diff --git a/.github/workflows/auto-sync-docs.yml b/.github/workflows/auto-sync-docs.yml index 35973aa..043c2c2 100644 --- a/.github/workflows/auto-sync-docs.yml +++ b/.github/workflows/auto-sync-docs.yml @@ -72,7 +72,7 @@ jobs: echo "changed=false" >> "$GITHUB_OUTPUT" fi - name: Upload Docs and Wiki Patch Artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: docs-wiki-full-patch path: docs-wiki-full-patch.diff diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 1ae5e80..a2e0522 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -260,7 +260,7 @@ jobs: chmod +x tests/integration/playwright_screenshot_integration.sh CONTAINER_NAME=github-runner-chrome tests/integration/playwright_screenshot_integration.sh - name: Upload Playwright screenshot artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: playwright-google-screenshot path: test-results/playwright/google_screenshot_*.png @@ -386,7 +386,7 @@ jobs: chmod +x tests/integration/playwright_screenshot_integration.sh CONTAINER_NAME=github-runner-chrome-go tests/integration/playwright_screenshot_integration.sh - name: Upload Playwright screenshot artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: playwright-chrome-go-google-screenshot path: test-results/playwright/google_screenshot_*.png @@ -404,7 +404,7 @@ jobs: fetch-depth: 0 persist-credentials: false - name: Lint Dockerfiles with Hadolint - uses: hadolint/hadolint-action@v3.1.0 + uses: hadolint/hadolint-action@v3.3.0 with: dockerfile: "docker/Dockerfile*" recursive: true @@ -570,13 +570,13 @@ jobs: echo "$PRIMARY_TAG" > build-normal-image-tag.txt echo "${{ steps.build.outputs.digest }}" > build-normal-image-digest.txt - name: Upload normal runner build image tag as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: build-normal-image-tag path: build-normal-image-tag.txt retention-days: 30 - name: Upload normal runner build image digest as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: build-normal-image-digest path: build-normal-image-digest.txt @@ -677,13 +677,13 @@ jobs: echo "$PRIMARY_TAG" > build-chrome-image-tag.txt echo "${{ steps.build-chrome.outputs.digest }}" > build-chrome-image-digest.txt - name: Upload Chrome build image tag as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: build-chrome-image-tag path: build-chrome-image-tag.txt retention-days: 30 - name: Upload Chrome build image digest as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: build-chrome-image-digest path: build-chrome-image-digest.txt @@ -784,13 +784,13 @@ jobs: echo "$PRIMARY_TAG" > build-chrome-go-image-tag.txt echo "${{ steps.build-chrome-go.outputs.digest }}" > build-chrome-go-image-digest.txt - name: Upload Chrome-Go build image tag as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: build-chrome-go-image-tag path: build-chrome-go-image-tag.txt retention-days: 30 - name: Upload Chrome-Go build image digest as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: build-chrome-go-image-digest path: build-chrome-go-image-digest.txt @@ -819,7 +819,7 @@ jobs: echo "Running unit tests for obsolete package detection..." tests/unit/package-validation.sh - name: Upload package validation results - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 if: always() with: name: package-validation-results @@ -1066,7 +1066,7 @@ jobs: echo "PASSED" > test-results/configuration/status.txt fi - name: Upload comprehensive test results - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 if: always() with: name: test-results-${{ matrix.test-suite }} @@ -1107,7 +1107,7 @@ jobs: chmod +x tests/user-deployment/test-user-experience.sh tests/user-deployment/test-user-experience.sh - name: Upload user deployment test results - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 if: always() with: name: user-deployment-test-results @@ -1239,7 +1239,7 @@ jobs: fi cat deployment-report.md - name: Upload deployment report - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: deployment-report path: deployment-report.md diff --git a/.github/workflows/docs-validation.yml b/.github/workflows/docs-validation.yml index 8ec6c1f..4b9aa04 100644 --- a/.github/workflows/docs-validation.yml +++ b/.github/workflows/docs-validation.yml @@ -60,7 +60,7 @@ jobs: run: | git diff origin/main -- docs/ wiki-content/ > docs-full-patch.diff || echo "No doc changes detected." - name: Upload Patch Artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: docs-full-patch path: docs-full-patch.diff diff --git a/.github/workflows/maintenance.yml b/.github/workflows/maintenance.yml index 405068b..4b47379 100644 --- a/.github/workflows/maintenance.yml +++ b/.github/workflows/maintenance.yml @@ -364,7 +364,7 @@ jobs: fi - name: Upload security report - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: security-status-report path: security-status.md @@ -732,7 +732,7 @@ jobs: EOF - name: Upload comprehensive health report - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: comprehensive-health-report path: comprehensive-health-report.md @@ -813,7 +813,7 @@ jobs: exit 0 - name: Upload maintenance summary - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: maintenance-summary path: maintenance-summary.md diff --git a/.github/workflows/monitoring.yml b/.github/workflows/monitoring.yml index a2aaca5..fdbfd62 100644 --- a/.github/workflows/monitoring.yml +++ b/.github/workflows/monitoring.yml @@ -293,7 +293,7 @@ jobs: echo "Dependency report generated" - name: Upload dependency report - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: dependency-health-report path: dependency-report.md diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 599b0ac..6fd2350 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -103,7 +103,7 @@ jobs: format: spdx-json output-file: sbom.spdx.json - name: Upload SBOM as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: sbom path: sbom.spdx.json @@ -165,7 +165,7 @@ jobs: format: spdx-json output-file: sbom-chrome.spdx.json - name: Upload SBOM as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: sbom-chrome path: sbom-chrome.spdx.json @@ -224,7 +224,7 @@ jobs: format: spdx-json output-file: sbom-chrome-go.spdx.json - name: Upload SBOM as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: sbom-chrome-go path: sbom-chrome-go.spdx.json diff --git a/.github/workflows/security-advisories.yml b/.github/workflows/security-advisories.yml index a4c4fdd..c04c56a 100644 --- a/.github/workflows/security-advisories.yml +++ b/.github/workflows/security-advisories.yml @@ -39,6 +39,16 @@ jobs: - name: Checkout code uses: actions/checkout@v6 + - name: Free Disk Space (Ubuntu) + run: | + echo "Freeing up disk space..." + sudo rm -rf /usr/share/dotnet + sudo rm -rf /usr/local/lib/android + sudo rm -rf /opt/ghc + sudo rm -rf /usr/local/share/boost + echo "Disk space after cleanup:" + df -h + - name: Set up scan parameters id: params run: | @@ -133,6 +143,15 @@ jobs: output: "trivy-results/container.json" severity: ${{ steps.params.outputs.severity_filter }},CRITICAL + - name: Cleanup standard runner image + if: contains(steps.params.outputs.scan_targets, 'container') + run: | + echo "Cleaning up standard runner image to free space..." + docker rmi github-runner:scan || true + docker system prune -f || true + echo "Disk space after cleanup:" + df -h + # Chrome runner container scan - name: Build Chrome runner image for scanning if: contains(steps.params.outputs.scan_targets, 'chrome') @@ -258,7 +277,7 @@ jobs: echo "total-count=$total_all" >> $GITHUB_OUTPUT - name: Upload Security Reports - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: security-scan-reports-${{ steps.params.outputs.timestamp }} path: | @@ -310,7 +329,7 @@ jobs: EOF - name: Upload Security Summary - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: security-summary-${{ steps.params.outputs.timestamp }} path: security-report.md diff --git a/.github/workflows/seed-trivy-sarif.yml b/.github/workflows/seed-trivy-sarif.yml index 843c1d1..f3de484 100644 --- a/.github/workflows/seed-trivy-sarif.yml +++ b/.github/workflows/seed-trivy-sarif.yml @@ -77,7 +77,7 @@ jobs: category: "filesystem-scan" - name: Upload SARIF as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 if: always() with: name: trivy-filesystem-sarif @@ -139,7 +139,7 @@ jobs: category: "container-scan-${{ matrix.variant }}" - name: Upload SARIF as artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 if: always() with: name: trivy-container-${{ matrix.variant }}-sarif diff --git a/docker/Dockerfile b/docker/Dockerfile index 0e88544..226e6a4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -9,7 +9,7 @@ FROM ubuntu:questing AS builder ARG TARGETPLATFORM ARG TARGETARCH ARG TARGETOS -ARG RUNNER_VERSION="2.329.0" +ARG RUNNER_VERSION="2.330.0" ARG CROSS_SPAWN_VERSION="7.0.6" ARG TAR_VERSION="7.5.2" ARG BRACE_EXPANSION_VERSION="2.0.2" @@ -84,7 +84,7 @@ LABEL version="2.2.0" # --- ARGUMENTS FOR RUNTIME --- ARG TARGETARCH -ARG RUNNER_VERSION="2.329.0" +ARG RUNNER_VERSION="2.330.0" ARG CROSS_SPAWN_VERSION="7.0.6" ARG TAR_VERSION="7.5.2" ARG BRACE_EXPANSION_VERSION="2.0.2" diff --git a/docker/Dockerfile.chrome b/docker/Dockerfile.chrome index a5a67be..cdf4b4f 100644 --- a/docker/Dockerfile.chrome +++ b/docker/Dockerfile.chrome @@ -18,7 +18,7 @@ LABEL version="2.2.0" ARG TARGETPLATFORM ARG TARGETARCH ARG TARGETOS -ARG RUNNER_VERSION="2.329.0" +ARG RUNNER_VERSION="2.330.0" ARG CHROME_VERSION="142.0.7444.162" ARG NODE_VERSION="24.11.1" ARG NPM_VERSION="11.6.4" diff --git a/docker/Dockerfile.chrome-go b/docker/Dockerfile.chrome-go index 354a47b..ad5ece0 100644 --- a/docker/Dockerfile.chrome-go +++ b/docker/Dockerfile.chrome-go @@ -19,7 +19,7 @@ LABEL version="2.2.0" ARG TARGETPLATFORM ARG TARGETARCH ARG TARGETOS -ARG RUNNER_VERSION="2.329.0" +ARG RUNNER_VERSION="2.330.0" ARG CHROME_VERSION="142.0.7444.162" ARG NODE_VERSION="24.11.1" ARG NPM_VERSION="11.6.4" diff --git a/docs/VERSION_OVERVIEW.md b/docs/VERSION_OVERVIEW.md index af5dfbb..907ff5e 100644 --- a/docs/VERSION_OVERVIEW.md +++ b/docs/VERSION_OVERVIEW.md @@ -24,9 +24,9 @@ This document provides a comprehensive overview of all software versions, depend ### GitHub Actions Runner -- **Version**: `2.329.0` +- **Version**: `2.330.0` - **Source**: GitHub official releases -- **Download URL**: `https://github.com/actions/runner/releases/download/v2.329.0/` +- **Download URL**: `https://github.com/actions/runner/releases/download/v2.330.0/` - **Security Status**: ✅ Latest stable version ### Operating System diff --git a/scripts/build-chrome.sh b/scripts/build-chrome.sh index b94cc57..725645d 100755 --- a/scripts/build-chrome.sh +++ b/scripts/build-chrome.sh @@ -74,7 +74,7 @@ NAMESPACE="${DOCKER_NAMESPACE:-grammatonic}" IMAGE_NAME="github-runner" IMAGE_TAG="chrome-latest" PLATFORMS="linux/amd64,linux/arm64" -RUNNER_VERSION="2.329.0" +RUNNER_VERSION="2.330.0" PUSH_IMAGE=false NO_CACHE=false MULTI_ARCH=false diff --git a/scripts/build.sh b/scripts/build.sh index 5fd6cd5..dabfe3a 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -34,7 +34,7 @@ NAMESPACE="${DOCKER_NAMESPACE:-grammatonic}" IMAGE_NAME="${IMAGE_NAME:-github-runner}" IMAGE_TAG="${IMAGE_TAG:-latest}" PLATFORMS="${PLATFORMS:-linux/amd64,linux/arm64}" -RUNNER_VERSION="${RUNNER_VERSION:-2.329.0}" +RUNNER_VERSION="${RUNNER_VERSION:-2.330.0}" # Build arguments BUILD_ARGS=(