diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fb73d0f..23d9f56 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,14 +1,66 @@ version: 2 +registries: + ecr-docker: + type: docker-registry + url: https://567716553783.dkr.ecr.us-east-1.amazonaws.com + username: ${{secrets.ECR_AWS_ACCESS_KEY_ID}} + password: ${{secrets.ECR_AWS_SECRET_ACCESS_KEY}} + npm-github: + type: npm-registry + url: https://npm.pkg.github.com + token: ${{ secrets.GH_TOKEN }} + git-github: + type: git + url: https://github.com + username: x-access-token + password: '${{ secrets.GH_TOKEN }}' + updates: -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: weekly - day: sunday - groups: - dependencies: - patterns: - - "*" - commit-message: - prefix: fix(bot) + - package-ecosystem: npm + schedule: + interval: weekly + day: sunday + groups: + dependencies: + patterns: + - "*" + directories: + - "/" + commit-message: + prefix: fix(dependabot) + registries: + - npm-github + - git-github + + - package-ecosystem: github-actions + schedule: + interval: weekly + day: sunday + groups: + dependencies: + patterns: + - "*" + # recursively check in all subdirectories, there are actions + # references that are not within the .github/ or other root folders + directories: + - "/" + commit-message: + prefix: fix(dependabot) + registries: + - git-github + + - package-ecosystem: docker + schedule: + interval: weekly + day: sunday + groups: + dependencies: + patterns: + - "*" + directories: + - "/" + commit-message: + prefix: fix(dependabot) + registries: + - ecr-docker diff --git a/.github/workflows/ci-standard-checks-workflow.yaml b/.github/workflows/ci-standard-checks-workflow.yaml index b84a21c..281d9da 100644 --- a/.github/workflows/ci-standard-checks-workflow.yaml +++ b/.github/workflows/ci-standard-checks-workflow.yaml @@ -24,7 +24,7 @@ jobs: runs-on: 'ubuntu-latest' steps: - name: Check Out Source Code - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 - uses: actions/setup-node@v6 diff --git a/.github/workflows/create-github-release.yaml b/.github/workflows/create-github-release.yaml index 5937a8e..0061b8d 100644 --- a/.github/workflows/create-github-release.yaml +++ b/.github/workflows/create-github-release.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - uses: go-semantic-release/action@v1 with: diff --git a/.github/workflows/deep-purple-checks.yml b/.github/workflows/deep-purple-checks.yml index 707eb67..81df0a3 100644 --- a/.github/workflows/deep-purple-checks.yml +++ b/.github/workflows/deep-purple-checks.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Verify Jenkins credentials continue-on-error: false diff --git a/.github/workflows/frontend-deploy-workflow.yml b/.github/workflows/frontend-deploy-workflow.yml index 3586cf1..947542a 100644 --- a/.github/workflows/frontend-deploy-workflow.yml +++ b/.github/workflows/frontend-deploy-workflow.yml @@ -299,7 +299,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -347,7 +347,7 @@ jobs: echo "📋 Workflow version: ${{ env.WORKFLOW_VERSION }} (${{ env.WORKFLOW_FILE }})" - name: Upload build artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: build-${{ github.run_id }} path: ${{ inputs.build-artifact-path || inputs.build-output-dir }} @@ -363,7 +363,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Required for SonarCloud @@ -397,7 +397,7 @@ jobs: - name: Upload coverage if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: coverage-${{ github.run_id }} path: coverage/ @@ -413,7 +413,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -460,7 +460,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: integration-test-results-${{ github.run_id }} path: playwright-report/ @@ -565,7 +565,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/frontend-library-pr-release-workflow.yml b/.github/workflows/frontend-library-pr-release-workflow.yml index 3dca3c4..afd3996 100644 --- a/.github/workflows/frontend-library-pr-release-workflow.yml +++ b/.github/workflows/frontend-library-pr-release-workflow.yml @@ -82,7 +82,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Required for SonarCloud and semantic-release @@ -113,7 +113,7 @@ jobs: - name: SonarCloud Scan if: inputs.run-sonarcloud - uses: SonarSource/sonarqube-scan-action@v6 + uses: SonarSource/sonarqube-scan-action@v7 with: args: > -Dsonar.projectKey=${{ inputs.sonar-project-key != '' && inputs.sonar-project-key || format('{0}_{1}', github.repository_owner, github.event.repository.name) }} diff --git a/.github/workflows/frontend-pr-workflow.yml b/.github/workflows/frontend-pr-workflow.yml index e030d83..fafc484 100644 --- a/.github/workflows/frontend-pr-workflow.yml +++ b/.github/workflows/frontend-pr-workflow.yml @@ -301,7 +301,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -359,7 +359,7 @@ jobs: - name: Upload build artifacts if: ${{ !env.ACT }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: build-${{ github.run_id }} path: ${{ inputs.build-artifact-path || inputs.build-output-dir }} @@ -375,7 +375,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -407,7 +407,7 @@ jobs: - name: Upload coverage if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: coverage-${{ github.run_id }} path: coverage/ @@ -423,7 +423,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -470,7 +470,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: integration-test-results-${{ github.run_id }} path: playwright-report/ @@ -489,7 +489,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 diff --git a/.github/workflows/go-lint-workflow.yaml b/.github/workflows/go-lint-workflow.yaml index c73251b..8744c6e 100644 --- a/.github/workflows/go-lint-workflow.yaml +++ b/.github/workflows/go-lint-workflow.yaml @@ -54,10 +54,10 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Check out repository containing linter config - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: ${{ inputs.golangci-lint-config-repo }} ref: ${{ inputs.golangci-lint-config-repo-ref }} diff --git a/.github/workflows/graphql-generate-persisted-operations.yml b/.github/workflows/graphql-generate-persisted-operations.yml index 678e4af..2f13e24 100644 --- a/.github/workflows/graphql-generate-persisted-operations.yml +++ b/.github/workflows/graphql-generate-persisted-operations.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/image-multiarch.yaml b/.github/workflows/image-multiarch.yaml index be2a074..11fa965 100644 --- a/.github/workflows/image-multiarch.yaml +++ b/.github/workflows/image-multiarch.yaml @@ -59,16 +59,16 @@ jobs: runs-on: [ "${{ inputs.runner }}" ] steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up QEMU if: ${{ contains(inputs.platforms, ',') }} - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 with: image: 567716553783.dkr.ecr.us-east-1.amazonaws.com/docker-hub/tonistiigi/binfmt:latest - name: Set up Docker context for Buildx run: docker context create builders - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: endpoint: builders - name: Set dev prefix on tag @@ -78,7 +78,7 @@ jobs: if: ${{ inputs.prefix != '' }} run: echo "VERSION_PREFIX=$(echo ${{inputs.prefix}}-$VERSION_PREFIX)" >> $GITHUB_ENV - name: Build and push images - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: build-args: ${{ inputs.build-args }} context: ${{ inputs.context }} @@ -95,7 +95,7 @@ jobs: run: echo "VERSION_LATEST=$(echo ${{inputs.prefix}}-$VERSION_LATEST)" >> $GITHUB_ENV - name: Push latest image if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: build-args: ${{ inputs.build-args }} context: ${{ inputs.context }} diff --git a/.github/workflows/plantuml.yml b/.github/workflows/plantuml.yml index 3e58022..748e198 100644 --- a/.github/workflows/plantuml.yml +++ b/.github/workflows/plantuml.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest if: ${{ github.actor != 'dependabot[bot]' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: # Checkout the Pull Request branch, so that we are not in a detached head state. # and can push the re-generated diagrams to the HEAD of the same branch. diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 23169e0..d44f4b1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Update major version tag run: | git config --global user.email "security@typeform.com" diff --git a/.github/workflows/sonarcloud-scan.yml b/.github/workflows/sonarcloud-scan.yml index 0f814f9..b23abde 100644 --- a/.github/workflows/sonarcloud-scan.yml +++ b/.github/workflows/sonarcloud-scan.yml @@ -62,7 +62,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Required for SonarCloud to analyze git history @@ -77,14 +77,14 @@ jobs: - name: Download coverage artifacts if: inputs.coverage-artifact-name != '' - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: ${{ inputs.coverage-artifact-name }} path: coverage/ continue-on-error: true - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@v6 + uses: SonarSource/sonarqube-scan-action@v7 with: args: > -Dsonar.projectVersion=${{ github.run_id }}