From 127d1d901c675fdd01e9fb1220c027713ac52061 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 21 Sep 2025 13:37:36 +0000 Subject: [PATCH 1/3] Bump the all group with 4 updates Bumps the all group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [docker/build-push-action](https://github.com/docker/build-push-action) and [docker/login-action](https://github.com/docker/login-action). Updates `actions/checkout` from 2 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v5) Updates `docker/setup-buildx-action` from 1 to 3 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v3) Updates `docker/build-push-action` from 2 to 6 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v2...v6) Updates `docker/login-action` from 1 to 3 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v1...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/setup-buildx-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/build-push-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/login-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/dh-code.yml | 2 +- .github/workflows/model.yml | 10 +++++----- .github/workflows/wireguard-code.yml | 10 +++++----- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/dh-code.yml b/.github/workflows/dh-code.yml index d8d970d..c8739f7 100644 --- a/.github/workflows/dh-code.yml +++ b/.github/workflows/dh-code.yml @@ -16,7 +16,7 @@ jobs: run: apt-get update && apt-get install -y git curl tar libgomp1 - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v5 - name: Verify DH initiator in Go using Gobra run: | diff --git a/.github/workflows/model.yml b/.github/workflows/model.yml index 854c191..1fd8151 100644 --- a/.github/workflows/model.yml +++ b/.github/workflows/model.yml @@ -14,7 +14,7 @@ jobs: echo "IMAGE_ID=ghcr.io/$REPO_OWNER/protocol-verification-refinement-tamarin" >> $GITHUB_ENV - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v5 - name: Image version run: | @@ -23,10 +23,10 @@ jobs: echo "IMAGE_TAG=${{ env.IMAGE_ID }}:$VERSION" >> $GITHUB_ENV - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Build image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: . load: true @@ -44,14 +44,14 @@ jobs: run: docker run ${{ env.IMAGE_TAG }} ./verify-wireguard.sh - name: Login to Github Packages - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Push image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: . file: tamarin-docker/Dockerfile diff --git a/.github/workflows/wireguard-code.yml b/.github/workflows/wireguard-code.yml index 416bf84..65e74e3 100644 --- a/.github/workflows/wireguard-code.yml +++ b/.github/workflows/wireguard-code.yml @@ -14,7 +14,7 @@ jobs: echo "IMAGE_ID=ghcr.io/$REPO_OWNER/protocol-verification-refinement-wireguard" >> $GITHUB_ENV - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v5 - name: Image version run: | @@ -23,10 +23,10 @@ jobs: echo "IMAGE_TAG=${{ env.IMAGE_ID }}:$VERSION" >> $GITHUB_ENV - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Build image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: wireguard/implementation load: true @@ -44,14 +44,14 @@ jobs: run: docker run ${{ env.IMAGE_TAG }} ./test.sh - name: Login to Github Packages - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Push image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: wireguard/implementation file: wireguard/implementation/docker/Dockerfile From e4510bd967b5f8e13d95fa4e842b1d252339b4e3 Mon Sep 17 00:00:00 2001 From: Linard Arquint Date: Sun, 21 Sep 2025 16:00:40 +0200 Subject: [PATCH 2/3] fixes permissions for pushing docker image Set GITHUB_TOKEN permissions for Docker image push. --- .github/workflows/model.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/model.yml b/.github/workflows/model.yml index 1fd8151..ff4b321 100644 --- a/.github/workflows/model.yml +++ b/.github/workflows/model.yml @@ -7,6 +7,9 @@ jobs: build-verify: runs-on: ubuntu-latest timeout-minutes: 20 + # set per-job GITHUB_TOKEN permissions such that pushing the Docker image will be possible: + permissions: + packages: write steps: - name: Create Image ID run: | From dfdbeb56cc61b4b5c54a66d439b78efb82e0271e Mon Sep 17 00:00:00 2001 From: Linard Arquint Date: Sun, 21 Sep 2025 16:01:12 +0200 Subject: [PATCH 3/3] fixes permissions for pushing docker image Added permissions for Docker image pushing. --- .github/workflows/wireguard-code.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/wireguard-code.yml b/.github/workflows/wireguard-code.yml index 65e74e3..13adb0a 100644 --- a/.github/workflows/wireguard-code.yml +++ b/.github/workflows/wireguard-code.yml @@ -7,6 +7,9 @@ jobs: build-verify: runs-on: ubuntu-latest timeout-minutes: 15 + # set per-job GITHUB_TOKEN permissions such that pushing the Docker image will be possible: + permissions: + packages: write steps: - name: Create Image ID run: |