Bump dependencies: checkout v6, alpine 3.23.3, docker actions (#212)

djdefi · web-flow · commit 8dd10df76acd · 2026-01-29T19:54:02.000-08:00
* Bump dependencies: checkout v6, alpine 3.23.3, docker actions Combined dependency updates: - actions/checkout v5 → v6 - alpine 3.23.2 → 3.23.3 - docker/setup-buildx-action 3.11.1 → 3.12.0 - docker/login-action 3.6.0 → 3.7.0 - docker/metadata-action 5.7.0 → 5.10.0 Supersedes: #203, #204, #207, #208, #209 * Fix test: make eicarcom2.zip download optional (404) --------- Co-authored-by: Ryan Trauntvein <djdefi@users.noreply.github.com>
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -35,7 +35,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
@@ -45,13 +45,13 @@ jobs:
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -61,7 +61,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
diff --git a/.github/workflows/test-scan.yml b/.github/workflows/test-scan.yml
@@ -23,15 +23,15 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Download test virii
       - name: Download EICAR test files
         run: |
           wget "https://secure.eicar.org/eicar.com.txt"
           wget "https://secure.eicar.org/eicar.com"
           wget "https://secure.eicar.org/eicar_com.zip"
-          wget "https://secure.eicar.org/eicarcom2.zip"
+          wget "https://secure.eicar.org/eicarcom2.zip" || echo "eicarcom2.zip not available, skipping"
       
       - name: Build image
         run: docker build -t gitavscan .
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/gitscan.sh"]

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM alpine:3.23.2`
	`1`	`+FROM alpine:3.23.3`
`2`	`2`
`3`	`3`	`ENTRYPOINT ["/usr/bin/dumb-init", "--"]`
`4`	`4`	`CMD ["/gitscan.sh"]`