diff --git a/.github/workflows/approve-override.yml b/.github/workflows/approve-override.yml index b8eeba3..2ee8d53 100644 --- a/.github/workflows/approve-override.yml +++ b/.github/workflows/approve-override.yml @@ -37,12 +37,12 @@ jobs: runs-on: ubuntu-latest environment: override-approval steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: sparse-checkout: scripts - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/javabin-ci-override-approver aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/build-jvm.yml b/.github/workflows/build-jvm.yml index fb62d5c..d367001 100644 --- a/.github/workflows/build-jvm.yml +++ b/.github/workflows/build-jvm.yml @@ -16,7 +16,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: actions/setup-java@v4 with: @@ -29,7 +29,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: test-results path: "**/target/surefire-reports/*.xml" diff --git a/.github/workflows/build-ts.yml b/.github/workflows/build-ts.yml index c03e08d..a6ed74e 100644 --- a/.github/workflows/build-ts.yml +++ b/.github/workflows/build-ts.yml @@ -16,7 +16,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/detect.yml b/.github/workflows/detect.yml index 20bfccd..14e156d 100644 --- a/.github/workflows/detect.yml +++ b/.github/workflows/detect.yml @@ -41,7 +41,7 @@ jobs: has_cdk: ${{ steps.check.outputs.has_cdk }} app_name: ${{ steps.check.outputs.app_name }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Detect repo contents id: check diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 28127da..2d0fd81 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -38,10 +38,10 @@ jobs: image_uri: ${{ steps.push.outputs.image_uri }} image_tag: ${{ steps.tags.outputs.primary_tag }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-deploy-${{ github.event.repository.name }} aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/eb-deploy.yml b/.github/workflows/eb-deploy.yml index e319f2d..ecec5f7 100644 --- a/.github/workflows/eb-deploy.yml +++ b/.github/workflows/eb-deploy.yml @@ -27,10 +27,10 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-deploy-${{ github.event.repository.name }} aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/ecs-deploy.yml b/.github/workflows/ecs-deploy.yml index c1280cb..9a25b64 100644 --- a/.github/workflows/ecs-deploy.yml +++ b/.github/workflows/ecs-deploy.yml @@ -34,14 +34,14 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.PLATFORM_APP_ID }} private-key: ${{ secrets.PLATFORM_APP_PRIVATE_KEY }} owner: javaBin - name: Checkout platform scripts - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: javaBin/platform token: ${{ steps.app-token.outputs.token }} @@ -50,7 +50,7 @@ jobs: path: .platform - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-deploy-${{ github.event.repository.name }} aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/expand-terraform.yml b/.github/workflows/expand-terraform.yml index 0fe06bd..7850ff0 100644 --- a/.github/workflows/expand-terraform.yml +++ b/.github/workflows/expand-terraform.yml @@ -27,20 +27,20 @@ jobs: expand: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: ${{ github.ref }} - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.PLATFORM_APP_ID }} private-key: ${{ secrets.PLATFORM_APP_PRIVATE_KEY }} owner: javaBin - name: Checkout platform scripts - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: javaBin/platform token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/platform-ci.yml b/.github/workflows/platform-ci.yml index 51ffe91..60da484 100644 --- a/.github/workflows/platform-ci.yml +++ b/.github/workflows/platform-ci.yml @@ -47,7 +47,7 @@ jobs: plan_sha256: ${{ steps.upload.outputs.plan_sha256 }} risk_level: ${{ steps.review.outputs.risk_level }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 with: @@ -55,7 +55,7 @@ jobs: terraform_wrapper: false - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/javabin-ci-infra-plan aws-region: ${{ env.AWS_REGION }} @@ -84,7 +84,7 @@ jobs: - name: Upload Lambda ZIPs as artifact if: steps.plan.outputs.has_changes == 'true' - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: lambda-zips path: ${{ env.TF_ROOT }}/lambdas/builds/ @@ -131,14 +131,14 @@ jobs: needs.plan.outputs.has_changes == 'true' environment: production steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 with: terraform_version: "1.7" terraform_wrapper: false - - uses: aws-actions/configure-aws-credentials@v5 + - uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/javabin-ci-infra aws-region: ${{ env.AWS_REGION }} @@ -150,7 +150,7 @@ jobs: run: sh scripts/check-risk-block.sh "$RISK" - name: Download Lambda ZIPs from artifact - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v8 with: name: lambda-zips path: ${{ env.TF_ROOT }}/lambdas/builds/ @@ -179,14 +179,14 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'schedule' steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 with: terraform_version: "1.7" terraform_wrapper: false - - uses: aws-actions/configure-aws-credentials@v5 + - uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/javabin-ci-infra aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/tf-apply.yml b/.github/workflows/tf-apply.yml index 1489001..afe73b2 100644 --- a/.github/workflows/tf-apply.yml +++ b/.github/workflows/tf-apply.yml @@ -34,7 +34,7 @@ jobs: env: PLAN_BUCKET: javabin-ci-plan-artifacts-${{ inputs.aws_account_id }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 with: @@ -43,14 +43,14 @@ jobs: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.PLATFORM_APP_ID }} private-key: ${{ secrets.PLATFORM_APP_PRIVATE_KEY }} owner: javaBin - name: Checkout platform scripts - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: javaBin/platform token: ${{ steps.app-token.outputs.token }} @@ -59,7 +59,7 @@ jobs: # Step 1: Lightweight OIDC role — can only invoke gate Lambda + read S3 - name: Configure gate credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-apply-gate aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/tf-plan.yml b/.github/workflows/tf-plan.yml index f983dde..1f32bb8 100644 --- a/.github/workflows/tf-plan.yml +++ b/.github/workflows/tf-plan.yml @@ -45,7 +45,7 @@ jobs: env: PLAN_BUCKET: javabin-ci-plan-artifacts-${{ inputs.aws_account_id }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: ${{ github.ref }} @@ -55,21 +55,21 @@ jobs: terraform_wrapper: false - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-app-${{ github.event.repository.name }} aws-region: ${{ inputs.aws_region }} - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.PLATFORM_APP_ID }} private-key: ${{ secrets.PLATFORM_APP_PRIVATE_KEY }} owner: javaBin - name: Checkout platform scripts - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: javaBin/platform token: ${{ steps.app-token.outputs.token }}