diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 5e5a591..c61df98 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -197,6 +197,8 @@ jobs: name: Security Scanning runs-on: ubuntu-latest needs: lint + permissions: + security-events: write steps: - name: Checkout code @@ -211,7 +213,7 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' @@ -221,6 +223,8 @@ jobs: runs-on: ubuntu-latest needs: [test-ubuntu, test-centos, security-scan] if: github.ref == 'refs/heads/main' && github.event_name == 'push' + permissions: + contents: write steps: - name: Checkout code @@ -241,12 +245,10 @@ jobs: git log ${{ steps.get_tag.outputs.latest_tag }}..HEAD --pretty=format:"- %s (%h)" >> CHANGELOG_RELEASE.md - name: Create Release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: softprops/action-gh-release@v2 with: tag_name: v${{ github.run_number }} - release_name: Release v${{ github.run_number }} + name: Release v${{ github.run_number }} body_path: CHANGELOG_RELEASE.md draft: false prerelease: false