Merge branch 'develop' into feature/routestream

Author: srugano

.github/actions/docker_build/action.yml

@@ -73,7 +73,7 @@ runs:
         key: ${{ runner.os }}-regclient
 
     - name: DockerHub login
-      uses: docker/login-action@v3
+      uses: docker/login-action@v4
       with:
         username: ${{ inputs.username }}
         password: ${{ inputs.password }}
@@ -95,7 +95,7 @@ runs:
       uses: ./.github/actions/last_commit
     - name: Docker meta
       id: meta
-      uses: docker/metadata-action@v5
+      uses: docker/metadata-action@v6
       with:
         images: ${{ inputs.image }}
         flavor: |
@@ -139,7 +139,7 @@ runs:
         fi
     - name: Set up Docker BuildX
       if: steps.image_status.outputs.updated != 'true' || inputs.rebuild == 'true'
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
       with:
         platforms: linux/amd64
         driver: docker-container

.github/workflows/docs.yml

@@ -31,7 +31,7 @@ jobs:
         uses: actions/checkout@v6
       - id: changed_files
         name: Check for file changes
-        uses: dorny/paths-filter@v3
+        uses: dorny/paths-filter@v4
         with:
           base: ${{ github.ref }}
           token: ${{ github.token }}

.github/workflows/label-pullrequest.yml

@@ -19,7 +19,7 @@ jobs:
           persist-credentials: false
 
       - name: Check for file changes
-        uses: dorny/paths-filter@v3
+        uses: dorny/paths-filter@v4
         id: changes
         with:
           token: ${{ github.token }}

.github/workflows/lint.yml

@@ -40,7 +40,7 @@ jobs:
       - uses: actions/checkout@v6
       - id: changes
         name: Check for backend file changes
-        uses: dorny/paths-filter@v3
+        uses: dorny/paths-filter@v4
         with:
           base: ${{ github.ref }}
           token: ${{ github.token }}

.github/workflows/release.yml

@@ -32,13 +32,13 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v6
       - name: DockerHub login
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: "unicef/hope-country-report"
           tags: |

.github/workflows/sdlc-push.yml

@@ -42,10 +42,10 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/sdlc-version-create.yml

@@ -33,7 +33,7 @@ jobs:
           fetch-depth: 0
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -80,26 +80,27 @@ jobs:
             --push \
             ./
 
-  trivy:
-    name: Check Release with Trivy
-    runs-on: ubuntu-latest
-    needs: [prepare-version, build-push]
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v6
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.34.1
-        with:
-          image-ref: ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:${{ needs.prepare-version.outputs.version }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v4
-        with:
-          sarif_file: 'trivy-results.sarif'
+  # Trivy release scan disabled — uncomment the job below to re-enable
+  # trivy:
+  #   name: Check Release with Trivy
+  #   runs-on: ubuntu-latest
+  #   needs: [prepare-version, build-push]
+  #   permissions:
+  #     contents: read # for actions/checkout to fetch code
+  #     security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+  #   steps:
+  #     - name: Checkout code
+  #       uses: actions/checkout@v6
+  #
+  #     - name: Run Trivy vulnerability scanner
+  #       uses: aquasecurity/trivy-action@0.35.0
+  #       with:
+  #         image-ref: ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:${{ needs.prepare-version.outputs.version }}
+  #         format: 'sarif'
+  #         output: 'trivy-results.sarif'
+  #         severity: 'CRITICAL,HIGH'
+  #
+  #     - name: Upload Trivy scan results to GitHub Security tab
+  #       uses: github/codeql-action/upload-sarif@v4
+  #       with:
+  #         sarif_file: 'trivy-results.sarif'

.github/workflows/test.yml

@@ -44,7 +44,7 @@ jobs:
         uses: actions/checkout@v6
       - id: changes
         name: Check for file changes
-        uses: dorny/paths-filter@v3
+        uses: dorny/paths-filter@v4
         with:
           base: ${{ github.ref }}
           token: ${{ github.token }}
@@ -116,7 +116,7 @@ jobs:
           echo BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: "unicef/hope-country-report"
           tags: |
@@ -126,7 +126,7 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{raw}}
       - name: DockerHub login
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}