From c4e839df808ed72e604f0538ec07aa34af6cf21c Mon Sep 17 00:00:00 2001 From: borislavr Date: Thu, 21 May 2026 13:22:52 +0300 Subject: [PATCH 1/2] chore(deps): update action versions in workflow templates --- workflow-templates/auto-assign-project-to-issue.yml | 4 +++- workflow-templates/dev-docker-build-selective.yml | 5 ++--- workflow-templates/dev-mvn-docker-build.yml | 2 +- workflow-templates/license-header.yml | 4 ++-- workflow-templates/scout-cves.yml | 7 +++++-- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/workflow-templates/auto-assign-project-to-issue.yml b/workflow-templates/auto-assign-project-to-issue.yml index 876ead58..a74b503e 100644 --- a/workflow-templates/auto-assign-project-to-issue.yml +++ b/workflow-templates/auto-assign-project-to-issue.yml @@ -16,6 +16,8 @@ jobs: github-token: ${{ secrets.ADD_PROJECT_TO_ISSUE_PAT }} - name: Log info + env: + ISSUE_TITLE: ${{ github.event.issue.title }} run: | - echo "▶ Triggered by issue #${{ github.event.issue.number }}: ${{ github.event.issue.title }}" + echo "▶ Triggered by issue #${{ github.event.issue.number }}: $ISSUE_TITLE" echo "▶ Added to Project #${{ vars.PROJECT }} (beta)" \ No newline at end of file diff --git a/workflow-templates/dev-docker-build-selective.yml b/workflow-templates/dev-docker-build-selective.yml index af64f37e..440b7e2e 100644 --- a/workflow-templates/dev-docker-build-selective.yml +++ b/workflow-templates/dev-docker-build-selective.yml @@ -50,7 +50,6 @@ on: permissions: contents: read - packages: write concurrency: group: ${{ github.ref_type == 'branch' && format('build-branch-{0}', github.ref_name) || format('build-{0}', github.sha) }} @@ -67,7 +66,7 @@ jobs: packages: ${{ steps.config.outputs.config }} tags: "${{ steps.meta.outputs.result }}" steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: persist-credentials: true fetch-depth: 0 @@ -75,7 +74,7 @@ jobs: - name: Changed Files if: github.event_name != 'workflow_dispatch' id: changed-files - uses: tj-actions/changed-files@v47 + uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 with: json: true write_output_files: true # .github/outputs/all_changed_files.json diff --git a/workflow-templates/dev-mvn-docker-build.yml b/workflow-templates/dev-mvn-docker-build.yml index 0a08ce88..8cc66393 100644 --- a/workflow-templates/dev-mvn-docker-build.yml +++ b/workflow-templates/dev-mvn-docker-build.yml @@ -74,7 +74,7 @@ jobs: java-version: ${{ github.event.inputs.java-version || '21' }} - name: "Generate metadata" - uses: netcracker/qubership-workflow-hub/actions/metadata-action@m5a557213e92e3d22d0292330c4817c82af6704d2 #v2.1.2 + uses: netcracker/qubership-workflow-hub/actions/metadata-action@e64a1ee2fc2f68ab44a4ef416c27d83ce36ba8e1 # v2.2.1 id: metadata - name: "Prepare tags" diff --git a/workflow-templates/license-header.yml b/workflow-templates/license-header.yml index c07fe1dd..83e412da 100644 --- a/workflow-templates/license-header.yml +++ b/workflow-templates/license-header.yml @@ -55,13 +55,13 @@ jobs: - name: "Fix License Headers" continue-on-error: true - uses: apache/skywalking-eyes/header@v0.8.0 + uses: apache/skywalking-eyes/header@61275cc80d0798a405cb070f7d3a8aaf7cf2c2c1 # v0.8.0 with: mode: ${{ inputs.mode || 'fix' }} # default to fix - name: "Create Pull Request" if: inputs.mode == 'fix' || github.event_name == 'push' - uses: peter-evans/create-pull-request@v8.1.1 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "${{ inputs.commit-message || 'chore: add license headers to source files' }}" diff --git a/workflow-templates/scout-cves.yml b/workflow-templates/scout-cves.yml index 9560d81d..0c51288a 100644 --- a/workflow-templates/scout-cves.yml +++ b/workflow-templates/scout-cves.yml @@ -8,6 +8,9 @@ on: required: true type: string +permissions: + contents: read + jobs: scan: name: "Scan Docker Image for CVEs" @@ -23,14 +26,14 @@ jobs: persist-credentials: false - name: "Login to Docker Hub" - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_RW_TOKEN }} - name: "Run Docker Scout CVEs" id: scout - uses: docker/scout-action@v1 + uses: docker/scout-action@bacf462e8d090c09660de30a6ccc718035f961e3 # v1 with: command: cves image: ${{ inputs.image }} From c7d9d3957f51bf640d8b7d0dbbf645895c594399 Mon Sep 17 00:00:00 2001 From: borislavr Date: Thu, 21 May 2026 13:29:36 +0300 Subject: [PATCH 2/2] chore(workflow): ensure newline at end of file in auto-assign-project-to-issue.yml --- workflow-templates/auto-assign-project-to-issue.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow-templates/auto-assign-project-to-issue.yml b/workflow-templates/auto-assign-project-to-issue.yml index a74b503e..d15004ab 100644 --- a/workflow-templates/auto-assign-project-to-issue.yml +++ b/workflow-templates/auto-assign-project-to-issue.yml @@ -20,4 +20,4 @@ jobs: ISSUE_TITLE: ${{ github.event.issue.title }} run: | echo "▶ Triggered by issue #${{ github.event.issue.number }}: $ISSUE_TITLE" - echo "▶ Added to Project #${{ vars.PROJECT }} (beta)" \ No newline at end of file + echo "▶ Added to Project #${{ vars.PROJECT }} (beta)"