build(deps): bump docker/setup-qemu-action from 3 to 4

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-16 14:49:16 +08:00 · 2026-03-09 08:44:34 +00:00
7 changed files with 35 additions and 105 deletions
@@ -10,11 +10,6 @@ on:
    branches:
      - "master"

-permissions:
-  contents: read
-  packages: write
-  security-events: write
-
 jobs:
  build-docker:
    runs-on: ubuntu-latest
@@ -23,7 +18,6 @@ jobs:
        uses: actions/setup-go@v6
        with:
          go-version: "^1"
-          check-latest: true
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
@@ -38,10 +32,10 @@ jobs:
        uses: docker/setup-qemu-action@v4

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -49,7 +43,7 @@ jobs:

      - name: Docker meta
        id: docker-meta
-        uses: docker/metadata-action@v6
+        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/${{ github.repository }}
@@ -59,33 +53,8 @@ jobs:
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}

-      - name: Build image for scanning
-        uses: docker/build-push-action@v7
-        with:
-          context: .
-          file: docker/Dockerfile
-          platforms: linux/amd64
-          push: false
-          load: true
-          tags: drone-jenkins:scan
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@v0.35.0
-        with:
-          image-ref: "drone-jenkins:scan"
-          format: "sarif"
-          output: "trivy-image-results.sarif"
-          severity: "CRITICAL,HIGH"
-          exit-code: '1'
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v4
-        if: always()
-        with:
-          sarif_file: "trivy-image-results.sarif"
-          category: "trivy-docker-image"
-
      - name: Build and push
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64
@@ -23,7 +23,7 @@ jobs:
          check-latest: true

      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v7
+        uses: goreleaser/goreleaser-action@v6
        with:
          # either 'goreleaser' (default) or 'goreleaser-pro'
          distribution: goreleaser
@@ -12,14 +12,13 @@ jobs:
        uses: actions/setup-go@v6
        with:
          go-version: "stable"
-          check-latest: true
      - name: Checkout repository
        uses: actions/checkout@v6

      - name: Setup golangci-lint
        uses: golangci/golangci-lint-action@v9
        with:
-          version: v2.11
+          version: v2.6
          args: --verbose

      - uses: hadolint/hadolint-action@v3.3.0
@@ -31,7 +30,7 @@ jobs:
    strategy:
      matrix:
        os: [ubuntu-latest]
-        go: ["1.25", "1.26"]
+        go: ["1.25"]
        include:
          - os: ubuntu-latest
            go-build: ~/.cache/go-build
@@ -45,7 +44,6 @@ jobs:
        uses: actions/setup-go@v6
        with:
          go-version: ${{ matrix.go }}
-          check-latest: true

      - name: Checkout Code
        uses: actions/checkout@v6
@@ -10,76 +10,47 @@ on:
  schedule:
    # Run daily at 00:00 UTC
    - cron: "0 0 * * *"
-  workflow_dispatch:
+  workflow_dispatch: # Allow manual trigger

 permissions:
  contents: read
-  security-events: write
+  security-events: write # Required for uploading SARIF results

 jobs:
-  trivy-repo-scan:
-    name: Trivy Repository Scan
+  trivy-scan:
+    name: Trivy Security Scan
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout repository
+      - name: Checkout code
        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0

-      - name: Run Trivy vulnerability scanner (repo)
-        uses: aquasecurity/trivy-action@v0.35.0
+      - name: Run Trivy vulnerability scanner (source code)
+        uses: aquasecurity/trivy-action@0.33.1
        with:
          scan-type: "fs"
          scan-ref: "."
+          scanners: "vuln,secret,misconfig"
          format: "sarif"
-          output: "trivy-repo-results.sarif"
-          severity: "CRITICAL,HIGH"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH,MEDIUM"
+          ignore-unfixed: true

-      - name: Upload Trivy scan results to GitHub Security tab
+      - name: Upload Trivy results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v4
        if: always()
        with:
-          sarif_file: "trivy-repo-results.sarif"
+          sarif_file: "trivy-results.sarif"

-  trivy-image-scan:
-    name: Trivy Image Scan
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-
-      - name: Setup go
-        uses: actions/setup-go@v6
-        with:
-          go-version-file: go.mod
-          check-latest: true
-
-      - name: Build binary
-        run: |
-          make build_linux_amd64
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
-
-      - name: Build Docker image for scanning
-        uses: docker/build-push-action@v7
-        with:
-          context: .
-          file: docker/Dockerfile
-          platforms: linux/amd64
-          push: false
-          load: true
-          tags: drone-jenkins:scan
-
-      - name: Run Trivy vulnerability scanner (image)
-        uses: aquasecurity/trivy-action@v0.35.0
-        with:
-          image-ref: "drone-jenkins:scan"
-          format: "sarif"
-          output: "trivy-image-results.sarif"
-          severity: "CRITICAL,HIGH"
-
-      - name: Upload Trivy image scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v4
+      - name: Run Trivy scanner (table output for logs)
+        uses: aquasecurity/trivy-action@0.33.1
        if: always()
        with:
-          sarif_file: "trivy-image-results.sarif"
-          category: "trivy-image"
+          scan-type: "fs"
+          scan-ref: "."
+          scanners: "vuln,secret,misconfig"
+          format: "table"
+          severity: "CRITICAL,HIGH,MEDIUM"
+          ignore-unfixed: true
+          exit-code: "1"
@@ -1,6 +1,6 @@
 module github.com/appleboy/drone-jenkins

-go 1.25.9
+go 1.24.0

 require (
 	github.com/appleboy/com v1.1.1
@@ -233,7 +233,7 @@ func (jenkins *Jenkins) sendRequest(
 		req.Header.Set(crumb.CrumbRequestField, crumb.Crumb)
 	}

-	return jenkins.Client.Do(req) //nolint:gosec // user-configured Jenkins URL
+	return jenkins.Client.Do(req)
 }

 func (jenkins *Jenkins) get(
@@ -347,11 +347,7 @@ func TestWaitForCompletion(t *testing.T) {
 						[]byte(`{"number":456,"building":true,"duration":0,"result":null}`),
 					)
 				} else {
-					_, _ = w.Write(
-						[]byte(
-							`{"number":456,"building":false,"duration":5000,"result":"SUCCESS"}`,
-						),
-					)
+					_, _ = w.Write([]byte(`{"number":456,"building":false,"duration":5000,"result":"SUCCESS"}`))
 				}
 			}
 		}))
@@ -474,11 +470,7 @@ func TestWaitForCompletion(t *testing.T) {
 						[]byte(`{"number":456,"building":true,"duration":0,"result":null}`),
 					)
 				} else {
-					_, _ = w.Write(
-						[]byte(
-							`{"number":456,"building":false,"duration":3000,"result":"FAILURE"}`,
-						),
-					)
+					_, _ = w.Write([]byte(`{"number":456,"building":false,"duration":3000,"result":"FAILURE"}`))
 				}
 			}
 		}))