diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dced21ef..1fb519e6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,14 +43,14 @@ jobs: if: matrix.container run: dnf install -y gcc gcc-c++ make curl git perl-core - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/registry @@ -65,7 +65,7 @@ jobs: CARGO_TARGET_DIR: wasmtime4j-native/.cargo-target run: cargo build --release --target ${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: native-${{ matrix.platform }} path: wasmtime4j-native/.cargo-target/${{ matrix.target }}/release/${{ matrix.lib }} @@ -77,15 +77,15 @@ jobs: name: Code Quality runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-quality-${{ hashFiles('**/pom.xml') }} @@ -158,9 +158,9 @@ jobs: java: '23' runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: # Java 8 target: use JDK 21 to compile with -source/-target 8 and run tests # (test dependencies like Mockito 5.x require JDK 11+) @@ -168,14 +168,14 @@ jobs: distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-test-${{ matrix.java }}-${{ hashFiles('**/pom.xml') }} restore-keys: m2-test- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-${{ matrix.platform }} path: wasmtime4j-native/src/main/resources/natives/${{ matrix.platform }}/ @@ -205,7 +205,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: test-results-${{ matrix.platform }}-java${{ matrix.java }} path: '**/target/surefire-reports/' diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 1dcaf825..1cf275b6 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -47,7 +47,7 @@ jobs: name: Fuzz Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@nightly @@ -65,7 +65,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-crashes-smoke path: wasmtime4j-native/fuzz/artifacts/ @@ -77,9 +77,9 @@ jobs: name: Java Fuzz Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: '23' @@ -100,7 +100,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: java-fuzz-crashes-smoke path: wasmtime4j-tests/fuzz/**/hs_err_*.log @@ -124,7 +124,7 @@ jobs: - wit_serialize - jni_callback steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@nightly @@ -132,7 +132,7 @@ jobs: run: cargo install cargo-fuzz - name: Cache fuzz corpus - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: wasmtime4j-native/fuzz/corpus/${{ matrix.target }} key: fuzz-corpus-${{ matrix.target }}-${{ github.sha }} @@ -164,14 +164,14 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-crashes-${{ matrix.target }} path: wasmtime4j-native/fuzz/artifacts/${{ matrix.target }}/ if-no-files-found: ignore - name: Upload updated corpus - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-corpus-${{ matrix.target }} path: wasmtime4j-native/fuzz/corpus/${{ matrix.target }}/ @@ -183,9 +183,9 @@ jobs: name: Java Fuzz Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: '23' @@ -215,7 +215,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: java-fuzz-crashes path: wasmtime4j-tests/fuzz/**/hs_err_*.log @@ -230,7 +230,7 @@ jobs: issues: write steps: - name: Create issue for crashes - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const today = new Date().toISOString().split('T')[0]; diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 93781c20..520f0b13 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,14 +42,14 @@ jobs: if: matrix.container run: dnf install -y gcc gcc-c++ make curl git perl-core - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/registry @@ -64,7 +64,7 @@ jobs: CARGO_TARGET_DIR: wasmtime4j-native/.cargo-target run: cargo build --release --target ${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: native-${{ matrix.platform }} path: wasmtime4j-native/.cargo-target/${{ matrix.target }}/release/${{ matrix.lib }} @@ -105,23 +105,23 @@ jobs: java: '23' runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: # Java 8 target: use JDK 21 to compile with source/target 8 and run tests java-version: ${{ matrix.java == '8' && '21' || matrix.java }} distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-test-${{ matrix.java }}-${{ hashFiles('**/pom.xml') }} restore-keys: m2-test- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-${{ matrix.platform }} path: wasmtime4j-native/src/main/resources/natives/${{ matrix.platform }}/ @@ -139,15 +139,15 @@ jobs: needs: build-native runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-quality-${{ hashFiles('**/pom.xml') }} @@ -180,9 +180,9 @@ jobs: contents: write packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' @@ -193,7 +193,7 @@ jobs: gpg-passphrase: GPG_PASSPHRASE - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-publish-${{ hashFiles('**/pom.xml') }} @@ -201,19 +201,19 @@ jobs: # Download all 4 native libraries into resource directories - name: Download native libraries - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-linux-x86_64 path: wasmtime4j-native/src/main/resources/natives/linux-x86_64/ - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 with: name: native-linux-aarch64 path: wasmtime4j-native/src/main/resources/natives/linux-aarch64/ - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 with: name: native-darwin-aarch64 path: wasmtime4j-native/src/main/resources/natives/darwin-aarch64/ - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 with: name: native-windows-x86_64 path: wasmtime4j-native/src/main/resources/natives/windows-x86_64/ @@ -287,7 +287,7 @@ jobs: done - name: Create GitHub Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@v3 with: generate_release_notes: true files: | diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index b48ca0b4..aaf22287 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -19,7 +19,7 @@ jobs: name: Cargo Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable @@ -44,15 +44,15 @@ jobs: name: OWASP Dependency Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-security-${{ hashFiles('**/pom.xml') }} @@ -68,7 +68,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: dependency-check-report path: '**/target/dependency-check-report.html' @@ -81,15 +81,15 @@ jobs: permissions: security-events: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: java @@ -100,19 +100,19 @@ jobs: ./mvnw compile $COMMON_ARGS -pl wasmtime4j,wasmtime4j-jni,wasmtime4j-native-loader - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 # Secret scanning secret-scan: name: Secret Scanning runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Run TruffleHog - uses: trufflesecurity/trufflehog@v3.88.0 + uses: trufflesecurity/trufflehog@v3.95.5 with: path: ./ base: ${{ github.event.pull_request.base.sha || 'HEAD~1' }} @@ -124,9 +124,9 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'push' && github.ref == 'refs/heads/master' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' @@ -134,7 +134,7 @@ jobs: - name: Generate SBOM run: ./mvnw org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -B -P skip-native - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: sbom path: target/bom.xml diff --git a/.github/workflows/wasmtime-upstream-watch.yml b/.github/workflows/wasmtime-upstream-watch.yml index 612113c5..fef99452 100644 --- a/.github/workflows/wasmtime-upstream-watch.yml +++ b/.github/workflows/wasmtime-upstream-watch.yml @@ -14,7 +14,7 @@ jobs: name: Check upstream wasmtime release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Compare versions and manage tracking issue env: