update GitHub Security Alerts for JIRA workflow (#103)

uchinda-sph · web-flow · commit 2880814df55a · 2024-08-07T14:04:27.000+08:00
* update GitHub Security Alerts for JIRA workflow

* Update the workflow versions
diff --git a/.github/workflows/aqua-security.yaml b/.github/workflows/aqua-security.yaml
@@ -101,7 +101,7 @@ jobs:
       contents: read
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set Variable
       id: set-vars
@@ -116,7 +116,7 @@ jobs:
       shell: bash
 
     - name: Configure aws credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         role-skip-session-tagging: true
         role-to-assume: ${{ inputs.aws_iam_role_arn }}
@@ -133,7 +133,7 @@ jobs:
       if: ${{ (inputs.docker_tag_name =='') && (inputs.ecr_image_name !='') && (inputs.aws_account_id != '') }}
 
     - name: Docker Build and Push
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v6
       with:
         context: ${{ inputs.docker_file_context }}
         file: ${{ inputs.docker_file }}
diff --git a/.github/workflows/fortify-android.yaml b/.github/workflows/fortify-android.yaml
@@ -52,7 +52,7 @@ jobs:
     steps:
       # Check out source code
       - name: Check Out Source Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Fetch at least the immediate parents so that if this is a pull request then we can checkout the head.
           fetch-depth: 2
@@ -111,7 +111,7 @@ jobs:
 
       ### Clean up of build folder
       - name: Save sourceanalyzer Logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         if: failure()
         with:
            name: scancentral-logs
diff --git a/.github/workflows/fortify-sarif-export.yaml b/.github/workflows/fortify-sarif-export.yaml
@@ -41,13 +41,14 @@ jobs:
     steps:
       # Check out source code
       - name: Check Out Source Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Fetch at least the immediate parents so that if this is a pull request then we can checkout the head.
           fetch-depth: 2
       - name: Setup Java
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v4
         with:
+          distribution: zulu
           java-version: 11
       # Pull SAST issues from Fortify on Demand and generate GitHub-optimized SARIF output
       - name: Export Results
diff --git a/.github/workflows/fortify.yaml b/.github/workflows/fortify.yaml
@@ -54,7 +54,7 @@ jobs:
     steps:
       # Check out source code
       - name: Check Out Source Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Fetch at least the immediate parents so that if this is a pull request then we can checkout the head.
           fetch-depth: 2
@@ -66,8 +66,9 @@ jobs:
       # Java version to use depends on the Java version required to run your build (if any),
       # and the Java version supported by the ScanCentral Client version that you are running
       - name: Setup Java
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v4
         with:
+          distribution: zulu
           java-version: 11
 
       ### Set up Fortify ScanCentral Client ###
@@ -93,7 +94,7 @@ jobs:
 
       ### Archive ScanCentral Client logs on failure ###
       - name: Save ScanCentral Logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         if: failure()
         with:
            name: scancentral-logs
diff --git a/.github/workflows/github-security-alerts-jira.yaml b/.github/workflows/github-security-alerts-jira.yaml
@@ -51,7 +51,7 @@ jobs:
       - ${{ inputs.runner_label }}
     steps:
       - name: "Sync Security Alerts to JIRA Issues"
-        uses: reload/github-security-jira@v1.3.1
+        uses: reload/github-security-jira@v1.5.0
         env:
           GH_SECURITY_TOKEN: ${{ secrets.ORG_GITHUB_TOKEN }}
           JIRA_TOKEN: ${{ secrets.JIRA_TOKEN }}
diff --git a/.github/workflows/meta.yaml b/.github/workflows/meta.yaml
@@ -9,7 +9,7 @@ jobs:
   actionlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - uses: reviewdog/action-actionlint@v1
         if: github.event_name == 'pull_request'
       - name: Check workflow files
diff --git a/.github/workflows/package-creation-ecr.yaml b/.github/workflows/package-creation-ecr.yaml
@@ -46,10 +46,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-skip-session-tagging: true
           role-to-assume: ${{ inputs.iam_role_arn }}
@@ -69,7 +69,7 @@ jobs:
         uses: docker/setup-buildx-action@v2
 
       - name: Build and push Docker mutable image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           REPOSITORY: ${{ inputs.ecr_repository }}
@@ -82,7 +82,7 @@ jobs:
         if: inputs.tag_mutability
 
       - name: Build and push Docker immutable image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           REPOSITORY: ${{ inputs.ecr_repository }}
diff --git a/.github/workflows/postman-integration-testing.yml b/.github/workflows/postman-integration-testing.yml
@@ -42,7 +42,7 @@ jobs:
         node-version: [18.x]
     steps:
       - name: Checkout newshub-postman collection
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ${{inputs.repository_name}}
           ref: ${{inputs.repository_branch}} # main branch uses the github.ref_name
diff --git a/.github/workflows/prisma.yaml b/.github/workflows/prisma.yaml
@@ -45,7 +45,7 @@ jobs:
 
     steps:
       - name: Check out the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup image tag
         run: |
@@ -60,7 +60,7 @@ jobs:
         uses: docker/setup-buildx-action@v2
 
       - name: Build the image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           push: false
           load: true
@@ -72,7 +72,7 @@ jobs:
         if: inputs.action_cache != true
 
       - name: Build the image with cache
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           push: false
           load: true
diff --git a/.github/workflows/sonarqube.yaml b/.github/workflows/sonarqube.yaml
@@ -26,7 +26,7 @@ jobs:
       - ${{ inputs.default_runner_override_label }}
       - ${{ inputs.runner_label }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - uses: sonarsource/sonarqube-scan-action@master
