7 +52,7 @@ jobs: - name: Set Docker metadata id: meta - uses: docker/metadata-action@v3 + uses: docker/metadata-action@v6 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -64,7 +62,7 @@ jobs: - name: Build and export Docker image to Docker id: build - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v7 with: load: true tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing @@ -80,7 +78,7 @@ jobs: - name: Push Docker image id: push if: github.event_name != 'pull_request' - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v7 with: context: . push: true diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 2f1d348..dd05d30 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -3,7 +3,7 @@ name: scan on: schedule: # Scan the image regularly (once a day) - - cron: '45 03 * * *' + - cron: "45 03 * * *" jobs: build: @@ -11,19 +11,19 @@ jobs: runs-on: "ubuntu-24.04" steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v6 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@v0.36.0 with: - image-ref: 'ghcr.io/${{ github.actor }}/nextcloud' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'CRITICAL,HIGH' + image-ref: "ghcr.io/${{ github.actor }}/nextcloud" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "CRITICAL,HIGH" vuln-type: "os" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: 'trivy-results.sarif' + sarif_file: "trivy-results.sarif"