BC-8113 update gh-actions (#37)

Loki-Afro · web-flow · commit b5fcf1ee5080 · 2025-01-16T16:12:15.000+01:00
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -58,7 +58,7 @@ jobs:
 
       - name: Build and push ${{ github.repository }}
         if: ${{ env.IMAGE_EXISTS == 0 }}
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile
@@ -132,7 +132,7 @@ jobs:
       security-events: write
     steps:
       - name: run trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
+        uses: aquasecurity/trivy-action@0.29.0
         with:
           image-ref: "ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}"
           format: "sarif"
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -40,7 +40,7 @@ jobs:
           password: ${{ secrets.QUAY_TOKEN }}
 
       - name: Build and push ${{ github.repository }}
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -31,7 +31,7 @@ jobs:
           distribution: 'temurin'
           java-version: '17'
       - name: SonarCloud upload coverage
-        uses: SonarSource/sonarcloud-github-action@v2.1.1
+        uses: SonarSource/sonarcloud-github-action@v4.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
@@ -43,4 +43,4 @@ jobs:
       - name: npm ci
         run: npm ci --prefer-offline --no-audit
       - name: npm run lint
-        run: npm run lint
+        run: npm run lint
