From 550f064ba5aa69bbf764499ea57baa097c808308 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Tue, 15 Jul 2025 18:23:13 +0200 Subject: [PATCH 1/2] Update version of tools used in CI Signed-off-by: Jannik Hollenbach --- .github/workflows/ci.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 23206c5f10..40551b6548 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,13 +16,13 @@ on: env: # ---- Language Versions ---- - GO_VERSION: "1.24.2" - PYTHON_VERSION: "3.9.16" - KIND_NODE_IMAGE: "kindest/node:v1.33.0@sha256:02f73d6ae3f11ad5d543f16736a2cb2a63a300ad60e81dac22099b0b04784a4e" - KUBECTL_VERSION: "v1.33.0" - KIND_BINARY_VERSION: "v0.27.0" - HELM_VERSION: "v3.17.3" - HELM_PLUGIN_UNITTEST: "0.5.1" + GO_VERSION: "1.24.5" + PYTHON_VERSION: "3.13.5" + KIND_NODE_IMAGE: "kindest/node:v1.33.1@sha256:050072256b9a903bd914c0b2866828150cb229cea0efe5892e2b644d5dd3b34f" + KUBECTL_VERSION: "v1.33.2" + KIND_BINARY_VERSION: "v0.29.0" + HELM_VERSION: "v3.18.4" + HELM_PLUGIN_UNITTEST: "0.8.2" TASK_VERSION: "v3.44.0" jobs: From 4a9922cfe1b3bc9238189645b2ae632ec7295aa0 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Tue, 15 Jul 2025 18:25:16 +0200 Subject: [PATCH 2/2] Switch CI base VM Image to Ubuntu 24 Signed-off-by: Jannik Hollenbach --- .github/workflows/ci.yaml | 26 +++++++++---------- .github/workflows/documentation-roulette.yaml | 2 +- .../workflows/helm-charts-release-ghcr.yaml | 2 +- .github/workflows/helm-charts-release.yaml | 4 +-- .github/workflows/helm-docs.yaml | 4 +-- .github/workflows/label-commenter.yml | 2 +- .github/workflows/license-check.yaml | 2 +- .github/workflows/mega-linter.yml | 4 +-- .github/workflows/move-bot-pr-to-review.yaml | 2 +- .github/workflows/release-build.yaml | 22 ++++++++-------- .github/workflows/scb-bot.yaml | 4 +-- 11 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 40551b6548..fcef6cd7ec 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,7 +10,7 @@ on: - v[0-9]+.x pull_request: -# The CI runs on ubuntu-22.04; More info about the installed software is found here: +# The CI runs on ubuntu-24.04; More info about the installed software is found here: # https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md env: @@ -28,7 +28,7 @@ env: jobs: test-nodejs-scanner-test-helpers: name: "Unit Test | Node.js Scanner Test Helpers" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -44,7 +44,7 @@ jobs: run: bun test helpers.test.js k8s-setup: name: "Setup Kind & Kubectl & Helm & Task" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -100,7 +100,7 @@ jobs: helm-unit-test: name: "Unit-Test | Helm" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - k8s-setup steps: @@ -138,7 +138,7 @@ jobs: unit-java: name: "Unit-Test | Java" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: unit: ["persistence-defectdojo"] @@ -178,7 +178,7 @@ jobs: operator: name: "Build | Operator" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: component: ["operator", "lurker"] @@ -220,7 +220,7 @@ jobs: auto-discovery-kubernetes: name: "AutoDiscovery | Kubernetes" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -258,7 +258,7 @@ jobs: # ---- Build Stage | AutoDiscovery | Kubernetes | PullSecretExtractor ---- auto-discovery-kubernetes-secret-extraction-container: name: "Autodiscovery | Kubernetes | SecretExtractionInitContainer" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - k8s-setup steps: @@ -341,7 +341,7 @@ jobs: # ---- Build Stage | AutoDiscovery | Cloud | AWS ---- auto-discovery-cloud-aws: name: "AutoDiscovery | Cloud | AWS" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -380,7 +380,7 @@ jobs: sdk: name: "Build | SDKs" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: sdk: @@ -413,7 +413,7 @@ jobs: - sdk - operator - k8s-setup - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -576,7 +576,7 @@ jobs: - sdk - operator - k8s-setup - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -723,7 +723,7 @@ jobs: sbctcl-tests: name: "Run sbctcl Tests" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/documentation-roulette.yaml b/.github/workflows/documentation-roulette.yaml index 8bbe193cb2..0bc09da5d2 100644 --- a/.github/workflows/documentation-roulette.yaml +++ b/.github/workflows/documentation-roulette.yaml @@ -13,7 +13,7 @@ jobs: docu-roulette: permissions: issues: write # needed to create new issues - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: github.repository == 'secureCodeBox/secureCodeBox' steps: - name: Checkout repository diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index f64415d907..5896cd4db4 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -13,7 +13,7 @@ env: jobs: GHCR-Helm-Release: name: "Publish Helm Charts to GHCR" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write diff --git a/.github/workflows/helm-charts-release.yaml b/.github/workflows/helm-charts-release.yaml index ec417909fd..20aa6640ca 100644 --- a/.github/workflows/helm-charts-release.yaml +++ b/.github/workflows/helm-charts-release.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -# The CI runs on ubuntu-22.04; More info about the installed software is found here: +# The CI runs on ubuntu-24.04; More info about the installed software is found here: # https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md on: @@ -12,7 +12,7 @@ name: "Publish Helm Charts" jobs: helm: name: Package and Publish - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: "Install yq" diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index 8dc57dc55a..98963d41e4 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -# The CI runs on ubuntu-22.04; More info about the installed software is found here: +# The CI runs on ubuntu-24.04; More info about the installed software is found here: # https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md @@ -13,7 +13,7 @@ on: - main jobs: helm-docs: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: github.repository == 'secureCodeBox/secureCodeBox' steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/label-commenter.yml b/.github/workflows/label-commenter.yml index c31e157e80..f92609a5cc 100644 --- a/.github/workflows/label-commenter.yml +++ b/.github/workflows/label-commenter.yml @@ -17,7 +17,7 @@ permissions: jobs: comment: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Label Commenter diff --git a/.github/workflows/license-check.yaml b/.github/workflows/license-check.yaml index 80da879ffc..4ed1e1ad44 100644 --- a/.github/workflows/license-check.yaml +++ b/.github/workflows/license-check.yaml @@ -12,7 +12,7 @@ on: jobs: license-check: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: github.repository == 'secureCodeBox/secureCodeBox' steps: - name: Checkout repository diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 7cd574f61e..c38b90efa3 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 --- -# The CI runs on ubuntu-22.04; More info about the installed software is found here: +# The CI runs on ubuntu-24.04; More info about the installed software is found here: # https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md # MegaLinter GitHub Action configuration file @@ -29,7 +29,7 @@ concurrency: jobs: build: name: MegaLinter - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: # Git Checkout - name: Checkout Code diff --git a/.github/workflows/move-bot-pr-to-review.yaml b/.github/workflows/move-bot-pr-to-review.yaml index 4d565abcb2..b2365c5680 100644 --- a/.github/workflows/move-bot-pr-to-review.yaml +++ b/.github/workflows/move-bot-pr-to-review.yaml @@ -11,7 +11,7 @@ on: jobs: move-bot-pr-to-review: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # only run if the branch starts with 'dependabot/' or 'dependencies/upgrading' if: startsWith(github.head_ref, 'dependabot/') || startsWith(github.head_ref, 'dependencies/upgrading') steps: diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index 6c201e600f..7842ad77be 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -# The CI runs on ubuntu-22.04; More info about the installed software is found here: +# The CI runs on ubuntu-24.04; More info about the installed software is found here: # https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md name: "Release Build" @@ -21,7 +21,7 @@ jobs: operator: name: "Build | Operator" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 continue-on-error: true strategy: matrix: @@ -72,7 +72,7 @@ jobs: auto-discovery-kubernetes: name: "AutoDiscovery | Kubernetes" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -119,7 +119,7 @@ jobs: auto-discovery-kubernetes-pull-secret-extractor: name: "AutoDiscovery | Kubernetes | Pull Secret Extractor" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -166,7 +166,7 @@ jobs: sdk: name: "Build | SDKs" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 continue-on-error: true strategy: matrix: @@ -212,7 +212,7 @@ jobs: hooks: name: "Build | Hooks" needs: sdk - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 continue-on-error: true strategy: matrix: @@ -279,7 +279,7 @@ jobs: dashboardImporter: name: Dashboard Importer - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -317,7 +317,7 @@ jobs: parsers: name: "Build | Parsers" needs: sdk - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 continue-on-error: true strategy: matrix: @@ -403,7 +403,7 @@ jobs: scanners-third-party: name: "Build | Third Party Scanner" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 continue-on-error: true strategy: matrix: @@ -482,7 +482,7 @@ jobs: scanners-custom: name: "Build | Custom Scanner" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 continue-on-error: true strategy: matrix: @@ -542,7 +542,7 @@ jobs: demo-targets: name: "Build | Custom Demo-Targets" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 continue-on-error: true strategy: matrix: diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index 3b16f2b2d1..5faa6af0bc 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -11,7 +11,7 @@ # including mikefarah/yq to fetch local and remote versions of the scanners, # crazy-max/ghaction-import-gpg to import a GPG key, and jq to parse the JSON output of the scanner version API. -# The CI runs on ubuntu-22.04; More info about the installed software is found here: +# The CI runs on ubuntu-24.04; More info about the installed software is found here: # https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md name: Check outdated scanners @@ -20,7 +20,7 @@ on: - cron: "15 9 * * *" # Daily at 9:15 (avoids the beginning of the hour congestion) jobs: version-compare: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: github.repository == 'secureCodeBox/secureCodeBox' strategy: # Keep running other jobs even if one fails