diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0d36108..3a47a38 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,9 +19,9 @@ jobs: name: Lint & Type Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.11" cache: "pip" @@ -46,9 +46,9 @@ jobs: os: [ubuntu-latest, windows-latest] python-version: ["3.10", "3.11", "3.12"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} cache: "pip" @@ -60,7 +60,7 @@ jobs: run: | pytest --cov=src/ngd --cov-report=xml --cov-fail-under=80 - name: Upload coverage - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v7 with: files: ./coverage.xml flags: unittests @@ -70,9 +70,9 @@ jobs: name: Security Scan runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.11" cache: "pip" @@ -86,16 +86,16 @@ jobs: - name: Bandit run: bandit -r src/ -f json -o bandit-report.json || true - name: Gitleaks - uses: gitleaks/gitleaks-action@v2 + uses: gitleaks/gitleaks-action@v3 build-wheel: name: Build Wheel needs: [lint-and-type, test, security] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.11" cache: "pip" @@ -108,7 +108,7 @@ jobs: - name: Check wheel run: twine check dist/* - name: Upload artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: dist path: dist/ @@ -124,7 +124,7 @@ jobs: needs: build-wheel runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install cyclonedx-bom run: pip install cyclonedx-bom - name: Prepare dist directory @@ -133,7 +133,7 @@ jobs: run: | cyclonedx-bom -o dist/sbom.json . - name: Upload SBOM - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom path: dist/sbom.json @@ -163,9 +163,9 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Download artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: path: dist/ - name: Verify signatures diff --git a/.github/workflows/cibw.yml b/.github/workflows/cibw.yml index d6120f7..a6c22e5 100644 --- a/.github/workflows/cibw.yml +++ b/.github/workflows/cibw.yml @@ -27,9 +27,9 @@ jobs: - python: "cp312" arch: ARM64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.11" - name: Install cibuildwheel @@ -42,7 +42,7 @@ jobs: CIBW_TEST_SKIP: "*" CIBW_ENVIRONMENT_WINDOWS: "CIBW_BUILD_VERBOSITY=1" - name: Upload wheels - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: windows-wheels path: wheelhouse/ diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index 3c2c631..e635461 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2 + uses: dependabot/fetch-metadata@v3 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Enable auto-merge for patch/minor updates @@ -35,7 +35,7 @@ jobs: PR_URL: ${{ github.event.pull_request.html_url }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run CI on Dependabot PR - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const pr = context.payload.pull_request; diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bd51d85..ffec3a1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,11 +29,11 @@ jobs: outputs: version: ${{ steps.extract_version.outputs.version }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.10' - name: Install build dependencies @@ -69,13 +69,13 @@ jobs: pip install cyclonedx-bom cyclonedx-py environment --pyproject pyproject.toml -o sbom.json - name: Upload SBOM - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom path: sbom.json retention-days: 90 - name: Upload dist artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: dist path: dist/ @@ -88,7 +88,7 @@ jobs: if: github.event_name != 'workflow_dispatch' || github.event.inputs.dry_run != 'true' steps: - name: Download dist artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: dist path: dist/ @@ -107,13 +107,13 @@ jobs: cosign attest-blob --yes --bundle dist/*.whl.attestation.sig dist/*.whl cosign attest-blob --yes --bundle dist/*.tar.gz.attestation.sig dist/*.tar.gz - name: Upload signatures and attestations - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: signatures path: dist/*.sig retention-days: 90 - name: Upload attestations - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: attestations path: dist/*.attestation.sig @@ -129,12 +129,12 @@ jobs: id-token: write steps: - name: Download dist artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: dist path: dist/ - name: Download signatures - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: signatures path: dist/ @@ -150,27 +150,27 @@ jobs: if: github.event_name != 'workflow_dispatch' || github.event.inputs.dry_run != 'true' steps: - name: Download dist artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: dist path: dist/ - name: Download signatures - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: signatures path: dist/ - name: Download attestations - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: attestations path: dist/ - name: Download SBOM - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: sbom path: . - name: Create Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@v3 with: tag_name: v${{ needs.build.outputs.version }} name: nvidia-gratitude-driver v${{ needs.build.outputs.version }} diff --git a/.github/workflows/submission-review.yml b/.github/workflows/submission-review.yml index 92a058f..fa287ce 100644 --- a/.github/workflows/submission-review.yml +++ b/.github/workflows/submission-review.yml @@ -14,10 +14,10 @@ jobs: name: Code, Tests, and Security runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.11" cache: pip