chore: update CI actions, Go 1.25, Alpine 3.22

kjanat · kjanat · commit af15bcccd414 · 2025-11-05T22:38:28.000+01:00
Updates CI to latest major actions (checkout v5, setup-go v6, upload-artifact v5, CodeQL v4) for security and compatibility.
Uses stable major tag for autofix action.
Updates Docker images to Go 1.25 and Alpine 3.22 to leverage newer toolchain and patched bases.

Updates open-pull-requests-limit to 2 in dependabot.yml and upgrade CodeQL action to v4
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -8,7 +8,7 @@ updates:
       day: 'monday'
       time: '07:00'
       timezone: 'Europe/Amsterdam'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
     labels:
       - 'dependencies'
       - 'dependencies/github-actions'
@@ -24,15 +24,15 @@ updates:
       day: 'monday'
       time: '07:00'
       timezone: 'Europe/Amsterdam'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
     labels:
       - 'dependencies'
       - 'dependencies/docker'
     commit-message:
       prefix: 'docker'
       include: 'scope'
     groups:
-      docker-images:
+      docker:
         patterns:
           - '*'
         update-types:
@@ -47,15 +47,15 @@ updates:
       day: 'monday'
       time: '07:00'
       timezone: 'Europe/Amsterdam'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
     labels:
       - 'dependencies'
       - 'dependencies/docker-compose'
     commit-message:
       prefix: 'docker'
       include: 'scope'
     groups:
-      docker-compose:
+      docker:
         patterns:
           - '*'
         update-types:
@@ -70,7 +70,7 @@ updates:
       day: 'monday'
       time: '07:00'
       timezone: 'Europe/Amsterdam'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
     labels:
       - 'dependencies'
       - 'dependencies/go'
diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml
@@ -10,8 +10,8 @@ jobs:
   autofix:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
         with:
           go-version-file: 'go.mod'
 
@@ -22,4 +22,4 @@ jobs:
       # of course we can also do just this instead:
       # - run: gofmt -w .
 
-      - uses: autofix-ci/action@551dded8c6cc8a1054039c8bc0b8b48c51dfc6ef
+      - uses: autofix-ci/action@v1
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -31,10 +31,10 @@ jobs:
           - 1.24.x
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Set up Go ${{ matrix.go }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go }}
           check-latest: true
@@ -214,7 +214,7 @@ jobs:
 
       - name: Upload test artifacts
         if: failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: test-results-go-${{ matrix.go }}
           path: |
@@ -297,7 +297,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -344,7 +344,7 @@ jobs:
     if: github.event_name == 'pull_request'
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v4
@@ -360,12 +360,12 @@ jobs:
       contents: write
     needs: ['test']
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: 'go.mod'
           check-latest: true
@@ -461,7 +461,7 @@ jobs:
           echo "" >> $GITHUB_STEP_SUMMARY
 
       - name: Upload a Build Artifact
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5.6.2
         with:
           name: build-artifacts
           path: build/
@@ -492,7 +492,7 @@ jobs:
     if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/feature/docker'))
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -61,7 +61,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     # Add any setup steps before running the `github/codeql-action/init` action.
     # This includes steps like installing compilers or runtimes (`actions/setup-node`
@@ -71,7 +71,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -99,6 +99,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,12 +14,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: 'go.mod'
           check-latest: true
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build stage
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
 
 # Install git and ca-certificates (needed for fetching dependencies and HTTPS)
 RUN apk add --no-cache git ca-certificates tzdata file
diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -2,7 +2,7 @@
 # Uses Alpine instead of scratch for debugging
 
 # Build stage - same as production
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
 
 # Install git and ca-certificates (needed for fetching dependencies and HTTPS)
 RUN apk add --no-cache git ca-certificates tzdata file
@@ -49,7 +49,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
 RUN file /app/articulate-parser || echo "file command not available"
 
 # Development stage - uses Alpine for shell access
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 # Install minimal dependencies
 RUN apk add --no-cache ca-certificates tzdata
