Merge branch 'master' into release50

Author: Julusian

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -8,6 +8,10 @@ body:
   - type: markdown
     attributes:
       value: |
+        Thanks for considering to post a Bug Report!
+        The Bug Reports are used to raise awareness of issues in the Sofie system,
+        and to help the community to collaborate in troubleshooting and fixing them.
+
         Before you post, be sure to read our Contribution guidelines:
         https://nrkno.github.io/sofie-core/docs/for-developers/contribution-guidelines
 
@@ -48,3 +52,12 @@ body:
         Examples:
         * This is a blocker for us, we cannot use feature X until this is fixed.
         * Not a big issue for us, but it would be nice to have this fixed.
+
+  - type: textarea
+    attributes:
+      label: Level of Involvement
+      description: Are you willing to contribute a fix for this yourself? Or are you just raising awareness?
+      placeholder: |
+        Examples:
+        * I am willing to contribute a fix for this - if I get some guidance on what might be wrong.
+        * Just raising awareness, I won't be able to contribute a fix myself.

.github/PULL-REQUEST-TEMPLATE.md

@@ -12,7 +12,7 @@ Example: "This pull request is posted on behalf of the NRK."
 
 ## Type of Contribution
 
-This is a: 
+This is a:
 <!-- (pick one) -->
 Bug fix / Feature / Code improvement / Documentation improvement / Other (please specify)
 
@@ -40,6 +40,16 @@ Examples:
 -->
 
 
+## Time Frame
+<!--
+Please provide a note about the urgency or development plan for this PR.
+Example:
+* This Bug Fix is critical for us, please review and merge it as soon as possible.
+* We intend to finish the development on this feature in two weeks time.
+* Not urgent, but we would like to get this merged into the in-development release.
+-->
+
+
 ## Other Information
 <!-- The more information you can provide, the easier the pull request will be to merge -->
 

.github/workflows/node.yaml

@@ -82,7 +82,9 @@ jobs:
           CI: true
       - name: Send coverage
         if: ((github.event_name == 'pull_request') && (!startsWith(github.head_ref, 'release'))) || ((github.event_name == 'push') && (!startsWith(github.ref_name, 'release')))
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   build-core:
     # TODO - should this be dependant on tests or something passing if we are on a tag?
@@ -229,7 +231,7 @@ jobs:
           echo "image=$image" >> $GITHUB_OUTPUT
       - name: Trivy scanning
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           image-ref: "${{ steps.trivy-image.outputs.image }}"
           format: "table"
@@ -378,7 +380,7 @@ jobs:
           echo "image=$image" >> $GITHUB_OUTPUT
       - name: Trivy scanning
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           image-ref: "${{ steps.trivy-image.outputs.image }}"
           format: "table"
@@ -509,7 +511,9 @@ jobs:
           CI: true
       - name: Send coverage
         if: (matrix.node-version == '16.x' || matrix.send-coverage == true) && ((github.event_name == 'pull_request') && ((!startsWith(github.head_ref, 'release'))) || ((github.event_name == 'push') && (!startsWith(github.ref_name, 'release'))))
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   publish-docs:
     name: Publish Docs

.github/workflows/trivy.yml

@@ -13,14 +13,14 @@ jobs:
         image: ["server-core", "playout-gateway", "mos-gateway"]
     steps:
       - name: Run Trivy vulnerability scanner (json)
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest
           format: json
           output: '${{ matrix.image }}-trivy-scan-results.json'
 
       - name: Run Trivy vulnerability scanner (table)
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest
           output: '${{ matrix.image }}-trivy-scan-results.txt'
@@ -36,7 +36,7 @@ jobs:
           echo $CODE_BLOCK >> $GITHUB_STEP_SUMMARY
 
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           format: 'github'
           output: 'dependency-results-${{ matrix.image }}.sbom.json'