From 64a79388e1f9e255cb28c6b567b90dca20904346 Mon Sep 17 00:00:00 2001
From: Dusan Figala <dusan@oxidian.com>
Date: Thu, 11 Dec 2025 17:57:31 +0100
Subject: [PATCH 1/4] Add docker build context input

---
 .github/workflows/ecr-publish.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/ecr-publish.yaml b/.github/workflows/ecr-publish.yaml
index a49e030..2da4e0e 100644
--- a/.github/workflows/ecr-publish.yaml
+++ b/.github/workflows/ecr-publish.yaml
@@ -19,6 +19,11 @@ on:
         description: AWS ECR alias, e.g. a1b2c3d4
         required: true
         type: string
+      BUILD_CONTEXT:
+        description: Docker build context path
+        required: false
+        type: string
+        default: '.'
 
 jobs:
   docker:
@@ -58,6 +63,7 @@ jobs:
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
+          context: ${{ inputs.BUILD_CONTEXT }}
           push: true
           tags: ${{ steps.login-ecr-public.outputs.registry }}/${{ inputs.AWS_ECR_ALIAS }}/${{ inputs.IMAGE_NAME }}:${{ inputs.IMAGE_TAG }}
           build-args: |

From 6a68a60b6606c8da83e2d4a3a838f1a4358321fa Mon Sep 17 00:00:00 2001
From: Dusan Figala <dusan@oxidian.com>
Date: Thu, 11 Dec 2025 18:00:23 +0100
Subject: [PATCH 2/4] Update actions to latest major versions

---
 .github/workflows/ecr-publish.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ecr-publish.yaml b/.github/workflows/ecr-publish.yaml
index 2da4e0e..e6f863c 100644
--- a/.github/workflows/ecr-publish.yaml
+++ b/.github/workflows/ecr-publish.yaml
@@ -34,13 +34,13 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check tag
         run: echo ${{ inputs.IMAGE_TAG }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{ inputs.AWS_ROLE_ARN }}
           aws-region: us-east-1 # This is the region for the public ECR

From d574b4fe2d3739f78be5ee98367d19a3d4ffb201 Mon Sep 17 00:00:00 2001
From: Dusan Figala <dusan@oxidian.com>
Date: Thu, 11 Dec 2025 18:18:25 +0100
Subject: [PATCH 3/4] Output trivy results

---
 .github/workflows/security.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 665c7c3..ff00d47 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -34,13 +34,19 @@ jobs:
           EOF
 
       - name: Security check - Trivy
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.33.1
         with:
           scan-type: 'fs'
           scan-ref: '.'
           severity: 'MEDIUM,CRITICAL,HIGH'
           exit-code: '1'
           trivy-config: 'trivy.conf'
+          format: 'table'
+          output: 'trivy-results.txt'
+
+      - name: Print Trivy results
+        if: always()
+        run: cat trivy-results.txt
 
 
   semgrep:

From 1aecd2780cbbddf00c4b3c870ea87881f56b9966 Mon Sep 17 00:00:00 2001
From: Dusan Figala <dusan@oxidian.com>
Date: Thu, 11 Dec 2025 18:18:39 +0100
Subject: [PATCH 4/4] Bump actions/checkout to v6

---
 .github/workflows/docker-image-to-aws-ecr.yaml | 2 +-
 .github/workflows/go-build.yaml                | 6 +++---
 .github/workflows/pre-commit-go.yaml           | 2 +-
 .github/workflows/pre-commit-node.yaml         | 2 +-
 .github/workflows/pre-commit.yaml              | 2 +-
 .github/workflows/security.yaml                | 4 ++--
 .github/workflows/unit-tests-go.yaml           | 2 +-
 .github/workflows/unit-tests-python-uv.yaml    | 2 +-
 .github/workflows/unit-tests-python.yaml       | 2 +-
 README.md                                      | 2 +-
 10 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/docker-image-to-aws-ecr.yaml b/.github/workflows/docker-image-to-aws-ecr.yaml
index 6b30f44..85612c6 100644
--- a/.github/workflows/docker-image-to-aws-ecr.yaml
+++ b/.github/workflows/docker-image-to-aws-ecr.yaml
@@ -44,7 +44,7 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check tag
         run: echo ${{ inputs.IMAGE_TAG }}
diff --git a/.github/workflows/go-build.yaml b/.github/workflows/go-build.yaml
index cf46ca2..2a5b3c7 100644
--- a/.github/workflows/go-build.yaml
+++ b/.github/workflows/go-build.yaml
@@ -34,7 +34,7 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v5
         with:
           go-version: ${{ inputs.go-version }}
@@ -46,7 +46,7 @@ jobs:
     name: Build and test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v5
         with:
           go-version: ${{ inputs.go-version }}
@@ -81,7 +81,7 @@ jobs:
     needs: test
     if: always()
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions/download-artifact@v4
         with:
           name: cover.out
diff --git a/.github/workflows/pre-commit-go.yaml b/.github/workflows/pre-commit-go.yaml
index eabc66b..7c4bd99 100644
--- a/.github/workflows/pre-commit-go.yaml
+++ b/.github/workflows/pre-commit-go.yaml
@@ -6,6 +6,6 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: actions/setup-go@v2
     - uses: pre-commit/action@v3.0.1
diff --git a/.github/workflows/pre-commit-node.yaml b/.github/workflows/pre-commit-node.yaml
index d04e7a5..350232c 100644
--- a/.github/workflows/pre-commit-node.yaml
+++ b/.github/workflows/pre-commit-node.yaml
@@ -6,7 +6,7 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: actions/setup-node@v2
       with:
         node-version: '14'
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
index 2797c2d..2f48ef1 100644
--- a/.github/workflows/pre-commit.yaml
+++ b/.github/workflows/pre-commit.yaml
@@ -6,6 +6,6 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: actions/setup-python@v5
     - uses: pre-commit/action@v3.0.1
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index ff00d47..ad212bb 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Write Trivy config file
         run: |
@@ -56,5 +56,5 @@ jobs:
     container:
       image: semgrep/semgrep
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - run: semgrep scan --config auto
\ No newline at end of file
diff --git a/.github/workflows/unit-tests-go.yaml b/.github/workflows/unit-tests-go.yaml
index 80f2f83..e48f92d 100644
--- a/.github/workflows/unit-tests-go.yaml
+++ b/.github/workflows/unit-tests-go.yaml
@@ -9,7 +9,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up go
         uses: actions/setup-go@v2
diff --git a/.github/workflows/unit-tests-python-uv.yaml b/.github/workflows/unit-tests-python-uv.yaml
index bc83305..23100c3 100644
--- a/.github/workflows/unit-tests-python-uv.yaml
+++ b/.github/workflows/unit-tests-python-uv.yaml
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - name: Install uv
         uses: astral-sh/setup-uv@v6
diff --git a/.github/workflows/unit-tests-python.yaml b/.github/workflows/unit-tests-python.yaml
index 42ea7a0..10d1265 100644
--- a/.github/workflows/unit-tests-python.yaml
+++ b/.github/workflows/unit-tests-python.yaml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Python
         uses: actions/setup-python@v5
diff --git a/README.md b/README.md
index de8bec5..10bf78a 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
       - uses: actions/setup-python@v3
 
       - name: Copy config