chore: update dependencies (#10)

* chore: bump dependencies * chore: update GHA files * chore: update GHA files
ory · Oct 23, 2024 · 35b6ba1 · 35b6ba1
1 parent cdb4688
commit 35b6ba1
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 10 deletions.
diff --git a/.github/actions/build-and-scan/action.yaml b/.github/actions/build-and-scan/action.yaml
@@ -16,19 +16,23 @@ runs:
       id: vars
       shell: bash
       run: |
-        echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"      
+        echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v1
+      uses: docker/setup-qemu-action@v3
+
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v3
+
     - name: Build
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v5
       with:
         context: ./docker
         push: false
         tags: ${{ inputs.tags }}
         labels: ${{ inputs.labels }}
         load: true
+
     - name: Anchore Scanner
       uses: anchore/scan-action@v3
       if: always()
@@ -38,13 +42,15 @@ runs:
         fail-build: true
         severity-cutoff: high
         acs-report-enable: true
+
     - name: Inspect action SARIF report
       shell: bash
       if: always()
       run: |
         echo "::group::Anchore Scan Details"
         jq '.runs[0].results' ${{ steps.grype-scan.outputs.sarif }}
         echo "::endgroup::"
+
     - name: Trivy Scanner
       if: always()
       uses: aquasecurity/trivy-action@master
@@ -55,10 +61,11 @@ runs:
         ignore-unfixed: true
         vuln-type: 'os,library'
         severity: 'CRITICAL,HIGH'
+
     - name: Dockle Linter
       uses: erzz/[email protected]
       if: always()
       with:
         image: oryd/k8s-toolbox:sha-${{ steps.vars.outputs.sha_short }}
         exit-code: 42
-        failure-threshold: fatal
+        failure-threshold: fatal
diff --git a/.github/workflows/periodic-scan.yaml b/.github/workflows/periodic-scan.yaml
@@ -10,10 +10,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,9 +1,9 @@
-FROM alpine:3.17.1
+FROM alpine:3.20
 
 ARG USER=ory
 ENV HOME /home/$USER
-ENV JQ_VERSION 1.6
-ENV KUBECTL_VERSION 1.25.5
+ENV JQ_VERSION 1.7.1
+ENV KUBECTL_VERSION 1.31.2
 
 RUN apk add --no-cache --update-cache --upgrade --latest \
 	ca-certificates curl netcat-openbsd coreutils bash inotify-tools procps