Automated update to primary components (#322)

Signed-off-by: Seiso Automation <[email protected]>
Co-authored-by: JonZeolla <[email protected]>
Co-authored-by: Jon Zeolla <[email protected]>

.github/workflows/commit.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: seisollc/goat@main
         with:
           exclude: (.*tests/(ansible|terraform|cloudformation)/.*|.*build/Dockerfile\.j2$)
@@ -35,18 +35,18 @@ jobs:
       test-matrix: ${{ steps.set-testing-outputs.outputs.test-matrix }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+        uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.python_version }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
       - name: Install the dependencies
         run: python -m pip install --upgrade pipenv
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@v2
       - name: Initialize the repo
         run: task -v init
       - name: Gather the image matrix
@@ -71,11 +71,11 @@ jobs:
       matrix: ${{ fromJSON(needs.generate-matrixes.outputs.test-matrix) }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+        uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.python_version }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
@@ -89,7 +89,7 @@ jobs:
           chmod +x "${RUNNER_TEMP}/bin/grype"
           echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@v2
       - name: Initialize the repo
         run: task -v init
       - name: Build the image
@@ -99,25 +99,29 @@ jobs:
           ENVIRONMENT: ${{ matrix.environment }}
       - name: Generate the SBOM
         run: task -v sbom
+        if: matrix.user == 'root'
         env:
           TOOL: ${{ matrix.tool }}
           ENVIRONMENT: ${{ matrix.environment }}
       - name: Upload the SBOM
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
+        if: matrix.user == 'root'
         with:
           name: SBOM_${{ matrix.tool }}_${{ matrix.environment }}
-          path: sbom.*.json
+          path: sbom.2*.json
           if-no-files-found: error
       - name: Generate Vuln scan results
         run: task -v vulnscan
+        if: matrix.user == 'root'
         env:
           TOOL: ${{ matrix.tool }}
           ENVIRONMENT: ${{ matrix.environment }}
       - name: Upload Vuln scan result
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
+        if: matrix.user == 'root'
         with:
           name: Vulns_${{ matrix.tool }}_${{ matrix.environment }}
-          path: vulns.*.json
+          path: vulns.2*.json
           if-no-files-found: error
       - name: Run tests
         run: task -v test
@@ -137,21 +141,21 @@ jobs:
       git_tag: ${{ steps.bump-version.outputs.git_tag }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.SEISO_AUTOMATION_PAT }}
           fetch-depth: 0
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.python_version }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
       - name: Install the dependencies
         run: python -m pip install --upgrade pipenv
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@v2
       - name: Initialize the repo
         run: task -v init
       - name: Bump the version
@@ -173,14 +177,14 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           ref: "${{ needs.bump-version.outputs.git_tag }}"
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.python_version }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
@@ -194,7 +198,7 @@ jobs:
           chmod +x "${RUNNER_TEMP}/bin/grype"
           echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@v2
       - name: Initialize the repo
         run: task -v init
       - name: Build the image
@@ -208,21 +212,21 @@ jobs:
           TOOL: ${{ matrix.tool }}
           ENVIRONMENT: ${{ matrix.environment }}
       - name: Upload the SBOM
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: SBOM_${{ matrix.tool }}_${{ matrix.environment }}
-          path: sbom.*.json
+          path: sbom.2*.json
           if-no-files-found: error
       - name: Generate Vuln scan results
         run: task -v vulnscan
         env:
           TOOL: ${{ matrix.tool }}
           ENVIRONMENT: ${{ matrix.environment }}
       - name: Upload Vuln scan result
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: Vulns_${{ matrix.tool }}_${{ matrix.environment }}
-          path: vulns.*.json
+          path: vulns.2*.json
           if-no-files-found: error
       - name: Run tests
         run: task -v test
@@ -232,7 +236,7 @@ jobs:
           USER: ${{ matrix.user }}
           DEBUG: "True"
       - name: Log in to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -268,16 +272,16 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           ref: "${{ needs.bump-version.outputs.git_tag }}"
       - name: Download the SBOMs and Vuln scan results
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: ${{ runner.temp }}
       - name: Publish the release to GitHub
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -291,7 +295,7 @@ jobs:
           draft: false
           prerelease: false
       - name: Publish the release README to Docker Hub
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/update.yml

@@ -19,20 +19,20 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+        uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.python_version }}
       - name: Install the dependencies
         run: python -m pip install --upgrade pipenv
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@v2
       - name: Initialize the repo
         run: task -v init
       - name: Update the repository
         run: task -v update
       - name: Create or update a pull request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v6
         with:
           title: Automated update to primary components
           commit-message: Automated update to primary components

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 ---
 repos:
   - repo: https://github.com/seisollc/goat
-    rev: c1efc95962d02dd9f6952f74de6f91a11e15459f  # frozen: v2024.01.04
+    rev: b571b58cefe8a8560badcf428978323aa769f9f9  # frozen: v2024.04.01
     hooks:
       - id: seiso-lint

CONTRIBUTING.md

@@ -13,9 +13,9 @@ To get started with contributing to this project, you first want to ensure that
 First, ensure you have the `task` binary available in your `PATH`. To download `task`, [click here](https://taskfile.dev/).
 You'll also need `docker`, `git`, `pipenv`, and `python3` installed locally, and have the `docker` daemon running. Then run `task init` to initialize the repository.
 
-If you'd like to [run the test suite](#running-the-tests), you will also need `grype` downloaded and in your `PATH`.
+If you'd like to run the test suite, you will also need `grype` downloaded and in your `PATH`.
 
-If you'd like to [generate an SBOM](#generating-the-sboms), you will also need `syft` downloaded and in your `PATH`.
+If you'd like to generate an SBOM, you will also need `syft` downloaded and in your `PATH`.
 
 ### Building the images