diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 439396a..da83df3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -28,7 +28,7 @@ jobs: - 5000:5000 steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@v4 - name: Set version id: version run: echo "::set-output name=version::`cat build/VERSION`" @@ -37,17 +37,17 @@ jobs: run: if [[ $GITHUB_REF == "refs/heads/master" ]]; then echo "::set-output name=repo::${DOCKER_REPO}"; else echo "::set-output name=repo::${DOCKER_REPO_DEV}"; fi - name: Docker meta id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 + uses: docker/metadata-action@v5 with: images: ${{ steps.repo.outputs.repo }} - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 with: driver-opts: network=host - name: Build image without push to registry - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ./build file: ./build/Dockerfile @@ -56,31 +56,32 @@ jobs: tags: localhost:5000/protonmail-bridge:latest - name: Scan image id: scan - uses: anchore/scan-action@v2 + uses: anchore/scan-action@v4 with: image: localhost:5000/protonmail-bridge:latest fail-build: true severity-cutoff: critical - acs-report-enable: true + output-format: sarif + - name: Upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.scan.outputs.sarif }} - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v3 if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/master' }} with: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/dev' }} with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.CR_PAT }} - name: Push image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ./build file: ./build/Dockerfile diff --git a/.github/workflows/deb.yaml b/.github/workflows/deb.yaml index a529c66..2f5d598 100644 --- a/.github/workflows/deb.yaml +++ b/.github/workflows/deb.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@v4 - name: Set version id: version run: echo "::set-output name=version::`cat deb/VERSION`" @@ -31,13 +31,13 @@ jobs: run: if [[ $GITHUB_REF == "refs/heads/master" ]]; then echo "::set-output name=repo::${DOCKER_REPO}"; else echo "::set-output name=repo::${DOCKER_REPO_DEV}"; fi - name: Docker meta id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 + uses: docker/metadata-action@v5 with: images: ${{ steps.repo.outputs.repo }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Build image without push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ./deb file: ./deb/Dockerfile @@ -45,31 +45,31 @@ jobs: tags: protonmail-bridge:latest - name: Scan image id: scan - uses: anchore/scan-action@v2 + uses: anchore/scan-action@v4 with: image: protonmail-bridge:latest fail-build: true severity-cutoff: critical - acs-report-enable: true + output-format: sarif - name: Upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.scan.outputs.sarif }} - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v3 if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/master' }} with: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/dev' }} with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.CR_PAT }} - name: Push image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ./deb file: ./deb/Dockerfile diff --git a/.github/workflows/mirror.yaml b/.github/workflows/mirror.yaml index 4e2409b..504268c 100644 --- a/.github/workflows/mirror.yaml +++ b/.github/workflows/mirror.yaml @@ -12,7 +12,7 @@ jobs: name: Mirror to Gitee runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Push to Gitee diff --git a/.github/workflows/update-check.yaml b/.github/workflows/update-check.yaml index cb9fe98..42e14d5 100644 --- a/.github/workflows/update-check.yaml +++ b/.github/workflows/update-check.yaml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@v4 with: token: ${{ secrets.PERSONAL_TOKEN }} - name: Check Update