From c17e113eda2e604d0a55ad74d9e087eab3e9fee1 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:28:54 +0200 Subject: [PATCH 01/24] Upgrade acr-login action --- .github/actions/acr-login/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/acr-login/action.yml b/.github/actions/acr-login/action.yml index 4c856968..71587b0b 100644 --- a/.github/actions/acr-login/action.yml +++ b/.github/actions/acr-login/action.yml @@ -21,8 +21,8 @@ runs: using: composite steps: - name: Login to Azure - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 - env: + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # pin@v3.0.0 + env: AZURE_CLIENT_ID: ${{ inputs.client-id }} AZURE_TENANT_ID: ${{ inputs.tenant-id}} AZURE_SUBSCRIPTION_ID: ${{ inputs.subscription-id }} @@ -30,7 +30,7 @@ runs: client-id: ${{ env.AZURE_CLIENT_ID }} tenant-id: ${{ env.AZURE_TENANT_ID }} subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} - + - name: Login to Azure Container Registry id: acr_login shell: bash From 3c1197b90ddf325bac17f583b142bbe7c17cdb68 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:32:56 +0200 Subject: [PATCH 02/24] Upgrade trivy-sbom action --- .github/actions/trivy-sbom/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/trivy-sbom/action.yml b/.github/actions/trivy-sbom/action.yml index d29176f4..a1302e37 100644 --- a/.github/actions/trivy-sbom/action.yml +++ b/.github/actions/trivy-sbom/action.yml @@ -79,7 +79,7 @@ runs: - name: Run Trivy SBOM generation id: trivy-gen - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # pin@v0.36.0 env: TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db:1,public.ecr.aws/aquasecurity/trivy-java-db:1 From 170c7e2382ed7156b5c4fc011e7b3955f64a67a1 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:34:53 +0200 Subject: [PATCH 03/24] Upgrade trivy-scan action --- .github/actions/trivy-scan/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/trivy-scan/action.yml b/.github/actions/trivy-scan/action.yml index 50ed9a61..a755499f 100644 --- a/.github/actions/trivy-scan/action.yml +++ b/.github/actions/trivy-scan/action.yml @@ -140,7 +140,7 @@ runs: - name: Run Trivy vulnerability library scan if: ${{ inputs.library-disable-scan != 'true' }} - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # pin@v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # pin@v0.36.0 id: trivy-library env: TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 @@ -197,7 +197,7 @@ runs: - name: Run Trivy vulnerability OS scan if: ${{ inputs.os-disable-scan != 'true' && inputs.scan-type == 'image'}} - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # pin@v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # pin@v0.36.0 id: trivy-os env: TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 From 2a9db6470aca6018a971fdacfceb3bd29fc93722 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:36:27 +0200 Subject: [PATCH 04/24] Upgrade check-syntax.yml workflow --- .github/workflows/check-syntax.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-syntax.yml b/.github/workflows/check-syntax.yml index a595511b..3180a623 100644 --- a/.github/workflows/check-syntax.yml +++ b/.github/workflows/check-syntax.yml @@ -7,4 +7,4 @@ jobs: runs-on: ubuntu-latest steps: - name: "Run actionlint" - uses: felleslosninger/github-actions/run-actionlint@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/run-actionlint@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 From ecd94ac264963735dc74be8dcb3eb8e4d6a7eac6 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:39:30 +0200 Subject: [PATCH 05/24] Upgrade ci-call-update-image.yml workflow --- .github/workflows/ci-call-update-image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-call-update-image.yml b/.github/workflows/ci-call-update-image.yml index 568d527b..e6337509 100644 --- a/.github/workflows/ci-call-update-image.yml +++ b/.github/workflows/ci-call-update-image.yml @@ -84,7 +84,7 @@ jobs: echo "jira-id=$JIID" >> "$GITHUB_ENV" - name: Get Labels - uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # pin@v2.4.0 + uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # pin@v3.0.0 id: get-labels with: route: GET /repos/${{ github.repository }}/commits/${{ github.sha }}/pulls @@ -162,7 +162,7 @@ jobs: run: npm install @octokit/app@v13.1.8 - name: Generate Token - uses: felleslosninger/github-actions/github-app-token@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/github-app-token@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 id: token with: app-id: ${{ secrets.DIGDIR_PLATFORM_CI_APP_ID }} @@ -190,7 +190,7 @@ jobs: } >> "$GITHUB_STEP_SUMMARY" - name: Call Dispatch To Start Promotion - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # pin@v3.0.0 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # pin@v4.0.1 with: token: ${{ steps.token.outputs.token }} event-type: ${{ inputs.kubernetes-repo-event }} From a5a5a5134b2f8ab906c0351b5b26a5ad60d9980d Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:44:36 +0200 Subject: [PATCH 06/24] Upgrade ci-docker-build-publish-image.yml workflow --- .../workflows/ci-docker-build-publish-image.yml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci-docker-build-publish-image.yml b/.github/workflows/ci-docker-build-publish-image.yml index f41bb56f..df30aee4 100644 --- a/.github/workflows/ci-docker-build-publish-image.yml +++ b/.github/workflows/ci-docker-build-publish-image.yml @@ -117,7 +117,7 @@ jobs: echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Build image run: | @@ -141,17 +141,13 @@ jobs: os-exit-code: "1" trivy-version: ${{ inputs.trivy-version }} - - name: Login to ACR - uses: azure/login@v2 + - name: ACR login + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - run: az acr login --name "$ACR_NAME" - env: - ACR_NAME: ${{ inputs.container-registry }} + acr-name: ${{ inputs.container-registry }} - name: "Push image" run: docker push ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} @@ -191,7 +187,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} From 262157a2febbcd951f0c6caf46f8fed4f5f72d18 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:47:16 +0200 Subject: [PATCH 07/24] Upgrade ci-docker-build-publish-integrasjonspunkt.yml workflow --- .../ci-docker-build-publish-integrasjonspunkt.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml index 54881235..d72d7522 100644 --- a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml @@ -121,12 +121,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 with: fetch-depth: ${{ inputs.fetch-depth }} - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -166,7 +166,7 @@ jobs: trivy-version: ${{ inputs.trivy-version }} - name: Login to GitHub Container Registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # pin@v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # pin@v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -210,7 +210,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} From 9700f442aec6a072ccb45facd9f854f2303bfac1 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:48:40 +0200 Subject: [PATCH 08/24] Upgrade ci-docker-build-scan-integrasjonspunkt.yml workflow --- .../workflows/ci-docker-build-scan-integrasjonspunkt.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml index 922caca0..724f5614 100644 --- a/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml @@ -109,10 +109,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -178,7 +178,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} From 615f8762ca920c763ad291ca46ae9464db7f0467 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:51:11 +0200 Subject: [PATCH 09/24] Upgrade ci-maven-build-lib.yml workflow --- .github/workflows/ci-maven-build-lib.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-maven-build-lib.yml b/.github/workflows/ci-maven-build-lib.yml index f0d7ff41..77125f7f 100644 --- a/.github/workflows/ci-maven-build-lib.yml +++ b/.github/workflows/ci-maven-build-lib.yml @@ -54,7 +54,7 @@ jobs: if: ${{ github.event_name == 'pull_request'}} runs-on: ubuntu-latest steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # pin@v8.0.0 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # pin@v9.0.0 with: script: | const REGEX = new RegExp("^[^…]+$"); // Title must match this regex @@ -106,9 +106,10 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 + - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} From 330987e7591d02839fac36dcb8266c9ef16aad10 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Tue, 12 May 2026 23:52:21 +0200 Subject: [PATCH 10/24] Upgrade ci-maven-build.yml workflow --- .github/workflows/ci-maven-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-maven-build.yml b/.github/workflows/ci-maven-build.yml index 375ec2df..b05980f4 100644 --- a/.github/workflows/ci-maven-build.yml +++ b/.github/workflows/ci-maven-build.yml @@ -54,7 +54,7 @@ jobs: if: ${{ github.event_name == 'pull_request'}} runs-on: ubuntu-latest steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # pin@v8.0.0 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # pin@v9.0.0 with: script: | const REGEX = new RegExp("^[^…]+$"); // Title must match this regex @@ -107,10 +107,10 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} From c8d06d2cd70b00ce82d06f58025076b4215c4470 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 13:57:11 +0200 Subject: [PATCH 11/24] Upgrade ci-maven-deploy.yml workflow --- .github/workflows/ci-maven-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-maven-deploy.yml b/.github/workflows/ci-maven-deploy.yml index 0080fa5e..df9f5985 100644 --- a/.github/workflows/ci-maven-deploy.yml +++ b/.github/workflows/ci-maven-deploy.yml @@ -66,10 +66,10 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} From 05443d89ea8b2c08611a54e714d64f4fb8e26db9 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 14:14:59 +0200 Subject: [PATCH 12/24] Upgrade ci-maven-install-deploy-lib.yml workflow --- .github/workflows/ci-maven-install-deploy-lib.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-maven-install-deploy-lib.yml b/.github/workflows/ci-maven-install-deploy-lib.yml index 1bcfa6b2..909d8296 100644 --- a/.github/workflows/ci-maven-install-deploy-lib.yml +++ b/.github/workflows/ci-maven-install-deploy-lib.yml @@ -77,12 +77,12 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 with: fetch-depth: ${{ inputs.fetch-depth }} - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} From 7d5ddcf4f61f13501d70bab7e43ab85c9b98678a Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 14:48:25 +0200 Subject: [PATCH 13/24] Upgrade ci-pr-checks.yml workflow --- .github/workflows/ci-pr-checks.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-pr-checks.yml b/.github/workflows/ci-pr-checks.yml index 8039f871..06c2f919 100644 --- a/.github/workflows/ci-pr-checks.yml +++ b/.github/workflows/ci-pr-checks.yml @@ -138,7 +138,7 @@ jobs: steps: - name: Check PR title id: check-pr-title - uses: felleslosninger/github-actions/validate-pull-request-title@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/validate-pull-request-title@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: pull-request-title: ${{ inputs.pull-request-title }} allowed-prefixes: ${{ inputs.pull-request-allowed-prefixes }} @@ -153,7 +153,7 @@ jobs: - name: Fail if PR title is not valid if: steps.check-pr-title.outputs.is-valid == 'false' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # pin@v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # pin@v9.0.0 with: script: | core.setFailed('${{ steps.check-pr-title.outputs.error-message }}') @@ -168,10 +168,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -201,7 +201,7 @@ jobs: if: | !cancelled() && inputs.artifact-path != '' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 with: name: ${{ inputs.artifact-name }} path: ${{ inputs.artifact-path }} @@ -283,6 +283,6 @@ jobs: needs: call-auto-merge steps: - name: call-build-publish-image - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # pin@v3.0.0 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # pin@v4.0.1 with: event-type: build-publish-image From c44a179a8f8eb63b2c145d9e9426c738ce42ff0c Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:09:17 +0200 Subject: [PATCH 14/24] Upgrade ci-quarkus-build-publish-image.yml workflow --- .../workflows/ci-quarkus-build-publish-image.yml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index e498f04f..bdf45996 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -135,10 +135,10 @@ jobs: echo "IMAGE-NAME=${{ inputs.container-registry }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -219,17 +219,13 @@ jobs: os-severity: ${{ inputs.trivy-os-severity }} trivy-version: ${{ inputs.trivy-version }} - - name: Login to ACR - uses: azure/login@v2 + - name: ACR login + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - run: az acr login --name "$ACR_NAME" - env: - ACR_NAME: ${{ inputs.container-registry }} + acr-name: ${{ inputs.container-registry }} - name: Push image run: docker push ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} @@ -267,7 +263,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} From 3e2bbf30e37b2a25ba488fe2cbf14a8c0825d82a Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:10:16 +0200 Subject: [PATCH 15/24] Upgrade ci-quarkus-container-scan.yml workflow --- .github/workflows/ci-quarkus-container-scan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-quarkus-container-scan.yml b/.github/workflows/ci-quarkus-container-scan.yml index 43d836ff..eb506e81 100644 --- a/.github/workflows/ci-quarkus-container-scan.yml +++ b/.github/workflows/ci-quarkus-container-scan.yml @@ -100,10 +100,10 @@ jobs: run: | echo "IMAGE-NAME=${{ inputs.registry-url }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} From f8f71ccf976de04ad03777585e413accd3725ec9 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:30:13 +0200 Subject: [PATCH 16/24] Upgrade ci-spring-boot-build-publish-image.yml workflow --- .../ci-spring-boot-build-publish-image.yml | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci-spring-boot-build-publish-image.yml b/.github/workflows/ci-spring-boot-build-publish-image.yml index 4540bcf9..faf4c06a 100644 --- a/.github/workflows/ci-spring-boot-build-publish-image.yml +++ b/.github/workflows/ci-spring-boot-build-publish-image.yml @@ -160,10 +160,10 @@ jobs: echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -225,26 +225,20 @@ jobs: # Login to GHCR if container-registry starts with ghcr.io - name: Login to GitHub Container Registry if: contains(inputs.container-registry, 'ghcr.io') - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # pin@v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # Login to Azure if container-registry is ACR - - name: Login to Azure + - name: ACR login if: contains(inputs.container-registry, 'azurecr.io') - uses: azure/login@v2 + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - if: contains(inputs.container-registry, 'azurecr.io') - run: az acr login --name "$ACR_NAME" - env: - ACR_NAME: ${{ inputs.container-registry }} + acr-name: ${{ inputs.container-registry }} - name: Push image run: docker push ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} @@ -284,7 +278,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} From 4077cc3d198a8e6decff7d4c306f29fe584f485c Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:31:16 +0200 Subject: [PATCH 17/24] Upgrade ci-spring-boot-container-scan.yml workflow --- .github/workflows/ci-spring-boot-container-scan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-spring-boot-container-scan.yml b/.github/workflows/ci-spring-boot-container-scan.yml index aa21468e..2909c39b 100644 --- a/.github/workflows/ci-spring-boot-container-scan.yml +++ b/.github/workflows/ci-spring-boot-container-scan.yml @@ -89,7 +89,7 @@ on: jobs: build-and-scan-image: runs-on: ubuntu-latest - permissions: + permissions: contents: read env: REPOSITORY-NAME: ${{ github.event.repository.name }} @@ -106,10 +106,10 @@ jobs: echo "image-name=${{ inputs.registry-url }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_OUTPUT" - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} From 78e7266398b351711a79c28dc94af758bb552b60 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:33:14 +0200 Subject: [PATCH 18/24] Upgrade misc-approve-and-merge-dependabot-pr.yml workflow --- .github/workflows/misc-approve-and-merge-dependabot-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/misc-approve-and-merge-dependabot-pr.yml b/.github/workflows/misc-approve-and-merge-dependabot-pr.yml index 7e5fc252..0e1c6d99 100644 --- a/.github/workflows/misc-approve-and-merge-dependabot-pr.yml +++ b/.github/workflows/misc-approve-and-merge-dependabot-pr.yml @@ -29,7 +29,7 @@ jobs: if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Fetch update types id: update-types @@ -46,7 +46,7 @@ jobs: - name: Fetch Dependabot metadata if: ${{ fromJson(steps.update-types.outputs.count) > 0 }} id: dependabot-metadata - uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # pin@v2.4.0 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # pin@v3.1.0 - name: Approve and auto-merge id: auto-merge From fc4c5fd54145924cc1f93009e1d41405839d6a08 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:35:43 +0200 Subject: [PATCH 19/24] Upgrade misc-publish-dev-docker.yml workflow --- .github/workflows/misc-publish-dev-docker.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/misc-publish-dev-docker.yml b/.github/workflows/misc-publish-dev-docker.yml index c132f5d6..ba557153 100644 --- a/.github/workflows/misc-publish-dev-docker.yml +++ b/.github/workflows/misc-publish-dev-docker.yml @@ -20,20 +20,20 @@ jobs: REPOSITORY-NAME: ${{ github.event.repository.name }} steps: - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # pin@v3.6.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # pin@v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # pin@v3.0.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # pin@v4.0.0 - name: Login to crutvikling (Azure container registry) - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # pin@v3.5.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # pin@v4.1.0 with: registry: ${{ vars.CR_DEV_URL }} username: ${{ secrets.CR_DEV_USERNAME }} password: ${{ secrets.CR_DEV_SECRET }} - name: Build and push - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # pin@v6.18.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # pin@v7.1.0 with: push: true platforms: linux/amd64,linux/arm64 From 16309a8ad506f0a518ba4b54fe22625566cec26e Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:36:36 +0200 Subject: [PATCH 20/24] Upgrade on-pr-label.yml workflow --- .github/workflows/on-pr-label.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/on-pr-label.yml b/.github/workflows/on-pr-label.yml index 0502ecd8..0e40afdd 100644 --- a/.github/workflows/on-pr-label.yml +++ b/.github/workflows/on-pr-label.yml @@ -16,7 +16,7 @@ jobs: if: github.event.label.name == 'internal' steps: - name: Append ${{ env.internal-commit-string }} to PR title - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # pin@v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # pin@v9.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | From da0453db22e0617864f602e3aeec2746cdf95ae4 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:37:13 +0200 Subject: [PATCH 21/24] Upgrade test-k6-build-docker.yml workflow --- .github/workflows/test-k6-build-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-k6-build-docker.yml b/.github/workflows/test-k6-build-docker.yml index 0e698cf2..1f10b3de 100644 --- a/.github/workflows/test-k6-build-docker.yml +++ b/.github/workflows/test-k6-build-docker.yml @@ -81,7 +81,7 @@ jobs: run: | echo "IMAGE-NAME=${{ env.REGISTRY_URL }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Copy k6-tests to docker temp run: | From 193850e935acddaa24061df02e762cbde77baf45 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Wed, 13 May 2026 15:39:15 +0200 Subject: [PATCH 22/24] Upgrade test-k6-build-publish-docker.yml workflow --- .github/workflows/test-k6-build-publish-docker.yml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-k6-build-publish-docker.yml b/.github/workflows/test-k6-build-publish-docker.yml index f313ec7d..2b9c2732 100644 --- a/.github/workflows/test-k6-build-publish-docker.yml +++ b/.github/workflows/test-k6-build-publish-docker.yml @@ -99,7 +99,7 @@ jobs: run: | echo "IMAGE_NAME=${{ secrets.REGISTRY_URL }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Find and replace image version for ${{ env.IMAGETAG }} in version endpoint uses: jacobtomlinson/gha-find-replace@f1069b438f125e5395d84d1c6fd3b559a7880cb5 # pin@v3.0.5 @@ -133,17 +133,13 @@ jobs: os-exit-code: ${{ inputs.trivy-os-exit-code }} trivy-version: ${{ inputs.trivy-version }} - - name: Login to ACR - uses: azure/login@v2 + - name: ACR login + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - run: az acr login --name "$ACR_NAME" - env: - ACR_NAME: ${{ vars.ACR_NAME }} + acr-name: ${{ vars.ACR_NAME }} - name: "Build the tagged Docker image" run: | @@ -173,7 +169,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} From 2fc6d07f05b903679336b5a96a22fa0d63c3999e Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Fri, 15 May 2026 07:50:39 +0200 Subject: [PATCH 23/24] Use branch for testing --- .github/workflows/ci-build-publish-image.yml | 6 +++--- .github/workflows/ci-docker-build-publish-image.yml | 6 +++--- .github/workflows/ci-maven-build-lib.yml | 2 +- .github/workflows/ci-maven-build.yml | 2 +- .github/workflows/ci-maven-deploy.yml | 4 ++-- .github/workflows/ci-maven-install-deploy-lib.yml | 4 ++-- .github/workflows/ci-pr-checks.yml | 6 +++--- .github/workflows/ci-quarkus-build-publish-image.yml | 6 +++--- .github/workflows/ci-quarkus-container-scan.yml | 2 +- .github/workflows/ci-spring-boot-build-publish-image.yml | 6 +++--- .github/workflows/ci-spring-boot-container-scan.yml | 2 +- 11 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci-build-publish-image.yml b/.github/workflows/ci-build-publish-image.yml index a622231f..5e78ee96 100644 --- a/.github/workflows/ci-build-publish-image.yml +++ b/.github/workflows/ci-build-publish-image.yml @@ -165,7 +165,7 @@ jobs: run-spring-boot-build: needs: input-checks if: inputs.application-type == 'spring-boot' - uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-build-publish-image.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-build-publish-image.yml@PF-2384-node24-upgrade permissions: contents: write packages: write @@ -197,7 +197,7 @@ jobs: run-quarkus-build: needs: input-checks if: inputs.application-type == 'quarkus' - uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-build-publish-image.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-build-publish-image.yml@PF-2384-node24-upgrade permissions: contents: write id-token: write @@ -225,7 +225,7 @@ jobs: run-docker-build: needs: input-checks if: inputs.application-type == 'docker' - uses: felleslosninger/github-workflows/.github/workflows/ci-docker-build-publish-image.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-docker-build-publish-image.yml@PF-2384-node24-upgrade permissions: contents: write id-token: write diff --git a/.github/workflows/ci-docker-build-publish-image.yml b/.github/workflows/ci-docker-build-publish-image.yml index df30aee4..aaa3983b 100644 --- a/.github/workflows/ci-docker-build-publish-image.yml +++ b/.github/workflows/ci-docker-build-publish-image.yml @@ -128,7 +128,7 @@ jobs: fi - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} application-path: ${{ inputs.application-path }} @@ -142,7 +142,7 @@ jobs: trivy-version: ${{ inputs.trivy-version }} - name: ACR login - uses: felleslosninger/github-workflows/.github/actions/acr-login@main + uses: felleslosninger/github-workflows/.github/actions/acr-login@PF-2384-node24-upgrade with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -163,7 +163,7 @@ jobs: echo "- Image digest: $image_digest" >> "$GITHUB_STEP_SUMMARY" - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade with: scan-type: image artifact-id: ${{ steps.set-image-name.outputs.image-name }} diff --git a/.github/workflows/ci-maven-build-lib.yml b/.github/workflows/ci-maven-build-lib.yml index 77125f7f..5b5d43fa 100644 --- a/.github/workflows/ci-maven-build-lib.yml +++ b/.github/workflows/ci-maven-build-lib.yml @@ -127,7 +127,7 @@ jobs: mvn -B clean install --update-snapshots - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: scan-type: "fs" application-path: ${{ inputs.application-path }} diff --git a/.github/workflows/ci-maven-build.yml b/.github/workflows/ci-maven-build.yml index b05980f4..b79fa660 100644 --- a/.github/workflows/ci-maven-build.yml +++ b/.github/workflows/ci-maven-build.yml @@ -137,7 +137,7 @@ jobs: esac - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: scan-type: "fs" application-path: ${{ inputs.application-path }} diff --git a/.github/workflows/ci-maven-deploy.yml b/.github/workflows/ci-maven-deploy.yml index df9f5985..c35b48a9 100644 --- a/.github/workflows/ci-maven-deploy.yml +++ b/.github/workflows/ci-maven-deploy.yml @@ -80,7 +80,7 @@ jobs: server-password: GITHUB_TOKEN - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: scan-type: "fs" application-path: ${{ inputs.application-path }} @@ -114,7 +114,7 @@ jobs: fi - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade with: scan-type: fs artifact-id: ${{ github.event.repository.name }} diff --git a/.github/workflows/ci-maven-install-deploy-lib.yml b/.github/workflows/ci-maven-install-deploy-lib.yml index 909d8296..06a10efa 100644 --- a/.github/workflows/ci-maven-install-deploy-lib.yml +++ b/.github/workflows/ci-maven-install-deploy-lib.yml @@ -116,7 +116,7 @@ jobs: fi - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: scan-type: "fs" application-path: ${{ inputs.application-path }} @@ -179,7 +179,7 @@ jobs: echo "id=$ARTIFACT_ID" >> "$GITHUB_OUTPUT" - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade with: scan-type: fs artifact-id: ${{ steps.sbom-meta.outputs.id }} diff --git a/.github/workflows/ci-pr-checks.yml b/.github/workflows/ci-pr-checks.yml index 06c2f919..d66daa4c 100644 --- a/.github/workflows/ci-pr-checks.yml +++ b/.github/workflows/ci-pr-checks.yml @@ -211,7 +211,7 @@ jobs: if: | inputs.enable-trivy-image-scan == true && inputs.application-type == 'spring-boot' - uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-container-scan.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-container-scan.yml@PF-2384-node24-upgrade permissions: contents: read with: @@ -235,7 +235,7 @@ jobs: if: | inputs.enable-trivy-image-scan == true && inputs.application-type == 'quarkus' - uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-container-scan.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-container-scan.yml@PF-2384-node24-upgrade permissions: contents: read with: @@ -268,7 +268,7 @@ jobs: call-spring-boot-container-scan, call-quarkus-container-scan, ] - uses: felleslosninger/github-workflows/.github/workflows/misc-approve-and-merge-dependabot-pr.yml@main + uses: felleslosninger/github-workflows/.github/workflows/misc-approve-and-merge-dependabot-pr.yml@PF-2384-node24-upgrade permissions: contents: write pull-requests: write diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index bdf45996..32ae89d2 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -208,7 +208,7 @@ jobs: --creation-time now - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: image-ref: ${{ env.IMAGE-NAME }}:${{ env.IMAGETAG }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} @@ -220,7 +220,7 @@ jobs: trivy-version: ${{ inputs.trivy-version }} - name: ACR login - uses: felleslosninger/github-workflows/.github/actions/acr-login@main + uses: felleslosninger/github-workflows/.github/actions/acr-login@PF-2384-node24-upgrade with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -239,7 +239,7 @@ jobs: run: echo "imagedigest=${{env.IMAGE_DIGEST}}" >> "$GITHUB_OUTPUT" - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade with: scan-type: image artifact-id: ${{ env.IMAGE-NAME }} diff --git a/.github/workflows/ci-quarkus-container-scan.yml b/.github/workflows/ci-quarkus-container-scan.yml index eb506e81..c2a6d12c 100644 --- a/.github/workflows/ci-quarkus-container-scan.yml +++ b/.github/workflows/ci-quarkus-container-scan.yml @@ -167,7 +167,7 @@ jobs: --creation-time now - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: image-ref: ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} application-path: ${{ inputs.application-path }} diff --git a/.github/workflows/ci-spring-boot-build-publish-image.yml b/.github/workflows/ci-spring-boot-build-publish-image.yml index faf4c06a..e8b5eedc 100644 --- a/.github/workflows/ci-spring-boot-build-publish-image.yml +++ b/.github/workflows/ci-spring-boot-build-publish-image.yml @@ -210,7 +210,7 @@ jobs: -Dspring-boot.build-image.createdDate=now - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} application-path: ${{ inputs.application-path }} @@ -233,7 +233,7 @@ jobs: - name: ACR login if: contains(inputs.container-registry, 'azurecr.io') - uses: felleslosninger/github-workflows/.github/actions/acr-login@main + uses: felleslosninger/github-workflows/.github/actions/acr-login@PF-2384-node24-upgrade with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -254,7 +254,7 @@ jobs: echo "- Image digest: $image_digest" >> "$GITHUB_STEP_SUMMARY" - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade with: scan-type: image artifact-id: ${{ steps.set-image-name.outputs.image-name }} diff --git a/.github/workflows/ci-spring-boot-container-scan.yml b/.github/workflows/ci-spring-boot-container-scan.yml index 2909c39b..2d3f61ed 100644 --- a/.github/workflows/ci-spring-boot-container-scan.yml +++ b/.github/workflows/ci-spring-boot-container-scan.yml @@ -134,7 +134,7 @@ jobs: run: mvn -DskipTests -B spring-boot:build-image --file ${{ inputs.application-path }}pom.xml -Dspring-boot.build-image.imageName=${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} -Dspring-boot.build-image.builder=paketobuildpacks/${{ inputs.image-pack }}:${{ inputs.image-pack-tag }} - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade with: image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} application-path: ${{ inputs.application-path }} From 97c184bbc8c5ad8d7f223a7a7a1c580ccfedf41c Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Fri, 15 May 2026 14:47:29 +0200 Subject: [PATCH 24/24] Revert "Use branch for testing" This reverts commit 2fc6d07f05b903679336b5a96a22fa0d63c3999e. --- .github/workflows/ci-build-publish-image.yml | 6 +++--- .github/workflows/ci-docker-build-publish-image.yml | 6 +++--- .github/workflows/ci-maven-build-lib.yml | 2 +- .github/workflows/ci-maven-build.yml | 2 +- .github/workflows/ci-maven-deploy.yml | 4 ++-- .github/workflows/ci-maven-install-deploy-lib.yml | 4 ++-- .github/workflows/ci-pr-checks.yml | 6 +++--- .github/workflows/ci-quarkus-build-publish-image.yml | 6 +++--- .github/workflows/ci-quarkus-container-scan.yml | 2 +- .github/workflows/ci-spring-boot-build-publish-image.yml | 6 +++--- .github/workflows/ci-spring-boot-container-scan.yml | 2 +- 11 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci-build-publish-image.yml b/.github/workflows/ci-build-publish-image.yml index 5e78ee96..a622231f 100644 --- a/.github/workflows/ci-build-publish-image.yml +++ b/.github/workflows/ci-build-publish-image.yml @@ -165,7 +165,7 @@ jobs: run-spring-boot-build: needs: input-checks if: inputs.application-type == 'spring-boot' - uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-build-publish-image.yml@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-build-publish-image.yml@main permissions: contents: write packages: write @@ -197,7 +197,7 @@ jobs: run-quarkus-build: needs: input-checks if: inputs.application-type == 'quarkus' - uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-build-publish-image.yml@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-build-publish-image.yml@main permissions: contents: write id-token: write @@ -225,7 +225,7 @@ jobs: run-docker-build: needs: input-checks if: inputs.application-type == 'docker' - uses: felleslosninger/github-workflows/.github/workflows/ci-docker-build-publish-image.yml@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/workflows/ci-docker-build-publish-image.yml@main permissions: contents: write id-token: write diff --git a/.github/workflows/ci-docker-build-publish-image.yml b/.github/workflows/ci-docker-build-publish-image.yml index aaa3983b..df30aee4 100644 --- a/.github/workflows/ci-docker-build-publish-image.yml +++ b/.github/workflows/ci-docker-build-publish-image.yml @@ -128,7 +128,7 @@ jobs: fi - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} application-path: ${{ inputs.application-path }} @@ -142,7 +142,7 @@ jobs: trivy-version: ${{ inputs.trivy-version }} - name: ACR login - uses: felleslosninger/github-workflows/.github/actions/acr-login@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -163,7 +163,7 @@ jobs: echo "- Image digest: $image_digest" >> "$GITHUB_STEP_SUMMARY" - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: image artifact-id: ${{ steps.set-image-name.outputs.image-name }} diff --git a/.github/workflows/ci-maven-build-lib.yml b/.github/workflows/ci-maven-build-lib.yml index 5b5d43fa..77125f7f 100644 --- a/.github/workflows/ci-maven-build-lib.yml +++ b/.github/workflows/ci-maven-build-lib.yml @@ -127,7 +127,7 @@ jobs: mvn -B clean install --update-snapshots - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: scan-type: "fs" application-path: ${{ inputs.application-path }} diff --git a/.github/workflows/ci-maven-build.yml b/.github/workflows/ci-maven-build.yml index b79fa660..b05980f4 100644 --- a/.github/workflows/ci-maven-build.yml +++ b/.github/workflows/ci-maven-build.yml @@ -137,7 +137,7 @@ jobs: esac - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: scan-type: "fs" application-path: ${{ inputs.application-path }} diff --git a/.github/workflows/ci-maven-deploy.yml b/.github/workflows/ci-maven-deploy.yml index c35b48a9..df9f5985 100644 --- a/.github/workflows/ci-maven-deploy.yml +++ b/.github/workflows/ci-maven-deploy.yml @@ -80,7 +80,7 @@ jobs: server-password: GITHUB_TOKEN - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: scan-type: "fs" application-path: ${{ inputs.application-path }} @@ -114,7 +114,7 @@ jobs: fi - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: fs artifact-id: ${{ github.event.repository.name }} diff --git a/.github/workflows/ci-maven-install-deploy-lib.yml b/.github/workflows/ci-maven-install-deploy-lib.yml index 06a10efa..909d8296 100644 --- a/.github/workflows/ci-maven-install-deploy-lib.yml +++ b/.github/workflows/ci-maven-install-deploy-lib.yml @@ -116,7 +116,7 @@ jobs: fi - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: scan-type: "fs" application-path: ${{ inputs.application-path }} @@ -179,7 +179,7 @@ jobs: echo "id=$ARTIFACT_ID" >> "$GITHUB_OUTPUT" - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: fs artifact-id: ${{ steps.sbom-meta.outputs.id }} diff --git a/.github/workflows/ci-pr-checks.yml b/.github/workflows/ci-pr-checks.yml index d66daa4c..06c2f919 100644 --- a/.github/workflows/ci-pr-checks.yml +++ b/.github/workflows/ci-pr-checks.yml @@ -211,7 +211,7 @@ jobs: if: | inputs.enable-trivy-image-scan == true && inputs.application-type == 'spring-boot' - uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-container-scan.yml@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-container-scan.yml@main permissions: contents: read with: @@ -235,7 +235,7 @@ jobs: if: | inputs.enable-trivy-image-scan == true && inputs.application-type == 'quarkus' - uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-container-scan.yml@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-container-scan.yml@main permissions: contents: read with: @@ -268,7 +268,7 @@ jobs: call-spring-boot-container-scan, call-quarkus-container-scan, ] - uses: felleslosninger/github-workflows/.github/workflows/misc-approve-and-merge-dependabot-pr.yml@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/workflows/misc-approve-and-merge-dependabot-pr.yml@main permissions: contents: write pull-requests: write diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index 32ae89d2..bdf45996 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -208,7 +208,7 @@ jobs: --creation-time now - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: image-ref: ${{ env.IMAGE-NAME }}:${{ env.IMAGETAG }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} @@ -220,7 +220,7 @@ jobs: trivy-version: ${{ inputs.trivy-version }} - name: ACR login - uses: felleslosninger/github-workflows/.github/actions/acr-login@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -239,7 +239,7 @@ jobs: run: echo "imagedigest=${{env.IMAGE_DIGEST}}" >> "$GITHUB_OUTPUT" - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: image artifact-id: ${{ env.IMAGE-NAME }} diff --git a/.github/workflows/ci-quarkus-container-scan.yml b/.github/workflows/ci-quarkus-container-scan.yml index c2a6d12c..eb506e81 100644 --- a/.github/workflows/ci-quarkus-container-scan.yml +++ b/.github/workflows/ci-quarkus-container-scan.yml @@ -167,7 +167,7 @@ jobs: --creation-time now - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: image-ref: ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} application-path: ${{ inputs.application-path }} diff --git a/.github/workflows/ci-spring-boot-build-publish-image.yml b/.github/workflows/ci-spring-boot-build-publish-image.yml index e8b5eedc..faf4c06a 100644 --- a/.github/workflows/ci-spring-boot-build-publish-image.yml +++ b/.github/workflows/ci-spring-boot-build-publish-image.yml @@ -210,7 +210,7 @@ jobs: -Dspring-boot.build-image.createdDate=now - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} application-path: ${{ inputs.application-path }} @@ -233,7 +233,7 @@ jobs: - name: ACR login if: contains(inputs.container-registry, 'azurecr.io') - uses: felleslosninger/github-workflows/.github/actions/acr-login@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -254,7 +254,7 @@ jobs: echo "- Image digest: $image_digest" >> "$GITHUB_STEP_SUMMARY" - name: Run Trivy SBOM generation - uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: image artifact-id: ${{ steps.set-image-name.outputs.image-name }} diff --git a/.github/workflows/ci-spring-boot-container-scan.yml b/.github/workflows/ci-spring-boot-container-scan.yml index 2d3f61ed..2909c39b 100644 --- a/.github/workflows/ci-spring-boot-container-scan.yml +++ b/.github/workflows/ci-spring-boot-container-scan.yml @@ -134,7 +134,7 @@ jobs: run: mvn -DskipTests -B spring-boot:build-image --file ${{ inputs.application-path }}pom.xml -Dspring-boot.build-image.imageName=${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} -Dspring-boot.build-image.builder=paketobuildpacks/${{ inputs.image-pack }}:${{ inputs.image-pack-tag }} - name: Run Trivy vulnerability scanner - uses: felleslosninger/github-workflows/.github/actions/trivy-scan@PF-2384-node24-upgrade + uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} application-path: ${{ inputs.application-path }}