Fix GitHub Actions workflow: Update CodeQL to v3, add permissions, replace deprecated release action

This commit is contained in:
Sebastian Palencsár
2025-06-18 19:01:29 +02:00
parent 0482103204
commit bcd82fdc06

View File

@@ -197,6 +197,8 @@ jobs:
name: Security Scanning name: Security Scanning
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: lint needs: lint
permissions:
security-events: write
steps: steps:
- name: Checkout code - name: Checkout code
@@ -211,7 +213,7 @@ jobs:
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
if: always() if: always()
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
@@ -221,6 +223,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [test-ubuntu, test-centos, security-scan] needs: [test-ubuntu, test-centos, security-scan]
if: github.ref == 'refs/heads/main' && github.event_name == 'push' if: github.ref == 'refs/heads/main' && github.event_name == 'push'
permissions:
contents: write
steps: steps:
- name: Checkout code - name: Checkout code
@@ -241,12 +245,10 @@ jobs:
git log ${{ steps.get_tag.outputs.latest_tag }}..HEAD --pretty=format:"- %s (%h)" >> CHANGELOG_RELEASE.md git log ${{ steps.get_tag.outputs.latest_tag }}..HEAD --pretty=format:"- %s (%h)" >> CHANGELOG_RELEASE.md
- name: Create Release - name: Create Release
uses: actions/create-release@v1 uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: with:
tag_name: v${{ github.run_number }} tag_name: v${{ github.run_number }}
release_name: Release v${{ github.run_number }} name: Release v${{ github.run_number }}
body_path: CHANGELOG_RELEASE.md body_path: CHANGELOG_RELEASE.md
draft: false draft: false
prerelease: false prerelease: false