EO-DataHub · figi44 · Dec 12, 2025 · Dec 11, 2025 · Dec 11, 2025 · Dec 11, 2025
diff --git a/.github/workflows/docker-image-to-aws-ecr.yaml b/.github/workflows/docker-image-to-aws-ecr.yaml
@@ -44,7 +44,7 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check tag
         run: echo ${{ inputs.IMAGE_TAG }}

diff --git a/.github/workflows/ecr-publish.yaml b/.github/workflows/ecr-publish.yaml
@@ -19,6 +19,11 @@ on:
         description: AWS ECR alias, e.g. a1b2c3d4
         required: true
         type: string
+      BUILD_CONTEXT:
+        description: Docker build context path
+        required: false
+        type: string
+        default: '.'
 
 jobs:
   docker:
@@ -29,13 +34,13 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check tag
         run: echo ${{ inputs.IMAGE_TAG }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{ inputs.AWS_ROLE_ARN }}
           aws-region: us-east-1 # This is the region for the public ECR
@@ -58,6 +63,7 @@ jobs:
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
+          context: ${{ inputs.BUILD_CONTEXT }}
           push: true
           tags: ${{ steps.login-ecr-public.outputs.registry }}/${{ inputs.AWS_ECR_ALIAS }}/${{ inputs.IMAGE_NAME }}:${{ inputs.IMAGE_TAG }}
           build-args: |

diff --git a/.github/workflows/go-build.yaml b/.github/workflows/go-build.yaml
@@ -34,7 +34,7 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v5
         with:
           go-version: ${{ inputs.go-version }}
@@ -46,7 +46,7 @@ jobs:
     name: Build and test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v5
         with:
           go-version: ${{ inputs.go-version }}
@@ -81,7 +81,7 @@ jobs:
     needs: test
     if: always()
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions/download-artifact@v4
         with:
           name: cover.out

diff --git a/.github/workflows/pre-commit-go.yaml b/.github/workflows/pre-commit-go.yaml
@@ -6,6 +6,6 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: actions/setup-go@v2
     - uses: pre-commit/action@v3.0.1
diff --git a/.github/workflows/pre-commit-node.yaml b/.github/workflows/pre-commit-node.yaml
@@ -6,7 +6,7 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: actions/setup-node@v2
       with:
         node-version: '14'

diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -6,6 +6,6 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: actions/setup-python@v5
     - uses: pre-commit/action@v3.0.1
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Write Trivy config file
         run: |
@@ -34,13 +34,19 @@ jobs:
           EOF
 
       - name: Security check - Trivy
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.33.1
         with:
           scan-type: 'fs'
           scan-ref: '.'
           severity: 'MEDIUM,CRITICAL,HIGH'
           exit-code: '1'
           trivy-config: 'trivy.conf'
+          format: 'table'
+          output: 'trivy-results.txt'
+
+      - name: Print Trivy results
+        if: always()
+        run: cat trivy-results.txt
 
 
   semgrep:
@@ -50,5 +56,5 @@ jobs:
     container:
       image: semgrep/semgrep
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - run: semgrep scan --config auto
diff --git a/.github/workflows/unit-tests-go.yaml b/.github/workflows/unit-tests-go.yaml
@@ -9,7 +9,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up go
         uses: actions/setup-go@v2

diff --git a/.github/workflows/unit-tests-python-uv.yaml b/.github/workflows/unit-tests-python-uv.yaml
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - name: Install uv
         uses: astral-sh/setup-uv@v6

diff --git a/.github/workflows/unit-tests-python.yaml b/.github/workflows/unit-tests-python.yaml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Python
         uses: actions/setup-python@v5

diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
       - uses: actions/setup-python@v3
 
       - name: Copy config