Merge branch 'main' into dependabot/github_actions/step-security/harden-runner-2.14.0

Author: bgn42

.github/workflows/ci.yml

@@ -56,7 +56,7 @@ jobs:
         run: sudo apt-get update && sudo apt-get install libxml2-utils
 
       - name: Archive tpip report
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: tpip-report
           path: ./build/cpackget-ubuntu-amd64.txt
@@ -80,7 +80,7 @@ jobs:
           egress-policy: audit
 
       - name: Download Artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           path: artifacts
 

.github/workflows/codeql.yml

@@ -49,7 +49,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v3.29.5
+        uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v3.29.5
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality
@@ -59,6 +59,6 @@ jobs:
           go build -o cpackget ./cmd
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v3.29.5
+        uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v3.29.5
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/release.yml

@@ -32,7 +32,7 @@ jobs:
           egress-policy: audit
 
       - name: Download test results
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           pattern: test-results-*
           path: testreport/

.github/workflows/scorecard.yml

@@ -63,14 +63,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v3.29.5
+        uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/tpip-check.yml

@@ -48,7 +48,7 @@ jobs:
         working-directory: ./cmd
 
       - name: Archive tpip report
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: tpip-report
           path: ./${{ env.report_name }}
@@ -82,12 +82,12 @@ jobs:
           ref: ${{ github.event.pull_request.head.ref }}
 
       - name: Restore Changes
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: tpip-report
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
         with:
           commit-message: Update TPIP report
           title: ':robot: [TPIP] Automated report updates'

cmd/installer/root.go

@@ -900,19 +900,21 @@ func UpdateInstalledPDSCFiles(pidxXML, cidxXML *xml.PidxXML, updatePrivatePdsc,
 func UpdatePublicIndexIfOnline() error {
 	// If public index already exists then first check if online, then its timestamp
 	// if we are online and it is too old then download a current version
+
 	if utils.FileExists(Installation.PublicIndex) {
 		err := utils.CheckConnection(ConnectionTryURL, 0)
 		if err != nil && errors.Unwrap(err) != errs.ErrOffline {
-			return err
+			log.Warnf("Cannot check for public index update: %v", err)
 		}
 		if errors.Unwrap(err) != errs.ErrOffline {
 			var updateConf updateCfg
-			err = Installation.checkUpdateCfg(&updateConf)
+			err = Installation.checkUpdateCfg(&updateConf, true)
 			if err != nil {
 				UnlockPackRoot()
 				err1 := UpdatePublicIndex(ActualPublicIndex, false, false, false, false, false, 0, 0)
 				if err1 != nil {
-					return err1
+					log.Warnf("Cannot update public index: %v", err1)
+					return nil
 				}
 				_ = Installation.updateUpdateCfg(&updateConf)
 			}
@@ -925,7 +927,8 @@ func UpdatePublicIndexIfOnline() error {
 		UnlockPackRoot()
 		err1 := UpdatePublicIndex(ActualPublicIndex, false, false, false, false, false, 0, 0)
 		if err1 != nil {
-			return err1
+			log.Warnf("Cannot update public index: %v", err1)
+			return nil
 		}
 		var updateConf updateCfg
 		updateConf.Auto = true
@@ -1385,9 +1388,9 @@ func ListInstalledPacks(listCached, listPublic, listUpdates, listRequirements, t
 // 1.2.1. if pack's pdsc file not found in Installation.LocalDir then raise errs.ErrPackURLCannotBeFound
 // 1.2.2. read .Local/PDSC file into pdscXML
 // 1.2.3. releastTag = pdscXML.FindReleaseTagByVersion(pack.Version)
-// 1.2.3. if releaseTag == nil then raise ErrPackVersionNotFoundInPdsc
-// 1.2.4. if releaseTag.URL != "", return releaseTag.URL
-// 1.2.5. return pdscTag.URL + pack.Vendor + "." + pack.Name + "." + pack.Version + ".pack"
+// 1.2.4. if releaseTag == nil then raise ErrPackVersionNotFoundInPdsc
+// 1.2.5. if releaseTag.URL != "", return releaseTag.URL
+// 1.2.6. return pdscTag.URL + pack.Vendor + "." + pack.Name + "." + pack.Version + ".pack"
 //
 // The function resolves the version modifier to determine the correct version of the pack to fetch.
 // It then checks the release tag for the specified version and returns the URL if found.
@@ -1747,14 +1750,18 @@ type updateCfg struct {
 // Parameters:
 //   - conf (*updateCfg): A pointer to the updateCfg structure that will be populated
 //     with the parsed configuration values.
+//   - WarningInsteadOfErrors (bool): A flag indicating whether to log warnings instead of returning errors.
 //
 // Returns:
 //   - error: An error is returned if the "update.cfg" file cannot be opened, if the
 //     "Date" field cannot be parsed, or if the timestamp in the "Date" field is older
 //     than 24 hours. If no errors occur, nil is returned.
-func (p *PacksInstallationType) checkUpdateCfg(conf *updateCfg) error {
+func (p *PacksInstallationType) checkUpdateCfg(conf *updateCfg, WarningInsteadOfErrors bool) error {
 	f, err := os.Open(filepath.Join(p.WebDir, "update.cfg"))
 	if err != nil {
+		if WarningInsteadOfErrors {
+			log.Debugf("Could not open update.cfg: %v", err)
+		}
 		return err
 	}
 	defer f.Close()