Merge branch 'master' into snyk-fix-45d3403fd6f31504b9fecc3f6229857d

yurake · Sep 15, 2024 · 91c9501 · 91c9501
2 parents 4fbe345 + afdb0c9
commit 91c9501
Show file tree

Hide file tree

Showing 145 changed files with 1,098 additions and 1,359 deletions.
diff --git a/.github/pr-labeler.yml b/.github/pr-labeler.yml
@@ -1,23 +1,37 @@
+# Directory pattern
 cicd:
-  - .github/**/*
+  - changed-files:
+      - any-glob-to-any-file: .github/**/*
 docs:
-  - docs/**/*
-  - "**/*.md"
+  - changed-files:
+      - any-glob-to-any-file: 
+          - docs/**/*
+          - "**/*.md"
 github-action:
-  - .github/**/*
+  - changed-files:
+      - any-glob-to-any-file:  .github/**/*
 java:
-  - application/**/*
-  - "**/*.java"
+  - changed-files:
+      - any-glob-to-any-file:
+          - application/**/*
+          - "**/*.java"
 javascript:
-  - application/**/*.js
-  - "**/*.js"
+  - changed-files:
+      - any-glob-to-any-file: 
+          - application/**/*.js
+          - "**/*.js"
 kubernetes:
-  - kubernetes/**/*
+  - changed-files:
+      - any-glob-to-any-file: kubernetes/**/*
 quarkus:
-  - application/*-quarkus/*
+  - changed-files:
+      - any-glob-to-any-file: application/*-quarkus/*
 docker:
-  - "**/Dockerfile"
+  - changed-files:
+      - any-glob-to-any-file: "**/Dockerfile"
 kind:
-  - "**/kind-*"
+  - changed-files:
+      - any-glob-to-any-file: "**/kind-*"
 minikube:
-  - "**/minikube-*"
+  - changed-files:
+      - any-glob-to-any-file:  "**/minikube-*"
diff --git a/.github/workflows/cancel-workflow.yml b/.github/workflows/cancel-workflow.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Cancel Previous Runs
-        uses: styfle/cancel-workflow-action@0.11.0
+        uses: styfle/cancel-workflow-action@0.12.1
         with:
           access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: cancel running workflows

diff --git a/.github/workflows/check-for-update.yml b/.github/workflows/check-for-update.yml
@@ -9,7 +9,7 @@ jobs:
   minikube-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.7
       - name: check minikube version
         working-directory: ./.github/workflows
         run: |
@@ -55,7 +55,7 @@ jobs:
           sed -i -e "s/$SOURCE_DOC_VERSION/$TARGET_MINIKUBE_VERSION/g" ../../README.md
       - name: Add, commit, push, and create PR
         if: env.UNMATCH_VERSION == 'true' && env.BRANCH_IS_EXISTING == 'false'
-        uses: peter-evans/[email protected].2
+        uses: peter-evans/[email protected].3
         with:
           token: ${{ secrets.PAT_GITHUB_ACTION_WORKFLOW }}
           branch: actions/check-for-update-minikube
@@ -67,7 +67,7 @@ jobs:
   kubernetes-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.7
       - name: check kubernetes version
         working-directory: ./.github/workflows
         run: |
@@ -113,7 +113,7 @@ jobs:
           sed -i -e "s/$SOURCE_DOC_VERSION/$TARGET_KUBERNETES_VERSION/g" ../../README.md
       - name: Add, commit, push, and create PR
         if: env.UNMATCH_VERSION == 'true' && env.BRANCH_IS_EXISTING == 'false'
-        uses: peter-evans/[email protected].2
+        uses: peter-evans/[email protected].3
         with:
           token: ${{ secrets.PAT_GITHUB_ACTION_WORKFLOW }}
           branch: actions/check-for-update-kubernetes
@@ -125,7 +125,7 @@ jobs:
   chaos-mesh-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.7
       - name: check current chaos-mesh version
         working-directory: ./.github/workflows
         run: |
@@ -163,7 +163,7 @@ jobs:
           sed -i -e "s/$SOURCE_DOC_VERSION/$TARGET_VERSION/g" ../../README.md
       - name: Add, commit, push, and create PR
         if: env.UNMATCH_VERSION == 'true' && env.BRANCH_IS_EXISTING == 'false'
-        uses: peter-evans/[email protected].2
+        uses: peter-evans/[email protected].3
         with:
           token: ${{ secrets.PAT_GITHUB_ACTION_WORKFLOW }}
           branch: actions/check-for-update-chaos-mesh
@@ -175,7 +175,7 @@ jobs:
   quarkus-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.7
       - name: check current quarkus version
         run: |
           echo "SOURCE_VERSION=$(grep "Quarkus Version" README.md | cut -d '-' -f 2)" >> $GITHUB_ENV
@@ -208,7 +208,7 @@ jobs:
           sed -i -e "s/$SOURCE_VERSION/$TARGET_VERSION/g" README.md
       - name: Add, commit, push, and create PR
         if: env.UNMATCH_VERSION == 'true' && env.BRANCH_IS_EXISTING == 'false'
-        uses: peter-evans/[email protected].2
+        uses: peter-evans/[email protected].3
         with:
           token: ${{ secrets.PAT_GITHUB_ACTION_WORKFLOW }}
           branch: actions/check-for-update-quarkus

diff --git a/.github/workflows/cis-dockerfile-benchmark.yml b/.github/workflows/cis-dockerfile-benchmark.yml
@@ -11,7 +11,7 @@ jobs:
   validation:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.7
       - name: Sysdig CIS Dockerfile Benchmark
         uses: sysdiglabs/[email protected]
         with:

diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
@@ -34,11 +34,11 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.7
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@240c610b1b65402cda39c6355968ef50aa2c07ba
+        uses: codacy/codacy-analysis-cli-action@09916000460adeeedc96b9704f86deba53e2ad5d
         with:
           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
           # You can also omit the token and run the tools that support default configurations

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -40,7 +40,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.7
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

diff --git a/.github/workflows/cypress-ci.yml b/.github/workflows/cypress-ci.yml
@@ -13,8 +13,8 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
-      - uses: bahmutov/npm-install@v1.8.34
+        uses: actions/checkout@v4.1.7
+      - uses: bahmutov/npm-install@v1.10.2
         with:
           working-directory: kubernetes/monitoring/test/cypress
       - name: Cypress run

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -15,6 +15,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.7
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3.1.4
+        uses: actions/dependency-review-action@v4.3.4
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
@@ -21,10 +21,10 @@ jobs:
       security-events: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.7
 
       - name: Run DevSkim scanner
-        uses: microsoft/[email protected].10
+        uses: microsoft/[email protected].14
 
       - name: Upload DevSkim scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2

diff --git a/.github/workflows/docker-image-ci.yml b/.github/workflows/docker-image-ci.yml
@@ -21,13 +21,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.7
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2.9.1
+        uses: docker/setup-buildx-action@v2.10.0
 
       - name: Cache Docker layers
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.2
         with:
           path: /tmp/.buildx-cache
           key: ${{ github.ref }}-${{ github.sha }}
@@ -59,7 +59,7 @@ jobs:
         run: docker login -u $DOCKERHUB_USER -p $DOCKERHUB_PASS
 
       - name: Build and push - nginx
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/nginx
           push: ${{ env.PUSH }}
@@ -72,7 +72,7 @@ jobs:
 
       - name: Run Snyk to check Docker image for vulnerabilities - nginx
         continue-on-error: true
-        uses: snyk/actions/docker@299cde98a08ff8b1c2bfde1e5a067bce67a6d2b8
+        uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
@@ -82,7 +82,7 @@ jobs:
         run: mv snyk.sarif nginx.sarif
 
       - name: Build and push - mysql
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/mysql
           push: ${{ env.PUSH }}
@@ -95,7 +95,7 @@ jobs:
 
       - name: Run Snyk to check Docker image for vulnerabilities - mysql
         continue-on-error: true
-        uses: snyk/actions/docker@299cde98a08ff8b1c2bfde1e5a067bce67a6d2b8
+        uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
@@ -105,7 +105,7 @@ jobs:
         run: mv snyk.sarif mysql.sarif
 
       - name: Build and push - postgres
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/postgres
           push: ${{ env.PUSH }}
@@ -118,7 +118,7 @@ jobs:
 
       - name: Run Snyk to check Docker image for vulnerabilities - postgres
         continue-on-error: true
-        uses: snyk/actions/docker@299cde98a08ff8b1c2bfde1e5a067bce67a6d2b8
+        uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
@@ -128,7 +128,7 @@ jobs:
         run: mv snyk.sarif postgres.sarif
 
       - name: Build and push - mongodb
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/mongodb
           push: ${{ env.PUSH }}
@@ -141,7 +141,7 @@ jobs:
 
       - name: Run Snyk to check Docker image for vulnerabilities - mongodb
         continue-on-error: true
-        uses: snyk/actions/docker@299cde98a08ff8b1c2bfde1e5a067bce67a6d2b8
+        uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
@@ -151,7 +151,7 @@ jobs:
         run: mv snyk.sarif mongodb.sarif
 
       - name: Build and push - cassandra
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/cassandra
           push: ${{ env.PUSH }}
@@ -164,7 +164,7 @@ jobs:
 
       - name: Run Snyk to check Docker image for vulnerabilities - cassandra
         continue-on-error: true
-        uses: snyk/actions/docker@299cde98a08ff8b1c2bfde1e5a067bce67a6d2b8
+        uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
@@ -174,7 +174,7 @@ jobs:
         run: mv snyk.sarif cassandra.sarif
 
       - name: Build and push - rabbitmq
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/rabbitmq
           push: ${{ env.PUSH }}
@@ -187,7 +187,7 @@ jobs:
 
       - name: Run Snyk to check Docker image for vulnerabilities - rabbitmq
         continue-on-error: true
-        uses: snyk/actions/docker@299cde98a08ff8b1c2bfde1e5a067bce67a6d2b8
+        uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
@@ -197,7 +197,7 @@ jobs:
         run: mv snyk.sarif rabbitmq.sarif
 
       - name: Build and push - jenkins
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/monitoring/jenkins
           push: ${{ env.PUSH }}
@@ -209,7 +209,7 @@ jobs:
           cache-to: type=local,dest=/tmp/.buildx-cache
 
       - name: Build and push - ab
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/monitoring/test/ab
           push: ${{ env.PUSH }}
@@ -222,7 +222,7 @@ jobs:
 
       - name: Run Snyk to check Docker image for vulnerabilities - ab
         continue-on-error: true
-        uses: snyk/actions/docker@299cde98a08ff8b1c2bfde1e5a067bce67a6d2b8
+        uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
@@ -232,7 +232,7 @@ jobs:
         run: mv snyk.sarif ab.sarif
 
       - name: Build and push - postmannewman-quarkus
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v4.2.1
         with:
           context: ./kubernetes/monitoring/test/postmannewman/quarkus
           push: ${{ env.PUSH }}
@@ -245,7 +245,7 @@ jobs:
 
       - name: Run Snyk to check Docker image for vulnerabilities - postmannewman-quarkus
         continue-on-error: true
-        uses: snyk/actions/docker@299cde98a08ff8b1c2bfde1e5a067bce67a6d2b8
+        uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with: