diff --git a/.github/workflows/docker-image-to-aws-ecr.yaml b/.github/workflows/docker-image-to-aws-ecr.yaml index 6b30f44..85612c6 100644 --- a/.github/workflows/docker-image-to-aws-ecr.yaml +++ b/.github/workflows/docker-image-to-aws-ecr.yaml @@ -44,7 +44,7 @@ jobs: contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check tag run: echo ${{ inputs.IMAGE_TAG }} diff --git a/.github/workflows/ecr-publish.yaml b/.github/workflows/ecr-publish.yaml index a49e030..e6f863c 100644 --- a/.github/workflows/ecr-publish.yaml +++ b/.github/workflows/ecr-publish.yaml @@ -19,6 +19,11 @@ on: description: AWS ECR alias, e.g. a1b2c3d4 required: true type: string + BUILD_CONTEXT: + description: Docker build context path + required: false + type: string + default: '.' jobs: docker: @@ -29,13 +34,13 @@ jobs: contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check tag run: echo ${{ inputs.IMAGE_TAG }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ inputs.AWS_ROLE_ARN }} aws-region: us-east-1 # This is the region for the public ECR @@ -58,6 +63,7 @@ jobs: - name: Build and push uses: docker/build-push-action@v6 with: + context: ${{ inputs.BUILD_CONTEXT }} push: true tags: ${{ steps.login-ecr-public.outputs.registry }}/${{ inputs.AWS_ECR_ALIAS }}/${{ inputs.IMAGE_NAME }}:${{ inputs.IMAGE_TAG }} build-args: | diff --git a/.github/workflows/go-build.yaml b/.github/workflows/go-build.yaml index cf46ca2..2a5b3c7 100644 --- a/.github/workflows/go-build.yaml +++ b/.github/workflows/go-build.yaml @@ -34,7 +34,7 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/setup-go@v5 with: go-version: ${{ inputs.go-version }} @@ -46,7 +46,7 @@ jobs: name: Build and test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/setup-go@v5 with: go-version: ${{ inputs.go-version }} @@ -81,7 +81,7 @@ jobs: needs: test if: always() steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/download-artifact@v4 with: name: cover.out diff --git a/.github/workflows/pre-commit-go.yaml b/.github/workflows/pre-commit-go.yaml index eabc66b..7c4bd99 100644 --- a/.github/workflows/pre-commit-go.yaml +++ b/.github/workflows/pre-commit-go.yaml @@ -6,6 +6,6 @@ jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/setup-go@v2 - uses: pre-commit/action@v3.0.1 diff --git a/.github/workflows/pre-commit-node.yaml b/.github/workflows/pre-commit-node.yaml index d04e7a5..350232c 100644 --- a/.github/workflows/pre-commit-node.yaml +++ b/.github/workflows/pre-commit-node.yaml @@ -6,7 +6,7 @@ jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/setup-node@v2 with: node-version: '14' diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 2797c2d..2f48ef1 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -6,6 +6,6 @@ jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/setup-python@v5 - uses: pre-commit/action@v3.0.1 diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 665c7c3..ad212bb 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Write Trivy config file run: | @@ -34,13 +34,19 @@ jobs: EOF - name: Security check - Trivy - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.33.1 with: scan-type: 'fs' scan-ref: '.' severity: 'MEDIUM,CRITICAL,HIGH' exit-code: '1' trivy-config: 'trivy.conf' + format: 'table' + output: 'trivy-results.txt' + + - name: Print Trivy results + if: always() + run: cat trivy-results.txt semgrep: @@ -50,5 +56,5 @@ jobs: container: image: semgrep/semgrep steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - run: semgrep scan --config auto \ No newline at end of file diff --git a/.github/workflows/unit-tests-go.yaml b/.github/workflows/unit-tests-go.yaml index 80f2f83..e48f92d 100644 --- a/.github/workflows/unit-tests-go.yaml +++ b/.github/workflows/unit-tests-go.yaml @@ -9,7 +9,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up go uses: actions/setup-go@v2 diff --git a/.github/workflows/unit-tests-python-uv.yaml b/.github/workflows/unit-tests-python-uv.yaml index bc83305..23100c3 100644 --- a/.github/workflows/unit-tests-python-uv.yaml +++ b/.github/workflows/unit-tests-python-uv.yaml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Install uv uses: astral-sh/setup-uv@v6 diff --git a/.github/workflows/unit-tests-python.yaml b/.github/workflows/unit-tests-python.yaml index 42ea7a0..10d1265 100644 --- a/.github/workflows/unit-tests-python.yaml +++ b/.github/workflows/unit-tests-python.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v5 diff --git a/README.md b/README.md index de8bec5..10bf78a 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v6 - uses: actions/setup-python@v3 - name: Copy config