ci: update workflows

mia-platform · Nov 4, 2024 · 9141b8a · 9141b8a
1 parent e91257f
commit 9141b8a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -14,7 +14,7 @@ on:
     - examples/**
 
 env:
-  GORELEASER_VERSION: v2.3.2
+  GORELEASER_VERSION: v2.4.1
 jobs:
   lint:
     name: Lint Code

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -15,13 +15,16 @@ on:
   schedule:
   - cron: 0 5 * * 1 # Run every monday at 5 UTC
 
+permissions: {}
+
 env:
-  GORELEASER_VERSION: v2.3.2
+  GORELEASER_VERSION: v2.4.1
 
 jobs:
   codeql:
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     permissions:
+      contents: read
       security-events: write
     steps:
     - name: Checkout repository
@@ -41,7 +44,10 @@ jobs:
       uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
       with:
         languages: go
+        build-mode: manual
     - name: Run Build
       run: make build
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+      with:
+        category: "/language:go"
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
@@ -8,6 +8,8 @@ on:
     - docs/**
     - examples/**
 
+permissions: {}
+
 jobs:
   dependency-review:
     name: Dependencies Review
@@ -23,5 +25,6 @@ jobs:
     - name: Dependency Review
       uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
       with:
-        fail-on-scope: runtime,development,unknown
+        fail-on-severity: high
+        fail-on-scope: development,runtime,unknown
         comment-summary-in-pr: on-failure