diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9062e1e..c307e41 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,7 +40,7 @@ jobs: lib: wamr4j_native.dll runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive @@ -53,7 +53,7 @@ jobs: run: sudo apt-get update && sudo apt-get install -y cmake - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/registry @@ -70,7 +70,7 @@ jobs: cd wamr4j-native cargo build --release --target ${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: native-${{ matrix.platform }} path: wamr4j-native/.cargo-target/${{ matrix.target }}/release/${{ matrix.lib }} @@ -82,15 +82,15 @@ jobs: name: Code Quality runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '22' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-quality-${{ hashFiles('**/pom.xml') }} @@ -146,22 +146,22 @@ jobs: java: '23' runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: ${{ matrix.java }} distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-test-${{ matrix.java }}-${{ hashFiles('**/pom.xml') }} restore-keys: m2-test- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-${{ matrix.platform }} path: wamr4j-native/src/main/resources/META-INF/native/${{ matrix.platform }}/ @@ -207,7 +207,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: test-results-${{ matrix.platform }}-java${{ matrix.java }} path: '**/target/surefire-reports/' diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index fb0fe07..b1a270e 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -44,7 +44,7 @@ jobs: name: Rust Fuzz Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive @@ -66,7 +66,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-crashes-smoke path: wamr4j-native/fuzz/artifacts/ @@ -78,11 +78,11 @@ jobs: name: Java Fuzz Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: '17' @@ -113,7 +113,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: java-fuzz-crashes-smoke path: wamr4j-tests/fuzz/**/hs_err_*.log @@ -134,7 +134,7 @@ jobs: - error_message - ffi_roundtrip steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive @@ -146,7 +146,7 @@ jobs: sudo apt-get update && sudo apt-get install -y cmake - name: Cache fuzz corpus - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: wamr4j-native/fuzz/corpus/${{ matrix.target }} key: fuzz-corpus-${{ matrix.target }}-${{ github.sha }} @@ -178,14 +178,14 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-crashes-${{ matrix.target }} path: wamr4j-native/fuzz/artifacts/${{ matrix.target }}/ if-no-files-found: ignore - name: Upload updated corpus - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-corpus-${{ matrix.target }} path: wamr4j-native/fuzz/corpus/${{ matrix.target }}/ @@ -197,11 +197,11 @@ jobs: name: Java Fuzz Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: '17' @@ -241,7 +241,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: java-fuzz-crashes path: wamr4j-tests/fuzz/**/hs_err_*.log @@ -256,7 +256,7 @@ jobs: issues: write steps: - name: Create issue for crashes - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const today = new Date().toISOString().split('T')[0]; diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b91ed53..919303e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,7 +35,7 @@ jobs: lib: wamr4j_native.dll runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive @@ -48,7 +48,7 @@ jobs: run: sudo apt-get update && sudo apt-get install -y cmake - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/registry @@ -65,7 +65,7 @@ jobs: cd wamr4j-native cargo build --release --target ${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: native-${{ matrix.platform }} path: wamr4j-native/.cargo-target/${{ matrix.target }}/release/${{ matrix.lib }} @@ -106,22 +106,22 @@ jobs: java: '23' runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: ${{ matrix.java }} distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-test-${{ matrix.java }}-${{ hashFiles('**/pom.xml') }} restore-keys: m2-test- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-${{ matrix.platform }} path: wamr4j-native/src/main/resources/META-INF/native/${{ matrix.platform }}/ @@ -167,22 +167,22 @@ jobs: needs: build-native runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '17' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-quality-${{ hashFiles('**/pom.xml') }} restore-keys: m2-quality- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-linux-x86_64 path: wamr4j-native/src/main/resources/META-INF/native/linux-x86_64/ @@ -215,9 +215,9 @@ jobs: contents: write packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' @@ -253,7 +253,7 @@ jobs: echo "All required secrets are configured" - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-publish-${{ hashFiles('**/pom.xml') }} @@ -261,22 +261,22 @@ jobs: # Download all native libraries into resource directories - name: Download linux-x86_64 - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-linux-x86_64 path: wamr4j-native/src/main/resources/META-INF/native/linux-x86_64/ - name: Download linux-aarch64 - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-linux-aarch64 path: wamr4j-native/src/main/resources/META-INF/native/linux-aarch64/ - name: Download darwin-aarch64 - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-darwin-aarch64 path: wamr4j-native/src/main/resources/META-INF/native/darwin-aarch64/ - name: Download windows-x86_64 - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-windows-x86_64 path: wamr4j-native/src/main/resources/META-INF/native/windows-x86_64/ @@ -365,7 +365,7 @@ jobs: done - name: Create GitHub Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@v3 with: generate_release_notes: true files: | diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 091eb9d..e5758da 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -19,7 +19,7 @@ jobs: name: Cargo Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable @@ -35,15 +35,15 @@ jobs: name: OWASP Dependency Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-security-${{ hashFiles('**/pom.xml') }} @@ -59,7 +59,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: dependency-check-report path: '**/target/dependency-check-report.html' @@ -72,15 +72,15 @@ jobs: permissions: security-events: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: java @@ -88,19 +88,19 @@ jobs: run: ./mvnw compile -B -pl wamr4j,wamr4j-jni,wamr4j-panama -P skip-native -DskipTests -am - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 # Secret scanning secret-scan: name: Secret Scanning runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Run TruffleHog - uses: trufflesecurity/trufflehog@v3.88.0 + uses: trufflesecurity/trufflehog@v3.95.3 with: path: ./ base: ${{ github.event.pull_request.base.sha || 'HEAD~1' }} @@ -112,9 +112,9 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' @@ -122,7 +122,7 @@ jobs: - name: Generate SBOM run: ./mvnw org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -B -pl '!wamr4j-native' - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: sbom path: target/bom.xml diff --git a/.github/workflows/wamr-upstream-watch.yml b/.github/workflows/wamr-upstream-watch.yml index ef606e0..1f26158 100644 --- a/.github/workflows/wamr-upstream-watch.yml +++ b/.github/workflows/wamr-upstream-watch.yml @@ -14,7 +14,7 @@ jobs: name: Check upstream WAMR release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Compare versions and manage tracking issue env: