From 9e86feda26d25dded1615622888444d80d97b901 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 11:00:07 +0100 Subject: [PATCH 01/11] Adding test of push to gchr --- .github/workflows/publish.yaml | 43 ++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index e88b8ce..df2b35d 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -54,3 +54,46 @@ jobs: - run: npm publish env: NODE_AUTH_TOKEN: ${{secrets.npm_token}} + + + publish-github: + needs: build + runs-on: ubuntu-latest + env: + PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64 + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v1 + with: + node-version: 18 + registry-url: https://registry.npmjs.org/ + - uses: docker/setup-qemu-action@v3 + with: + platforms: all + - uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: latest + install: true + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: docker/metadata-action@v5 + id: metadata + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0.') }} + type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} + - uses: docker/build-push-action@v6 + id: build + with: + builder: ${{ steps.buildx.outputs.name }} + platforms: ${{ env.PLATFORMS }} + tags: ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max \ No newline at end of file From 6fc8d74bc132179e9a204bbcc90fd2bd8201880a Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 11:32:59 +0100 Subject: [PATCH 02/11] removing other ublish actions --- .github/workflows/publish.yaml | 56 +++++++++++++++++----------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index df2b35d..46d070f 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -25,35 +25,35 @@ jobs: - run: npm run lint-test - run: npm test - create-release: - needs: build - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: Create release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions - with: - tag_name: ${{ github.ref }} - release_name: ${{ github.ref }} - draft: false - prerelease: false + # create-release: + # needs: build + # runs-on: ubuntu-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v2 + # - name: Create release + # uses: actions/create-release@v1 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions + # with: + # tag_name: ${{ github.ref }} + # release_name: ${{ github.ref }} + # draft: false + # prerelease: false - publish-npm: - needs: build - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 - with: - node-version: 18 - registry-url: https://registry.npmjs.org/ - - run: npm ci - - run: npm publish - env: - NODE_AUTH_TOKEN: ${{secrets.npm_token}} + # publish-npm: + # needs: build + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v2 + # - uses: actions/setup-node@v1 + # with: + # node-version: 18 + # registry-url: https://registry.npmjs.org/ + # - run: npm ci + # - run: npm publish + # env: + # NODE_AUTH_TOKEN: ${{secrets.npm_token}} publish-github: From e305dc2947ff0940ef923381f3e52a7b72233a05 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 13:35:39 +0100 Subject: [PATCH 03/11] Trying a diferent ghcr upload --- .github/workflows/publish.yaml | 66 ++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 46d070f..724d707 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,6 +5,12 @@ on: tags: - 'v*' +env: + REGISTRY: ghcr.io + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + IMAGE_NAME: ${{ github.repository }} + jobs: build: @@ -62,38 +68,36 @@ jobs: env: PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64 steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 - with: - node-version: 18 - registry-url: https://registry.npmjs.org/ - - uses: docker/setup-qemu-action@v3 - with: - platforms: all - - uses: docker/setup-buildx-action@v3 - id: buildx - with: - version: latest - install: true - - uses: docker/login-action@v3 + - name: Image Metadata + id: image-metadata + uses: docker/metadata-action@v4 with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/metadata-action@v5 - id: metadata - with: - images: ghcr.io/${{ github.repository }} + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | + type=semver,pattern={{major}} + type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0.') }} - type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} - - uses: docker/build-push-action@v6 - id: build + + - name: Production Image Build + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + tags: ${{ steps.image-metadata.outputs.tags }} + labels: ${{ steps.image-metadata.outputs.labels }} + containerfiles: ./Dockerfile + platforms: linux/amd64,linux/arm64 + oci: true + # enable build layer caching between platforms + layers: true + # Webpack seems to use a lot of open files, increase the max open file limit to accomodate. + extra-args: | + --ulimit nofile=10000 + + - name: Publish to GHCR + uses: redhat-actions/push-to-registry@v2 with: - builder: ${{ steps.buildx.outputs.name }} - platforms: ${{ env.PLATFORMS }} - tags: ${{ steps.metadata.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max \ No newline at end of file + image: ${{ steps.build-image.outputs.image }} + tags: ${{ steps.build-image.outputs.tags }} + registry: ${{ env.REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} \ No newline at end of file From abb5f3275365d2c943caab6b4c29438baefe817d Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 13:48:37 +0100 Subject: [PATCH 04/11] lets tery again --- .github/workflows/publish.yaml | 51 +++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 23 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 724d707..7348dc0 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -62,12 +62,24 @@ jobs: # NODE_AUTH_TOKEN: ${{secrets.npm_token}} - publish-github: + publish-ghcr: needs: build runs-on: ubuntu-latest - env: - PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64 + permissions: + packages: write + contents: read + attestations: write + id-token: write steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + - name: Image Metadata id: image-metadata uses: docker/metadata-action@v4 @@ -78,26 +90,19 @@ jobs: type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{version}} - - name: Production Image Build - id: build-image - uses: redhat-actions/buildah-build@v2 + - name: Build and push Docker image + id: push + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 with: - tags: ${{ steps.image-metadata.outputs.tags }} - labels: ${{ steps.image-metadata.outputs.labels }} - containerfiles: ./Dockerfile - platforms: linux/amd64,linux/arm64 - oci: true - # enable build layer caching between platforms - layers: true - # Webpack seems to use a lot of open files, increase the max open file limit to accomodate. - extra-args: | - --ulimit nofile=10000 + context: . + file: ./Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} - - name: Publish to GHCR - uses: redhat-actions/push-to-registry@v2 + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - registry: ${{ env.REGISTRY }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} \ No newline at end of file + subject-name: index.docker.io/my-docker-hub-namespace/my-docker-hub-repository + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true \ No newline at end of file From 28475601abc7f14725d085adfe15ffb684289483 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 13:50:30 +0100 Subject: [PATCH 05/11] fixing typo --- .github/workflows/publish.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 7348dc0..12b3b8e 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -81,7 +81,7 @@ jobs: password: ${{ env.REGISTRY_PASSWORD }} - name: Image Metadata - id: image-metadata + id: meta uses: docker/metadata-action@v4 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} From 8f3ba957629d8f022b6d585d51b05bb2d803640e Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 13:55:55 +0100 Subject: [PATCH 06/11] fix to build registry step --- .github/workflows/publish.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 12b3b8e..202b1e9 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -103,6 +103,6 @@ jobs: - name: Generate artifact attestation uses: actions/attest-build-provenance@v2 with: - subject-name: index.docker.io/my-docker-hub-namespace/my-docker-hub-repository + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true \ No newline at end of file From 74c3445532f36387541e3628df8fa081b2f06726 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 14:01:59 +0100 Subject: [PATCH 07/11] added sbom --- .github/workflows/publish.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 202b1e9..45be4b2 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -105,4 +105,12 @@ jobs: with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + - name: Generate SBOM attestation + uses: actions/attest-sbom@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + sbom-path: 'sbom.json' push-to-registry: true \ No newline at end of file From 2959095a31d7659715e5d5ab7a96b5630a181a50 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 15:25:22 +0100 Subject: [PATCH 08/11] Adding many workflows --- .github/workflows/build.yaml | 23 ++++++++++ .github/workflows/codeql.yaml | 40 ++++++++++++++++++ .github/workflows/publish.yaml | 76 ++++++++++------------------------ .github/workflows/test.yaml | 20 +-------- .github/workflows/trivy.yaml | 47 +++++++++++++++++++++ 5 files changed, 133 insertions(+), 73 deletions(-) create mode 100644 .github/workflows/build.yaml create mode 100644 .github/workflows/codeql.yaml create mode 100644 .github/workflows/trivy.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..caec7b1 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,23 @@ +name: Build and test against applicable Node versions + +on: + workflow_call: + +jobs: + build: + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [18.x, 20.x] + + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm install + - run: npm run build --if-present + - run: npm run lint-test + - run: npm test \ No newline at end of file diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml new file mode 100644 index 0000000..2088860 --- /dev/null +++ b/.github/workflows/codeql.yaml @@ -0,0 +1,40 @@ +name: "CodeQL Analysis" + +on: + workflow_dispatch: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + types: [synchronize, opened, reopened] + schedule: + - cron: '22 17 * * 5' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" \ No newline at end of file diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 45be4b2..3913e1b 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,7 +1,9 @@ -name: Publish node.js package to npm whenever a tag is pushed to master +name: Create a release and publish image to ghcr whenever a version tag is pushed to master on: push: + branches: + - master tags: - 'v*' @@ -13,56 +15,28 @@ env: jobs: build: - + uses: ./.github/workflows/build.yaml + + create-release: + name: Create release + needs: build runs-on: ubuntu-latest - - strategy: - matrix: - node-version: [18.x, 20.x] - steps: - - uses: actions/checkout@v2 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - run: npm install - - run: npm run build --if-present - - run: npm run lint-test - - run: npm test - - # create-release: - # needs: build - # runs-on: ubuntu-latest - # steps: - # - name: Checkout code - # uses: actions/checkout@v2 - # - name: Create release - # uses: actions/create-release@v1 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions - # with: - # tag_name: ${{ github.ref }} - # release_name: ${{ github.ref }} - # draft: false - # prerelease: false - - # publish-npm: - # needs: build - # runs-on: ubuntu-latest - # steps: - # - uses: actions/checkout@v2 - # - uses: actions/setup-node@v1 - # with: - # node-version: 18 - # registry-url: https://registry.npmjs.org/ - # - run: npm ci - # - run: npm publish - # env: - # NODE_AUTH_TOKEN: ${{secrets.npm_token}} - + - name: Checkout code + uses: actions/checkout@v2 + - name: Create release + uses: comnoco/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions + with: + tag_name: ${{ github.ref }} + release_name: ${{ github.ref }} + body: "See the [CHANGELOG](https://github.com/gchq/CyberChef-server/blob/master/CHANGELOG.md) and [commit messages](https://github.com/gchq/CyberChef-server/commits/master) for details." + draft: false + prerelease: false publish-ghcr: + name: Publish image to ghcr needs: build runs-on: ubuntu-latest permissions: @@ -105,12 +79,4 @@ jobs: with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true - - - name: Generate SBOM attestation - uses: actions/attest-sbom@v1 - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - subject-digest: ${{ steps.push.outputs.digest }} - sbom-path: 'sbom.json' push-to-registry: true \ No newline at end of file diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b555466..343dc21 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,4 +1,4 @@ -name: Run lint and tests +name: Test PRs to Master on: pull_request: @@ -7,20 +7,4 @@ on: jobs: build: - - runs-on: ubuntu-latest - - strategy: - matrix: - node-version: [18.x, 20.x] - - steps: - - uses: actions/checkout@v1 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - run: npm install - - run: npm run build --if-present - - run: npm run lint-test - - run: npm test \ No newline at end of file + uses: ./.github/workflows/build.yaml \ No newline at end of file diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml new file mode 100644 index 0000000..6928ce0 --- /dev/null +++ b/.github/workflows/trivy.yaml @@ -0,0 +1,47 @@ +name: Trivy scan + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '22 2 * * 5' + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +permissions: + contents: read + +jobs: + build: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: Build + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Build an image from Dockerfile + run: | + docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} . + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe + with: + image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}' + format: 'template' + template: '@/contrib/sarif.tpl' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' From 911b22946c9abd663ac7c061ac56ba0d0e738dc6 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 15:33:51 +0100 Subject: [PATCH 09/11] converting to imnage name to lc for trivy --- .github/workflows/trivy.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index 6928ce0..6fb919d 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -28,9 +28,15 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + # docker image tags need to be lowercase so use this helper function to convert + - id: toLowerCase + uses: vishalmamidi/lowercase-action@v1 + with: + string: ${{ env.IMAGE_NAME }} + - name: Build an image from Dockerfile run: | - docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} . + docker build -t ${{ env.REGISTRY }}/${{ steps.toLowerCase.outputs.lowercase }}:${{ github.sha }} . - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe From 9e2413cf692375a38f0ef852f3aaed80ef01d4f9 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 15:36:00 +0100 Subject: [PATCH 10/11] forgot to reflect lc change acorss --- .github/workflows/trivy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index 6fb919d..393f5fc 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -41,7 +41,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe with: - image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}' + image-ref: '${{ env.REGISTRY }}/${{ steps.toLowerCase.outputs.lowercase }}:${{ github.sha }}' format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' From ba08301d61b6c1ef8a5c5ac67e5cf0a3de17575d Mon Sep 17 00:00:00 2001 From: GCHQDeveloper1138 <137898147+GCHQDeveloper1138@users.noreply.github.com> Date: Mon, 12 May 2025 15:43:37 +0100 Subject: [PATCH 11/11] updating codeql --- .github/workflows/codeql.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 2088860..de0c41b 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -30,11 +30,11 @@ jobs: uses: actions/checkout@v3 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" \ No newline at end of file