diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2eddb84..a8b9321 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: helm: ${{ steps.detect.outputs.helm }} api_docs: ${{ steps.detect.outputs.api_docs }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Detect Docker-impacting changes id: detect shell: bash @@ -74,7 +74,7 @@ jobs: if: github.event_name != 'pull_request' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable @@ -117,7 +117,7 @@ jobs: runs-on: ubuntu-latest needs: [changes] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Helm uses: azure/setup-helm@v5 @@ -170,10 +170,10 @@ jobs: name: Examples Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Create kind cluster - uses: helm/kind-action@v1.13.0 + uses: helm/kind-action@v1.14.0 with: cluster_name: examples-test @@ -201,7 +201,7 @@ jobs: name: Security Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable @@ -218,7 +218,7 @@ jobs: name: Lint & Format runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable @@ -256,7 +256,7 @@ jobs: runs-on: ubuntu-latest needs: [security-audit, lint] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable @@ -275,10 +275,10 @@ jobs: runs-on: ubuntu-latest needs: [changes, lint] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v5 with: version: v3.14.0 @@ -294,10 +294,10 @@ jobs: runs-on: ubuntu-latest needs: [changes, lint] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.12" @@ -323,7 +323,7 @@ jobs: runs-on: ubuntu-latest needs: test steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable @@ -360,7 +360,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Lowercase IMAGE_NAME run: echo "IMAGE_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV @@ -412,7 +412,7 @@ jobs: contents: read security-events: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Lowercase IMAGE_NAME run: echo "IMAGE_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index f01ada6..a30b436 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -11,7 +11,7 @@ jobs: name: Pre-commit Hooks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable @@ -22,7 +22,7 @@ jobs: uses: Swatinem/rust-cache@v2 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.x' diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index d886889..7633e8f 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -18,7 +18,7 @@ jobs: name: Cargo Security Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Rust uses: dtolnay/rust-toolchain@stable @@ -32,7 +32,7 @@ jobs: name: Trivy Vulnerability Scanner (Code/FS/Dep/Containers) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Run Trivy vulnerability scanner FS uses: aquasecurity/trivy-action@master @@ -54,12 +54,12 @@ jobs: args: ['--scanners', 'vuln', '--vuln-type', 'library'] - name: Upload Trivy scan results FS - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: trivy-fs-results.sarif - name: Upload Trivy cargo results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: trivy-cargo-results.sarif @@ -67,7 +67,7 @@ jobs: name: Trivy Container Scan runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Build Docker image run: docker build -t stellar-operator:scan . @@ -81,7 +81,7 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy Docker scan - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: trivy-docker.sarif @@ -89,7 +89,7 @@ jobs: name: IaC Security Scan (Helm/K8s manifests) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Checkov IaC scan uses: bridgecrewio/checkov-action@v12 @@ -100,7 +100,7 @@ jobs: output_file_path: checkov-results.sarif - name: Upload Checkov results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: checkov-results.sarif @@ -108,7 +108,7 @@ jobs: name: Kubernetes Compliance (CIS Kube-bench) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Run kube-bench run: | @@ -122,7 +122,7 @@ jobs: name: Penetration Testing Scenarios (k6) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup k6 uses: grafana/xk6-action@v2 @@ -142,7 +142,7 @@ jobs: needs: [cargo-audit, trivy-vuln-scan, docker-trivy, iac-checkov, compliance-kube-bench, pen-testing-k6] if: always() steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Security Status Summary run: | echo \"## Security Scan Results\" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/soak-test.yml b/.github/workflows/soak-test.yml index 4afa117..355cc9f 100644 --- a/.github/workflows/soak-test.yml +++ b/.github/workflows/soak-test.yml @@ -39,7 +39,7 @@ jobs: steps: # ── 1. Checkout ────────────────────────────────────────────────────────── - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 # ── 2. Build operator ──────────────────────────────────────────────────── - name: Install Rust toolchain @@ -137,7 +137,7 @@ jobs: # ── 8. Upload results (always, so failures are inspectable) ────────────── - name: Upload memory samples if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: soak-memory-samples path: /tmp/soak-memory.log diff --git a/.github/workflows/verify-operator-boot.yml b/.github/workflows/verify-operator-boot.yml index a77dd6a..312faac 100644 --- a/.github/workflows/verify-operator-boot.yml +++ b/.github/workflows/verify-operator-boot.yml @@ -27,7 +27,7 @@ jobs: steps: # ── 1. Checkout ────────────────────────────────────────────────────────── - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 # ── 2. Rust toolchain + cache ──────────────────────────────────────────── - name: Install Rust toolchain @@ -49,7 +49,7 @@ jobs: # ── 4. Create kind cluster (AC #2) ────────────────────────────────────── - name: Install kind - uses: helm/kind-action@v1.13.0 + uses: helm/kind-action@v1.14.0 with: install_only: true @@ -119,7 +119,7 @@ jobs: # ── 8. Upload log as artifact ──────────────────────────────────────────── - name: Upload operator log if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: operator-boot-log path: /tmp/operator.log