diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 38e65f3..869fa94 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -55,7 +55,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` diff --git a/.github/workflows/comprehensive-quality.yml b/.github/workflows/comprehensive-quality.yml index eca6f0b..4e4cad5 100644 --- a/.github/workflows/comprehensive-quality.yml +++ b/.github/workflows/comprehensive-quality.yml @@ -11,7 +11,7 @@ jobs: dependability: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check test coverage run: | echo "Checking for test files..." @@ -30,7 +30,7 @@ jobs: security: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Secret scanning uses: trufflesecurity/trufflehog@main continue-on-error: true @@ -50,7 +50,7 @@ jobs: interoperability: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check API specs run: | if [ -f "openapi.yaml" ] || [ -f "openapi.json" ]; then @@ -67,7 +67,7 @@ jobs: validation: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for validation patterns run: | VALIDATION=$(grep -rE "validate|sanitize|Schema|Validator" --include="*.rs" --include="*.res" --include="*.ex" . 2>/dev/null | wc -l || echo "0") @@ -81,7 +81,7 @@ jobs: contents: read attestations: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Generate SBOM run: | echo "SBOM generation would run here" @@ -97,7 +97,7 @@ jobs: verification: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check SPARK proofs run: | if find . -name "*.ads" | grep -q .; then @@ -113,7 +113,7 @@ jobs: functionality: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check TODOs and FIXMEs run: | echo "=== Incomplete items ===" @@ -126,7 +126,7 @@ jobs: performance: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for benchmarks run: | BENCHES=$(find . -name "*bench*" -o -name "*perf*" | wc -l) @@ -143,7 +143,7 @@ jobs: runs-on: ubuntu-latest if: hashFiles('**/*.html') != '' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: HTML accessibility check run: | echo "Checking for a11y attributes..." @@ -157,7 +157,7 @@ jobs: license: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check license files run: | if [ -f "LICENSE" ] || [ -f "LICENSE.txt" ] || [ -f "LICENSE.md" ]; then @@ -175,7 +175,7 @@ jobs: documentation: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check docs completeness run: | DOCS="" diff --git a/.github/workflows/guix-nix-policy.yml b/.github/workflows/guix-nix-policy.yml index a776006..6771253 100644 --- a/.github/workflows/guix-nix-policy.yml +++ b/.github/workflows/guix-nix-policy.yml @@ -4,7 +4,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Enforce Guix primary / Nix fallback run: | # Check for package manager files diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml index e31d81c..e729658 100644 --- a/.github/workflows/jekyll-gh-pages.yml +++ b/.github/workflows/jekyll-gh-pages.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Pages uses: actions/configure-pages@v5 - name: Build with Jekyll @@ -36,7 +36,7 @@ jobs: source: ./ destination: ./_site - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@v4 # Deployment job deploy: diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index eb78d2c..c1a7b7a 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -5,7 +5,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check file permissions run: | @@ -35,7 +35,7 @@ jobs: docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check documentation run: | MISSING="" diff --git a/.github/workflows/rsr-antipattern.yml b/.github/workflows/rsr-antipattern.yml index ac08939..e6ce6a0 100644 --- a/.github/workflows/rsr-antipattern.yml +++ b/.github/workflows/rsr-antipattern.yml @@ -16,7 +16,7 @@ jobs: antipattern-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for TypeScript run: | diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a073b17..c1071e6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -14,17 +14,17 @@ jobs: security-events: write id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false - name: Run Scorecard - uses: ossf/scorecard-action@v2.3.1 + uses: ossf/scorecard-action@v2.4.3 with: results_file: results.sarif results_format: sarif - name: Upload results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: results.sarif diff --git a/.github/workflows/security-policy.yml b/.github/workflows/security-policy.yml index c20bbc7..a9d7c0f 100644 --- a/.github/workflows/security-policy.yml +++ b/.github/workflows/security-policy.yml @@ -4,7 +4,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Security checks run: | FAILED=false diff --git a/.github/workflows/ts-blocker.yml b/.github/workflows/ts-blocker.yml index 43465a3..f31b6cc 100644 --- a/.github/workflows/ts-blocker.yml +++ b/.github/workflows/ts-blocker.yml @@ -4,7 +4,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Block new TypeScript/JavaScript run: | NEW_TS=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.(ts|tsx)$' | grep -v '\.gen\.' || true) diff --git a/.github/workflows/wellknown-enforcement.yml b/.github/workflows/wellknown-enforcement.yml index 809d209..2108364 100644 --- a/.github/workflows/wellknown-enforcement.yml +++ b/.github/workflows/wellknown-enforcement.yml @@ -17,7 +17,7 @@ jobs: validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: RFC 9116 security.txt validation run: |