diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 834483b..cbda539 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: name: Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 - run: cargo check --workspace @@ -24,7 +24,7 @@ jobs: name: Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 - run: cargo test --workspace @@ -33,7 +33,7 @@ jobs: name: Format runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable with: components: rustfmt @@ -43,7 +43,7 @@ jobs: name: Clippy runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable with: components: clippy @@ -54,11 +54,11 @@ jobs: name: Build Release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 - run: cargo build --release --workspace - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v5 with: name: conative-cli path: target/release/conative diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3f4201b..8e47242 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,19 +17,19 @@ jobs: matrix: language: ['javascript', 'python', 'go', 'java', 'ruby'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} queries: +security-and-quality continue-on-error: true - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 continue-on-error: true - name: Perform Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 continue-on-error: true diff --git a/.github/workflows/comprehensive-quality.yml b/.github/workflows/comprehensive-quality.yml index eca6f0b..4e4cad5 100644 --- a/.github/workflows/comprehensive-quality.yml +++ b/.github/workflows/comprehensive-quality.yml @@ -11,7 +11,7 @@ jobs: dependability: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check test coverage run: | echo "Checking for test files..." @@ -30,7 +30,7 @@ jobs: security: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Secret scanning uses: trufflesecurity/trufflehog@main continue-on-error: true @@ -50,7 +50,7 @@ jobs: interoperability: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check API specs run: | if [ -f "openapi.yaml" ] || [ -f "openapi.json" ]; then @@ -67,7 +67,7 @@ jobs: validation: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for validation patterns run: | VALIDATION=$(grep -rE "validate|sanitize|Schema|Validator" --include="*.rs" --include="*.res" --include="*.ex" . 2>/dev/null | wc -l || echo "0") @@ -81,7 +81,7 @@ jobs: contents: read attestations: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Generate SBOM run: | echo "SBOM generation would run here" @@ -97,7 +97,7 @@ jobs: verification: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check SPARK proofs run: | if find . -name "*.ads" | grep -q .; then @@ -113,7 +113,7 @@ jobs: functionality: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check TODOs and FIXMEs run: | echo "=== Incomplete items ===" @@ -126,7 +126,7 @@ jobs: performance: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for benchmarks run: | BENCHES=$(find . -name "*bench*" -o -name "*perf*" | wc -l) @@ -143,7 +143,7 @@ jobs: runs-on: ubuntu-latest if: hashFiles('**/*.html') != '' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: HTML accessibility check run: | echo "Checking for a11y attributes..." @@ -157,7 +157,7 @@ jobs: license: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check license files run: | if [ -f "LICENSE" ] || [ -f "LICENSE.txt" ] || [ -f "LICENSE.md" ]; then @@ -175,7 +175,7 @@ jobs: documentation: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check docs completeness run: | DOCS="" diff --git a/.github/workflows/guix-nix-policy.yml b/.github/workflows/guix-nix-policy.yml index a776006..6771253 100644 --- a/.github/workflows/guix-nix-policy.yml +++ b/.github/workflows/guix-nix-policy.yml @@ -4,7 +4,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Enforce Guix primary / Nix fallback run: | # Check for package manager files diff --git a/.github/workflows/language-guard.yml b/.github/workflows/language-guard.yml index 3dcd22f..98f6919 100644 --- a/.github/workflows/language-guard.yml +++ b/.github/workflows/language-guard.yml @@ -16,7 +16,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for forbidden languages run: | diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index eb78d2c..c1a7b7a 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -5,7 +5,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check file permissions run: | @@ -35,7 +35,7 @@ jobs: docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check documentation run: | MISSING="" diff --git a/.github/workflows/rsr-antipattern.yml b/.github/workflows/rsr-antipattern.yml index ac08939..e6ce6a0 100644 --- a/.github/workflows/rsr-antipattern.yml +++ b/.github/workflows/rsr-antipattern.yml @@ -16,7 +16,7 @@ jobs: antipattern-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for TypeScript run: | diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 2c0841a..5751dc5 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -8,7 +8,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable with: components: rustfmt, clippy @@ -29,7 +29,7 @@ jobs: security: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable - name: Install cargo-audit run: cargo install cargo-audit @@ -41,12 +41,12 @@ jobs: coverage: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable - name: Install tarpaulin run: cargo install cargo-tarpaulin - name: Generate coverage run: cargo tarpaulin --out Xml - - uses: codecov/codecov-action@v3 + - uses: codecov/codecov-action@v5 with: files: cobertura.xml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a073b17..c1071e6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -14,17 +14,17 @@ jobs: security-events: write id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false - name: Run Scorecard - uses: ossf/scorecard-action@v2.3.1 + uses: ossf/scorecard-action@v2.4.3 with: results_file: results.sarif results_format: sarif - name: Upload results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: results.sarif diff --git a/.github/workflows/security-policy.yml b/.github/workflows/security-policy.yml index c20bbc7..a9d7c0f 100644 --- a/.github/workflows/security-policy.yml +++ b/.github/workflows/security-policy.yml @@ -4,7 +4,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Security checks run: | FAILED=false diff --git a/.github/workflows/wellknown-enforcement.yml b/.github/workflows/wellknown-enforcement.yml index 809d209..2108364 100644 --- a/.github/workflows/wellknown-enforcement.yml +++ b/.github/workflows/wellknown-enforcement.yml @@ -17,7 +17,7 @@ jobs: validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: RFC 9116 security.txt validation run: |