extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-06-20 18:07:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated all dependencies for Github actions

Browse Source
This commit is contained in:
Alexey Pustovalov 2025-03-07 13:12:48 +09:00
parent 6f170f3069
commit b958f712c9
7 changed files with 54 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/dependency-review.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block

2
.github/workflows/dockerhub_description.yml vendored
View File

@ -48,7 +48,7 @@ jobs:
- web-service
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block

47
.github/workflows/images_build.yml vendored
View File

@ -64,7 +64,7 @@ jobs:
sha_short: ${{ steps.branch_info.outputs.sha_short }}
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
@ -175,7 +175,7 @@ jobs:
attestations: write
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: audit
@ -275,7 +275,7 @@ jobs:
- name: Install cosign
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
cosign-release: 'v2.4.0'
@ -284,13 +284,13 @@ jobs:
run: cosign version
- name: Set up QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
with:
image: tonistiigi/binfmt:qemu-v8.1.5
platforms: all
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
driver-opts: image=moby/buildkit:master
@ -311,7 +311,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: |
${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, env.BASE_BUILD_NAME ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }}
@ -377,7 +377,7 @@ jobs:
- name: Build and publish image
id: docker_build
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }}
file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }}
@ -436,7 +436,7 @@ jobs:
echo "${METADATA}" > "$CACHE_FILE_NAME"
- name: Cache image metadata
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ${{ env.BASE_CACHE_FILE_NAME }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -458,7 +458,7 @@ jobs:
attestations: write
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
@ -496,7 +496,7 @@ jobs:
- name: Install cosign
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
cosign-release: 'v2.4.0'
@ -505,13 +505,13 @@ jobs:
run: cosign version
- name: Set up QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
with:
image: tonistiigi/binfmt:qemu-v8.1.5
platforms: all
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
driver-opts: image=moby/buildkit:master
@ -532,7 +532,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: |
${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }}
@ -550,7 +550,7 @@ jobs:
latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
- name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }}
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ${{ env.BASE_CACHE_FILE_NAME }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -641,11 +641,12 @@ jobs:
- name: Build ${{ matrix.build }}/${{ matrix.os }} and push
id: docker_build
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
context: ${{ format('{0}/{1}/{2}/', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }}
build-contexts: |
sources=./sources/
config_templates=./config_templates/
file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }}
platforms: ${{ steps.platform.outputs.list }}
push: true
@ -701,7 +702,7 @@ jobs:
echo "${METADATA}" > "$CACHE_FILE_NAME"
- name: Cache image metadata
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ${{ env.BUILD_CACHE_FILE_NAME }}
key: ${{ matrix.build }}-${{ matrix.os }}-${{ github.run_id }}
@ -724,7 +725,7 @@ jobs:
attestations: write
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
@ -856,7 +857,7 @@ jobs:
- name: Install cosign
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
cosign-release: 'v2.4.0'
@ -865,13 +866,13 @@ jobs:
run: cosign version
- name: Set up QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
with:
image: tonistiigi/binfmt:qemu-v8.1.5
platforms: all
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
driver-opts: image=moby/buildkit:master
@ -924,7 +925,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: |
${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }}
@ -942,7 +943,7 @@ jobs:
latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
- name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }}
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
if: ${{ matrix.build != 'snmptraps' }}
with:
path: ${{ env.BUILD_CACHE_FILE_NAME }}
@ -1013,7 +1014,7 @@ jobs:
- name: Build and push image
id: docker_build
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }}
file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }}

23
.github/workflows/images_build_rhel.yml vendored
View File

@ -72,7 +72,7 @@ jobs:
secret_prefix: ${{ steps.branch_info.outputs.secret_prefix }}
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
@ -219,7 +219,7 @@ jobs:
- name: Install cosign
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
cosign-release: 'v2.4.0'
@ -236,7 +236,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
tags: |
@ -281,7 +281,7 @@ jobs:
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Cache image metadata
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: |
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id
@ -356,7 +356,7 @@ jobs:
echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT
- name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: |
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id
@ -394,7 +394,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
tags: |
@ -413,6 +413,7 @@ jobs:
extra-args: |
--iidfile=${{ github.workspace }}/iidfile
--build-context sources=./sources/
--build-context config_templates=./config_templates/
- name: Prepare image metadata
id: image_metadata
@ -440,7 +441,7 @@ jobs:
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Cache image metadata
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: |
${{ matrix.build }}_${{ matrix.arch }}_tag_id
@ -537,7 +538,7 @@ jobs:
- name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }}
if: ${{ matrix.build != 'snmptraps' }}
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: |
${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag_id
@ -582,7 +583,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] || matrix.build }}
tags: |
@ -719,7 +720,7 @@ jobs:
permissions: {}
steps:
- name: Download metadata of ${{ matrix.build }}:${{ matrix.arch }}
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: |
${{ matrix.build }}_${{ matrix.arch }}_tag_id
@ -740,7 +741,7 @@ jobs:
echo "::endgroup::"
- name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: |
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id

22
.github/workflows/images_build_windows.yml vendored
View File

@ -61,7 +61,7 @@ jobs:
sha_short: ${{ steps.branch_info.outputs.sha_short }}
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
@ -164,7 +164,7 @@ jobs:
fetch-depth: 1
- name: Install cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
cosign-release: 'v2.4.0'
@ -193,7 +193,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_IMAGE_NAME }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -327,7 +327,7 @@ jobs:
$Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME
- name: Cache image digest
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -354,7 +354,7 @@ jobs:
fetch-depth: 1
- name: Install cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
cosign-release: 'v2.4.0'
@ -383,7 +383,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_IMAGE_NAME }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -399,7 +399,7 @@ jobs:
latest=false
- name: Download SHA256 tag of ${{ env.BASE_IMAGE_NAME }}:${{ matrix.os }}
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -555,7 +555,7 @@ jobs:
$Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME
- name: Cache image digest
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -582,7 +582,7 @@ jobs:
fetch-depth: 1
- name: Install cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
cosign-release: 'v2.4.0'
@ -611,7 +611,7 @@ jobs:
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -627,7 +627,7 @@ jobs:
latest=false
- name: Download SHA256 tag of ${{ env.BASE_BUILD_IMAGE_NAME }}:${{ matrix.os }}
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}

6
.github/workflows/rhel_registry_description.yml vendored
View File

@ -34,7 +34,7 @@ jobs:
zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }}
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
@ -98,7 +98,7 @@ jobs:
component: ${{ fromJson(needs.init.outputs.components) }}
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
@ -127,7 +127,7 @@ jobs:
echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT
- name: Setup Python 3.x
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: '3.x'

22
.github/workflows/sonarcloud.yml vendored
View File

@ -44,7 +44,7 @@ jobs:
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
egress-policy: audit
@ -55,25 +55,7 @@ jobs:
fetch-depth: 0
- name: Analyze with SonarCloud
# You can pin the exact commit or the version.
# uses: SonarSource/sonarcloud-github-action@e44258b109568baa0df60ed515909fc6c72cba92
uses: SonarSource/sonarcloud-github-action@e44258b109568baa0df60ed515909fc6c72cba92 # v2.3.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
# Additional arguments for the sonarcloud scanner
args:
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
# mandatory
-Dsonar.projectKey=zabbix-docker
-Dsonar.organization=zabbix
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# When you need the analysis to take place in a directory other than the one from which it was launched
#-Dsonar.projectBaseDir= # optional, default is .
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false