chore: update cicd packages

.github/workflows/build.yml

@@ -8,7 +8,7 @@ on:
       - version-*
   schedule:
     # Build the image regularly (each Friday)
-    - cron: '23 04 * * 5'
+    - cron: "23 04 * * 5"
 
 env:
   REGISTRY: ghcr.io
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v6
 
       - name: Extract version for tags
         run: |
@@ -37,16 +37,14 @@ jobs:
 
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@main
-        with:
-          cosign-release: 'v2.2.2'
+        uses: sigstore/cosign-installer@v4.1.1
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to registry
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v4
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.repository_owner }}
@@ -54,7 +52,7 @@ jobs:
 
       - name: Set Docker metadata
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v6
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -64,7 +62,7 @@ jobs:
 
       - name: Build and export Docker image to Docker
         id: build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v7
         with:
           load: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing
@@ -80,7 +78,7 @@ jobs:
       - name: Push Docker image
         id: push
         if: github.event_name != 'pull_request'
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v7
         with:
           context: .
           push: true

.github/workflows/scan.yml

@@ -3,7 +3,7 @@ name: scan
 on:
   schedule:
     # Scan the image regularly (once a day)
-    - cron: '45 03 * * *'
+    - cron: "45 03 * * *"
 
 jobs:
   build:
@@ -11,19 +11,19 @@ jobs:
     runs-on: "ubuntu-24.04"
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
-          image-ref: 'ghcr.io/${{ github.actor }}/nextcloud'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          image-ref: "ghcr.io/${{ github.actor }}/nextcloud"
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
           vuln-type: "os"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"