ci(actions): bump codecov-action from v6 to v7

- Update codecov/codecov-action from v6 to v7
chore: bump go directive to 1.25.10
2026-06-16 14:49:25 +08:00 · 2026-06-13 15:46:26 +08:00 · 2026-05-08 21:19:20 +08:00 · 2026-05-08 20:13:40 +08:00 · 2026-04-25 16:51:03 +08:00 · 2026-04-16 23:01:13 +08:00
4 changed files with 20 additions and 5 deletions
@@ -75,6 +75,21 @@ jobs:
          load: true
          tags: drone-ssh:scan

+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@v0.36.0
+        with:
+          image-ref: "drone-ssh:scan"
+          format: "sarif"
+          output: "trivy-image-results.sarif"
+          severity: "CRITICAL,HIGH"
+          exit-code: '1'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-image-results.sarif"
+          category: "trivy-docker-image"
+
      - name: Build and push
        if: success()
        uses: docker/build-push-action@v7
@@ -20,7 +20,7 @@ jobs:
      - name: Setup golangci-lint
        uses: golangci/golangci-lint-action@v9
        with:
-          version: latest
+          version: v2.12
          args: --verbose

      - uses: hadolint/hadolint-action@v3.3.0
@@ -50,6 +50,6 @@ jobs:
          make test

      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v7
        with:
          flags: go-${{ matrix.go-version }}
@@ -25,7 +25,7 @@ jobs:
        uses: actions/checkout@v6

      - name: Run Trivy vulnerability scanner (repo)
-        uses: aquasecurity/trivy-action@v0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          scan-type: "fs"
          scan-ref: "."
@@ -70,7 +70,7 @@ jobs:
          tags: drone-ssh:scan

      - name: Run Trivy vulnerability scanner (image)
-        uses: aquasecurity/trivy-action@v0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          image-ref: "drone-ssh:scan"
          format: "sarif"
@@ -1,6 +1,6 @@
 module github.com/appleboy/drone-ssh

-go 1.25.0
+go 1.25.10

 require (
 	github.com/appleboy/easyssh-proxy v1.5.2
Author	SHA1	Message	Date
Bo-Yi Wu	ec51560163	ci(actions): bump codecov-action from v6 to v7 - Update codecov/codecov-action from v6 to v7	2026-06-13 15:46:26 +08:00
Bo-Yi Wu	008d03ed09	chore: bump go directive to 1.25.10 - Update go.mod go directive from 1.25.9 to 1.25.10	2026-05-08 21:19:20 +08:00
Bo-Yi Wu	8ae378cba1	ci: bump golangci-lint to v2.12 - Upgrade golangci-lint version from v2.11 to v2.12	2026-05-08 20:13:40 +08:00
Bo-Yi Wu	bc57ffe8ae	ci(actions): bump trivy-action to v0.36.0 and codecov-action to v6	2026-04-25 16:51:03 +08:00
Bo-Yi Wu	16a892b3a7	ci(docker): fail push when trivy finds CRITICAL/HIGH issues	2026-04-16 23:01:13 +08:00
Bo-Yi Wu	8265cc3fb1	ci: pin golangci-lint to v2.11	2026-04-16 21:11:23 +08:00
Bo-Yi Wu	c0ae39b308	chore: bump go directive to 1.25.9	2026-04-16 20:58:02 +08:00
Bo-Yi Wu	ed85f7ef5e	ci(docker): add Trivy image scan before pushing Docker image - Add Trivy vulnerability scanner step before Docker image push - Upload SARIF results to GitHub Security tab	2026-04-16 18:10:07 +08:00