From 2bd66fa986cb5d325d7674e8e34262b82bc33e7a Mon Sep 17 00:00:00 2001
From: Sebastien Bousquet <sebastien.bousquet@gisaia.com>
Date: Thu, 12 Dec 2024 11:39:43 +0100
Subject: [PATCH] ci: upgrade workflow actions version

---
 .github/workflows/.trivyignore              | 9 +++++----
 .github/workflows/tests.yaml                | 6 +++---
 .github/workflows/trivy.yaml                | 5 ++++-
 docker/docker-files/Dockerfile              | 2 +-
 docker/docker-files/Dockerfile-package-only | 2 +-
 pom.xml                                     | 2 +-
 6 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/.trivyignore b/.github/workflows/.trivyignore
index a6bee9e..291f0a8 100644
--- a/.github/workflows/.trivyignore
+++ b/.github/workflows/.trivyignore
@@ -1,7 +1,8 @@
 # update org.yaml:snakeyaml to 2.0
-CVE-2022-1471
-CVE-2023-6378
-CVE-2023-6481
+CVE-2023-45853
 CVE-2023-52425
 CVE-2023-25193
-CVE-2023-45853
\ No newline at end of file
+CVE-2024-45492
+CVE-2024-52533
+# need keycloak dependency update to 26.0.6
+CVE-2024-10039
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index a72b3d4..bbab78b 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -6,16 +6,16 @@ jobs:
   integration-tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4.1.4
     - name: Cache Maven # From https://github.com/actions/cache/blob/main/examples.md
-      uses: actions/cache@v2
+      uses: actions/cache@v4.0.2
       with:
         path: ~/.m2/repository
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
         restore-keys: |
           ${{ runner.os }}-maven-
     - name: Set up JDK 17
-      uses: actions/setup-java@v2
+      uses: actions/setup-java@v4
       with:
         java-version: '17'
         distribution: 'adopt'
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index dde3dbe..ee3843a 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4.1.4
 
     - name: Build an image from Dockerfile
       run: |
@@ -16,6 +16,9 @@ jobs:
 
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@master
+      env:
+        TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+        TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
       with:
         image-ref: 'docker.io/gisaia/arlas-tagger:${{ github.sha }}'
         format: 'table'
diff --git a/docker/docker-files/Dockerfile b/docker/docker-files/Dockerfile
index 558757f..58a26cd 100644
--- a/docker/docker-files/Dockerfile
+++ b/docker/docker-files/Dockerfile
@@ -17,7 +17,7 @@ RUN mvn install \
 ###################
 # PACKAGING STAGE #
 ###################
-FROM gisaia/arlas-openjdk-17-distroless:20240821142139
+FROM gisaia/arlas-openjdk-17-distroless:20240926175122
 
 # application placed into /opt/app
 WORKDIR /opt/app
diff --git a/docker/docker-files/Dockerfile-package-only b/docker/docker-files/Dockerfile-package-only
index 5fc7286..32c874c 100644
--- a/docker/docker-files/Dockerfile-package-only
+++ b/docker/docker-files/Dockerfile-package-only
@@ -1,7 +1,7 @@
 ###################
 # PACKAGING STAGE #
 ###################
-FROM gisaia/arlas-openjdk-17-distroless:20240505183515
+FROM gisaia/arlas-openjdk-17-distroless:20240926175122
 
 # application placed into /opt/app
 WORKDIR /opt/app
diff --git a/pom.xml b/pom.xml
index 7c4f937..9e0dcbb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
         <surefire.version>2.22.2</surefire.version>
         <log4j.version>2.23.1</log4j.version>
 
-        <arlas-server.version>26.0.0</arlas-server.version>
+        <arlas-server.version>26.0.6</arlas-server.version>
         <!-- KAFKA-->
         <kafka.version>3.7.0</kafka.version>