From bcd82fdc06db75b90f55ee9b466f0738e22dba92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Palencs=C3=A1r?= Date: Wed, 18 Jun 2025 19:01:29 +0200 Subject: [PATCH] Fix GitHub Actions workflow: Update CodeQL to v3, add permissions, replace deprecated release action --- .github/workflows/ci-cd.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 5e5a591..c61df98 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -197,6 +197,8 @@ jobs: name: Security Scanning runs-on: ubuntu-latest needs: lint + permissions: + security-events: write steps: - name: Checkout code @@ -211,7 +213,7 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' @@ -221,6 +223,8 @@ jobs: runs-on: ubuntu-latest needs: [test-ubuntu, test-centos, security-scan] if: github.ref == 'refs/heads/main' && github.event_name == 'push' + permissions: + contents: write steps: - name: Checkout code @@ -241,12 +245,10 @@ jobs: git log ${{ steps.get_tag.outputs.latest_tag }}..HEAD --pretty=format:"- %s (%h)" >> CHANGELOG_RELEASE.md - name: Create Release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: softprops/action-gh-release@v2 with: tag_name: v${{ github.run_number }} - release_name: Release v${{ github.run_number }} + name: Release v${{ github.run_number }} body_path: CHANGELOG_RELEASE.md draft: false prerelease: false