Fix GitHub Actions workflow: Update CodeQL to v3, add permissions, replace deprecated release action

This commit is contained in:
Sebastian Palencsár
2025-06-18 19:01:29 +02:00
parent 0482103204
commit bcd82fdc06

View File

@@ -197,6 +197,8 @@ jobs:
name: Security Scanning
runs-on: ubuntu-latest
needs: lint
permissions:
security-events: write
steps:
- name: Checkout code
@@ -211,7 +213,7 @@ jobs:
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
@@ -221,6 +223,8 @@ jobs:
runs-on: ubuntu-latest
needs: [test-ubuntu, test-centos, security-scan]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
permissions:
contents: write
steps:
- name: Checkout code
@@ -241,12 +245,10 @@ jobs:
git log ${{ steps.get_tag.outputs.latest_tag }}..HEAD --pretty=format:"- %s (%h)" >> CHANGELOG_RELEASE.md
- name: Create Release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ github.run_number }}
release_name: Release v${{ github.run_number }}
name: Release v${{ github.run_number }}
body_path: CHANGELOG_RELEASE.md
draft: false
prerelease: false