- bump actions/checkout to v6
- bump actions/setup-go to v6
- bump actions/cache to v5
- bump goreleaser/goreleaser-action to v7
- bump golangci/golangci-lint-action to v9
- bump github/codeql-action/* to v4
- bump codecov/codecov-action to v5
- bump docker/build-push-action to v7
- bump docker/login-action to v4
- bump docker/metadata-action to v6
- bump docker/setup-buildx-action to v4
- bump docker/setup-qemu-action to v4
- bump hadolint/hadolint-action to v3.3.0
- bump aquasecurity/trivy-action to v0.35.0
- Add explicit permissions for contents, packages, and security-events to the Docker GitHub Actions workflow
- Integrate Trivy vulnerability scanning and results upload into the Docker workflow
- Add a dedicated GitHub Actions workflow for Trivy security scanning of both repository files and Docker images, with scheduled, push, and pull request triggers
- Ensure Trivy SARIF results are uploaded to the GitHub Security tab after scans
Signed-off-by: appleboy <appleboy.tw@gmail.com>
Bo-Yi Wu