From af15bcccd414d66b7c67ceebafa62c03a3e76a2e Mon Sep 17 00:00:00 2001 From: Kaj Kowalski Date: Wed, 5 Nov 2025 22:28:20 +0100 Subject: [PATCH] chore: update CI actions, Go 1.25, Alpine 3.22 Updates CI to latest major actions (checkout v5, setup-go v6, upload-artifact v5, CodeQL v4) for security and compatibility. Uses stable major tag for autofix action. Updates Docker images to Go 1.25 and Alpine 3.22 to leverage newer toolchain and patched bases. Updates open-pull-requests-limit to 2 in dependabot.yml and upgrade CodeQL action to v4 --- .github/dependabot.yml | 12 ++++++------ .github/workflows/autofix.yml | 6 +++--- .github/workflows/ci.yml | 18 +++++++++--------- .github/workflows/codeql.yml | 6 +++--- .github/workflows/dependency-review.yml | 2 +- .github/workflows/release.yml | 4 ++-- Dockerfile | 2 +- Dockerfile.dev | 4 ++-- 8 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4b8fd07..dc0d74f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,7 +8,7 @@ updates: day: 'monday' time: '07:00' timezone: 'Europe/Amsterdam' - open-pull-requests-limit: 10 + open-pull-requests-limit: 2 labels: - 'dependencies' - 'dependencies/github-actions' @@ -24,7 +24,7 @@ updates: day: 'monday' time: '07:00' timezone: 'Europe/Amsterdam' - open-pull-requests-limit: 10 + open-pull-requests-limit: 2 labels: - 'dependencies' - 'dependencies/docker' @@ -32,7 +32,7 @@ updates: prefix: 'docker' include: 'scope' groups: - docker-images: + docker: patterns: - '*' update-types: @@ -47,7 +47,7 @@ updates: day: 'monday' time: '07:00' timezone: 'Europe/Amsterdam' - open-pull-requests-limit: 10 + open-pull-requests-limit: 2 labels: - 'dependencies' - 'dependencies/docker-compose' @@ -55,7 +55,7 @@ updates: prefix: 'docker' include: 'scope' groups: - docker-compose: + docker: patterns: - '*' update-types: @@ -70,7 +70,7 @@ updates: day: 'monday' time: '07:00' timezone: 'Europe/Amsterdam' - open-pull-requests-limit: 10 + open-pull-requests-limit: 2 labels: - 'dependencies' - 'dependencies/go' diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index 79f51da..8d24ab3 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -10,8 +10,8 @@ jobs: autofix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v5 + - uses: actions/setup-go@v6 with: go-version-file: 'go.mod' @@ -22,4 +22,4 @@ jobs: # of course we can also do just this instead: # - run: gofmt -w . - - uses: autofix-ci/action@551dded8c6cc8a1054039c8bc0b8b48c51dfc6ef + - uses: autofix-ci/action@v1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7c7a359..4f09eb4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,10 +31,10 @@ jobs: - 1.24.x steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Go ${{ matrix.go }} - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go }} check-latest: true @@ -214,7 +214,7 @@ jobs: - name: Upload test artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: test-results-go-${{ matrix.go }} path: | @@ -297,7 +297,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -344,7 +344,7 @@ jobs: if: github.event_name == 'pull_request' steps: - name: 'Checkout Repository' - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: 'Dependency Review' uses: actions/dependency-review-action@v4 @@ -360,12 +360,12 @@ jobs: contents: write needs: ['test'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: 'go.mod' check-latest: true @@ -461,7 +461,7 @@ jobs: echo "" >> $GITHUB_STEP_SUMMARY - name: Upload a Build Artifact - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@v5.6.2 with: name: build-artifacts path: build/ @@ -492,7 +492,7 @@ jobs: if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/feature/docker')) steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Login to Docker Hub uses: docker/login-action@v3 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5422fee..6299e32 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -61,7 +61,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` @@ -71,7 +71,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -99,6 +99,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index a12f9f7..a298d5e 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: 'Dependency Review' uses: actions/dependency-review-action@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fae7a92..ac48284 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,12 +14,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: 'go.mod' check-latest: true diff --git a/Dockerfile b/Dockerfile index b91433c..59b938e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.24-alpine AS builder +FROM golang:1.25-alpine AS builder # Install git and ca-certificates (needed for fetching dependencies and HTTPS) RUN apk add --no-cache git ca-certificates tzdata file diff --git a/Dockerfile.dev b/Dockerfile.dev index 97d01d2..8f06374 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -2,7 +2,7 @@ # Uses Alpine instead of scratch for debugging # Build stage - same as production -FROM golang:1.24-alpine AS builder +FROM golang:1.25-alpine AS builder # Install git and ca-certificates (needed for fetching dependencies and HTTPS) RUN apk add --no-cache git ca-certificates tzdata file @@ -49,7 +49,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \ RUN file /app/articulate-parser || echo "file command not available" # Development stage - uses Alpine for shell access -FROM alpine:3.21.3 +FROM alpine:3.22.1 # Install minimal dependencies RUN apk add --no-cache ca-certificates tzdata