diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index afd457e..8c7cc89 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -71,14 +71,14 @@ jobs: - uses: actions/checkout@v6 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 - name: Set up Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Docker meta (tags + labels) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: | ghcr.io/${{ github.repository_owner }}/${{ matrix.image.name }} @@ -91,7 +91,7 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} - name: Build (multi-arch, no push) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: ${{ matrix.image.context }} file: ${{ matrix.image.dockerfile }} @@ -104,7 +104,7 @@ jobs: # Trivy Image Scan (SARIF) - name: Trivy scan - uses: aquasecurity/trivy-action@0.34.1 + uses: aquasecurity/trivy-action@0.35.0 with: scan-type: image image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} @@ -143,11 +143,11 @@ jobs: - uses: actions/checkout@v6 - name: Set up Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 # Build ins lokale Docker laden (kein Push!) - name: Build (no push, load to daemon) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: ${{ matrix.context }} file: ${{ matrix.file }} @@ -157,7 +157,7 @@ jobs: # Trivy scannt das lokale Image (kein GHCR-Pull nötig) - name: Trivy scan (local image) - uses: aquasecurity/trivy-action@0.34.1 + uses: aquasecurity/trivy-action@0.35.0 with: scan-type: image image-ref: ${{ env.LOCAL_TAG }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a6616ec..80feaa0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -106,21 +106,21 @@ jobs: echo "major=$major" >> "$GITHUB_OUTPUT" # 1 - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 - name: Set up Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Docker meta (rebuild tag + aliases) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ghcr.io/${{ github.repository_owner }}/${{ matrix.image.name }} tags: | @@ -133,7 +133,7 @@ jobs: # Pre-build (amd64) zum Scannen, nicht pushen - name: Build (scan image) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: ${{ matrix.image.context }} file: ${{ matrix.image.dockerfile }} @@ -146,7 +146,7 @@ jobs: cache-to: type=gha,mode=max - name: Trivy FS (SARIF) - uses: aquasecurity/trivy-action@0.34.1 + uses: aquasecurity/trivy-action@0.35.0 continue-on-error: true with: scan-type: fs @@ -164,7 +164,7 @@ jobs: category: trivy-fs-rebuild - name: Trivy Image (gate) - uses: aquasecurity/trivy-action@0.34.1 + uses: aquasecurity/trivy-action@0.35.0 with: image-ref: scan:${{ github.sha }} format: table @@ -175,7 +175,7 @@ jobs: - name: Build & Push (multi-arch, overwrite tag) if: ${{ success() }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: ${{ matrix.image.context }} file: ${{ matrix.image.dockerfile }} @@ -209,21 +209,21 @@ jobs: - uses: actions/checkout@v6 - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 - name: Set up Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Docker meta (semver without v + latest) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ghcr.io/${{ github.repository_owner }}/${{ matrix.image.name }} tags: | @@ -237,7 +237,7 @@ jobs: # Pre-build (amd64) zum Scannen - name: Pre-build (load for scan) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: ${{ matrix.image.context }} file: ${{ matrix.image.dockerfile }} @@ -250,7 +250,7 @@ jobs: cache-to: type=gha,mode=max - name: Trivy Image (SARIF) - uses: aquasecurity/trivy-action@0.34.1 + uses: aquasecurity/trivy-action@0.35.0 with: image-ref: scan:${{ github.sha }} format: sarif @@ -259,7 +259,7 @@ jobs: hide-progress: true - name: Trivy Image (enforce severity) - uses: aquasecurity/trivy-action@0.34.1 + uses: aquasecurity/trivy-action@0.35.0 with: image-ref: scan:${{ github.sha }} # severity: CRITICAL,HIGH @@ -269,7 +269,7 @@ jobs: hide-progress: true - name: Build & Push (multi-arch) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: ${{ matrix.image.context }} file: ${{ matrix.image.dockerfile }}