From 27ad3c96293dc153e8f19ed3c132d58534a2480f Mon Sep 17 00:00:00 2001 From: Taras Drozdovskyi Date: Tue, 6 Feb 2024 05:03:52 +0200 Subject: [PATCH] Update 3rd-party components Signed-off-by: Taras Drozdovskyi --- .github/workflows/build.yml | 2 +- .github/workflows/codeql.yml | 6 +-- .github/workflows/fossology-check.yml | 40 ++++--------------- .github/workflows/go-fuzz-test.yml | 2 +- .../lint-vet-gofmt-staticcheck-analysis.yml | 2 +- .github/workflows/publish.yml | 6 +-- .github/workflows/scorecards-analysis.yml | 4 +- .github/workflows/test-suite.yml | 2 +- go.mod | 2 +- 9 files changed, 20 insertions(+), 46 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d7521f90..6d5c28d8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 with: go-version: '1.19' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 36435b1f..abca1051 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,14 +26,14 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 + uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 with: languages: ${{ matrix.language }} - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 with: go-version: '1.19' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 + uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 diff --git a/.github/workflows/fossology-check.yml b/.github/workflows/fossology-check.yml index e0073ca0..3c97a9fa 100644 --- a/.github/workflows/fossology-check.yml +++ b/.github/workflows/fossology-check.yml @@ -1,12 +1,12 @@ name: Fossology check -on: [pull_request] +on: [pull_request, push] -# permissions: -# contents: read +permissions: + contents: read jobs: check-license: - name: Check license + name: Check license, copyright, keyword runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 @@ -19,40 +19,14 @@ jobs: -e GITHUB_REPO_OWNER=${{ github.repository_owner }} \ -e GITHUB_API=${{ github.api_url }} \ -e GITHUB_ACTIONS=true \ - fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo nomos ojo + fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo nomos ojo copyright keyword # Upload artifact - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 + - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 with: name: scan-fossology-report path: ./results # Artifact download - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 with: name: scan-fossology-report - - check-copyright: - name: Check copyright - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: | - docker run --rm --name "fossologyscanner" -w "/opt/repo" -v ${PWD}:/opt/repo \ - -e GITHUB_TOKEN=${{ github.token }} \ - -e GITHUB_PULL_REQUEST=${{ github.event.number }} \ - -e GITHUB_REPOSITORY=${{ github.repository }} \ - -e GITHUB_API=${{ github.api_url }} \ - -e GITHUB_REPO_URL=${{ github.repositoryUrl }} \ - -e GITHUB_REPO_OWNER=${{ github.repository_owner }} \ - -e GITHUB_ACTIONS=true \ - fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo copyright keyword - # Upload artifact - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 - with: - name: scan-fossology-report - path: ./results - - # Artifact download - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - with: - name: scan-fossology-report \ No newline at end of file diff --git a/.github/workflows/go-fuzz-test.yml b/.github/workflows/go-fuzz-test.yml index 4424e759..6f6ac6f2 100644 --- a/.github/workflows/go-fuzz-test.yml +++ b/.github/workflows/go-fuzz-test.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 with: go-version: '1.19' diff --git a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml index bec1aab7..b12f5569 100644 --- a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml +++ b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml @@ -11,7 +11,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 with: go-version: '1.19' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 55fa6b01..684ecd22 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 with: go-version: '1.19' @@ -24,7 +24,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 with: images: lfedge/edge-home-orchestration-go tags: | @@ -45,7 +45,7 @@ jobs: cp configs/defdockerfiles/ubuntu_multistage Dockerfile - name: Build and push - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 with: context: . build-args: TARGETVERSION=v${{ steps.meta.outputs.version }} diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index a1b3f89f..94e8b3b0 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -40,7 +40,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 with: name: SARIF file path: results.sarif @@ -48,6 +48,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 + uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 with: sarif_file: results.sarif diff --git a/.github/workflows/test-suite.yml b/.github/workflows/test-suite.yml index caaee053..010bdf2f 100644 --- a/.github/workflows/test-suite.yml +++ b/.github/workflows/test-suite.yml @@ -15,7 +15,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 with: go-version: '1.19' diff --git a/go.mod b/go.mod index 078d48f1..16322376 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 github.com/golang/mock v1.4.4 github.com/gomodule/redigo v1.8.9 - github.com/gorilla/mux v1.8.0 + github.com/gorilla/mux v1.8.1 github.com/grandcat/zeroconf v1.0.0 github.com/leemcloughlin/logfile v0.0.0-20201123203928-cff1c8a30a10 github.com/pelletier/go-toml v1.9.5