chore: update CI actions, Go 1.25, Alpine 3.22

Updates CI to latest major actions (checkout v5, setup-go v6, upload-artifact v5, CodeQL v4) for security and compatibility. Uses stable major tag for autofix action. Updates Docker images to Go 1.25 and Alpine 3.22 to leverage newer toolchain and patched bases. Updates open-pull-requests-limit to 2 in dependabot.yml and upgrade CodeQL action to v4
2026-01-16 11:02:10 +01:00 · 2025-11-05 22:28:20 +01:00
parent 422b56aa86
commit af15bcccd4
8 changed files with 27 additions and 27 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -8,7 +8,7 @@ updates:
      day: 'monday'
      time: '07:00'
      timezone: 'Europe/Amsterdam'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
    labels:
      - 'dependencies'
      - 'dependencies/github-actions'
@ -24,7 +24,7 @@ updates:
      day: 'monday'
      time: '07:00'
      timezone: 'Europe/Amsterdam'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
    labels:
      - 'dependencies'
      - 'dependencies/docker'
@ -32,7 +32,7 @@ updates:
      prefix: 'docker'
      include: 'scope'
    groups:
-      docker-images:
+      docker:
        patterns:
          - '*'
        update-types:
@ -47,7 +47,7 @@ updates:
      day: 'monday'
      time: '07:00'
      timezone: 'Europe/Amsterdam'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
    labels:
      - 'dependencies'
      - 'dependencies/docker-compose'
@ -55,7 +55,7 @@ updates:
      prefix: 'docker'
      include: 'scope'
    groups:
-      docker-compose:
+      docker:
        patterns:
          - '*'
        update-types:
@ -70,7 +70,7 @@ updates:
      day: 'monday'
      time: '07:00'
      timezone: 'Europe/Amsterdam'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
    labels:
      - 'dependencies'
      - 'dependencies/go'
--- a/.github/workflows/autofix.yml
+++ b/.github/workflows/autofix.yml
@ -10,8 +10,8 @@ jobs:
  autofix:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
        with:
          go-version-file: 'go.mod'

@ -22,4 +22,4 @@ jobs:
      # of course we can also do just this instead:
      # - run: gofmt -w .

-      - uses: autofix-ci/action@551dded8c6cc8a1054039c8bc0b8b48c51dfc6ef
+      - uses: autofix-ci/action@v1
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -31,10 +31,10 @@ jobs:
          - 1.24.x

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5

      - name: Set up Go ${{ matrix.go }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version: ${{ matrix.go }}
          check-latest: true
@ -214,7 +214,7 @@ jobs:

      - name: Upload test artifacts
        if: failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: test-results-go-${{ matrix.go }}
          path: |
@ -297,7 +297,7 @@ jobs:
      contents: read
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@ -344,7 +344,7 @@ jobs:
    if: github.event_name == 'pull_request'
    steps:
      - name: 'Checkout Repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v4
@ -360,12 +360,12 @@ jobs:
      contents: write
    needs: ['test']
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version-file: 'go.mod'
          check-latest: true
@ -461,7 +461,7 @@ jobs:
          echo "" >> $GITHUB_STEP_SUMMARY

      - name: Upload a Build Artifact
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5.6.2
        with:
          name: build-artifacts
          path: build/
@ -492,7 +492,7 @@ jobs:
    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/feature/docker'))
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: Login to Docker Hub
        uses: docker/login-action@v3
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -61,7 +61,7 @@ jobs:
        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5

    # Add any setup steps before running the `github/codeql-action/init` action.
    # This includes steps like installing compilers or runtimes (`actions/setup-node`
@ -71,7 +71,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
      with:
        languages: ${{ matrix.language }}
        build-mode: ${{ matrix.build-mode }}
@ -99,6 +99,6 @@ jobs:
        exit 1

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v4
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -14,12 +14,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version-file: 'go.mod'
          check-latest: true
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 # Build stage
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder

 # Install git and ca-certificates (needed for fetching dependencies and HTTPS)
 RUN apk add --no-cache git ca-certificates tzdata file
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -2,7 +2,7 @@
 # Uses Alpine instead of scratch for debugging

 # Build stage - same as production
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder

 # Install git and ca-certificates (needed for fetching dependencies and HTTPS)
 RUN apk add --no-cache git ca-certificates tzdata file
@ -49,7 +49,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
 RUN file /app/articulate-parser || echo "file command not available"

 # Development stage - uses Alpine for shell access
-FROM alpine:3.21.3
+FROM alpine:3.22.1

 # Install minimal dependencies
 RUN apk add --no-cache ca-certificates tzdata