ci: upgrade workflow actions version

gisaia · Dec 13, 2024 · 2bd66fa · 2bd66fa
1 parent d608424
commit 2bd66fa
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 11 deletions.
diff --git a/.github/workflows/.trivyignore b/.github/workflows/.trivyignore
@@ -1,7 +1,8 @@
 # update org.yaml:snakeyaml to 2.0
-CVE-2022-1471
-CVE-2023-6378
-CVE-2023-6481
+CVE-2023-45853
 CVE-2023-52425
 CVE-2023-25193
-CVE-2023-45853
+CVE-2024-45492
+CVE-2024-52533
+# need keycloak dependency update to 26.0.6
+CVE-2024-10039
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -6,16 +6,16 @@ jobs:
   integration-tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4.1.4
     - name: Cache Maven # From https://github.com/actions/cache/blob/main/examples.md
-      uses: actions/cache@v2
+      uses: actions/cache@v4.0.2
       with:
         path: ~/.m2/repository
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
         restore-keys: |
           ${{ runner.os }}-maven-
     - name: Set up JDK 17
-      uses: actions/setup-java@v2
+      uses: actions/setup-java@v4
       with:
         java-version: '17'
         distribution: 'adopt'

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -8,14 +8,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4.1.4
 
     - name: Build an image from Dockerfile
       run: |
         docker build -f docker/docker-files/Dockerfile -t docker.io/gisaia/arlas-tagger:${{ github.sha }} .
 
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@master
+      env:
+        TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+        TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
       with:
         image-ref: 'docker.io/gisaia/arlas-tagger:${{ github.sha }}'
         format: 'table'

diff --git a/docker/docker-files/Dockerfile b/docker/docker-files/Dockerfile
@@ -17,7 +17,7 @@ RUN mvn install \
 ###################
 # PACKAGING STAGE #
 ###################
-FROM gisaia/arlas-openjdk-17-distroless:20240821142139
+FROM gisaia/arlas-openjdk-17-distroless:20240926175122
 
 # application placed into /opt/app
 WORKDIR /opt/app

diff --git a/docker/docker-files/Dockerfile-package-only b/docker/docker-files/Dockerfile-package-only
@@ -1,7 +1,7 @@
 ###################
 # PACKAGING STAGE #
 ###################
-FROM gisaia/arlas-openjdk-17-distroless:20240505183515
+FROM gisaia/arlas-openjdk-17-distroless:20240926175122
 
 # application placed into /opt/app
 WORKDIR /opt/app

diff --git a/pom.xml b/pom.xml
@@ -23,7 +23,7 @@
         <surefire.version>2.22.2</surefire.version>
         <log4j.version>2.23.1</log4j.version>
 
-        <arlas-server.version>26.0.0</arlas-server.version>
+        <arlas-server.version>26.0.6</arlas-server.version>
         <!-- KAFKA-->
         <kafka.version>3.7.0</kafka.version>