Fix GitHub Actions workflow: Update CodeQL to v3, add permissions, replace deprecated release action
This commit is contained in:
12
.github/workflows/ci-cd.yml
vendored
12
.github/workflows/ci-cd.yml
vendored
@@ -197,6 +197,8 @@ jobs:
|
||||
name: Security Scanning
|
||||
runs-on: ubuntu-latest
|
||||
needs: lint
|
||||
permissions:
|
||||
security-events: write
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
@@ -211,7 +213,7 @@ jobs:
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
@@ -221,6 +223,8 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [test-ubuntu, test-centos, security-scan]
|
||||
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
@@ -241,12 +245,10 @@ jobs:
|
||||
git log ${{ steps.get_tag.outputs.latest_tag }}..HEAD --pretty=format:"- %s (%h)" >> CHANGELOG_RELEASE.md
|
||||
|
||||
- name: Create Release
|
||||
uses: actions/create-release@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
uses: softprops/action-gh-release@v2
|
||||
with:
|
||||
tag_name: v${{ github.run_number }}
|
||||
release_name: Release v${{ github.run_number }}
|
||||
name: Release v${{ github.run_number }}
|
||||
body_path: CHANGELOG_RELEASE.md
|
||||
draft: false
|
||||
prerelease: false
|
||||
|
||||
Reference in New Issue
Block a user