diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6105ab37a..84eda1b2a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,7 +30,7 @@ jobs: fetch-depth: '0' - name: Setup PHP, with composer and extensions - uses: shivammathur/setup-php@2.35.3 + uses: shivammathur/setup-php@2.35.5 with: php-version: '8.4' tools: composer:v2 @@ -40,7 +40,7 @@ jobs: run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - name: Cache composer dependencies - uses: actions/cache@v4.2.4 + uses: actions/cache@v4.3.0 with: path: ${{ steps.composer-cache.outputs.CACHE_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} @@ -75,7 +75,7 @@ jobs: fetch-depth: '0' - name: Setup PHP, with composer and extensions - uses: shivammathur/setup-php@2.35.3 + uses: shivammathur/setup-php@2.35.5 with: php-version: '8.4' tools: composer:v2 @@ -85,7 +85,7 @@ jobs: run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - name: Cache composer dependencies - uses: actions/cache@v4.2.4 + uses: actions/cache@v4.3.0 with: path: ${{ steps.composer-cache.outputs.CACHE_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} @@ -130,7 +130,7 @@ jobs: fetch-depth: '0' - name: Setup PHP, with composer and extensions - uses: shivammathur/setup-php@2.35.3 + uses: shivammathur/setup-php@2.35.5 with: php-version: '8.4' tools: composer:v2 @@ -140,7 +140,7 @@ jobs: run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - name: Cache composer dependencies - uses: actions/cache@v4.2.4 + uses: actions/cache@v4.3.0 with: path: ${{ steps.composer-cache.outputs.CACHE_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} @@ -185,13 +185,13 @@ jobs: run: make phpinsights - name: Archive Psalm results (psalm.json) - uses: actions/upload-artifact@v4.6.1 + uses: actions/upload-artifact@v5 with: name: psalm.json path: ./build/psalm.json - name: Archive `phploc` results (phploc.json) - uses: actions/upload-artifact@v4.6.1 + uses: actions/upload-artifact@v5 with: name: phploc.json path: ./build/phploc.json @@ -221,7 +221,7 @@ jobs: fetch-depth: '0' - name: Setup PHP, with composer and extensions - uses: shivammathur/setup-php@2.35.3 + uses: shivammathur/setup-php@2.35.5 with: php-version: '8.4' extensions: pdo_mysql, mysql @@ -233,7 +233,7 @@ jobs: run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - name: Cache composer dependencies - uses: actions/cache@v4.2.4 + uses: actions/cache@v4.3.0 with: path: ${{ steps.composer-cache.outputs.CACHE_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} @@ -288,7 +288,7 @@ jobs: COVERALLS_RUN_LOCALLY: 1 - name: SonarQube Scan (https://sonarcloud.io/dashboard?id=github.com.tarlepp.symfony-flex-backend) - uses: SonarSource/sonarqube-scan-action@v5.3.0 + uses: SonarSource/sonarqube-scan-action@v6.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # https://github.com/SonarSource/sonarqube-scan-action?tab=readme-ov-file#environment-variables @@ -297,25 +297,25 @@ jobs: run: make phpmetrics - name: Archive code coverage results (clover.xml) - uses: actions/upload-artifact@v4.6.1 + uses: actions/upload-artifact@v5 with: name: clover.xml path: ./build/logs/clover.xml - name: Archive code coverage results (junit.xml) - uses: actions/upload-artifact@v4.6.1 + uses: actions/upload-artifact@v5 with: name: junit.xml path: ./build/logs/junit.xml - name: Archive Code Coverage - uses: actions/upload-artifact@v4.6.1 + uses: actions/upload-artifact@v5 with: name: CodeCoverage path: ./build/report - name: Archive PhpMetrics results - uses: actions/upload-artifact@v4.6.1 + uses: actions/upload-artifact@v5 with: name: PhpMetrics path: ./build/phpmetrics @@ -369,7 +369,7 @@ jobs: run: docker build . --file Dockerfile --tag symfony-flex-backend:${{ steps.vars.outputs.DOCKER_TAG }} - name: Scan Docker image with Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.32.0 + uses: aquasecurity/trivy-action@0.33.1 with: image-ref: 'symfony-flex-backend:${{ steps.vars.outputs.DOCKER_TAG }}' format: 'table' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c09473c6a..c881b8e2a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -40,7 +40,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@v2.4.2 + uses: ossf/scorecard-action@v2.4.3 with: results_file: results.sarif results_format: sarif @@ -62,7 +62,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: SARIF file path: results.sarif @@ -70,6 +70,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 2eddd8ec8..5c5f68ae1 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -21,7 +21,7 @@ jobs: run: docker build . --file Dockerfile --tag symfony-flex-backend:master - name: Scan image with Trivy - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.33.1 with: image-ref: symfony-flex-backend:master ignore-unfixed: 'true'