Merge pull request #40 from RyosukeDTomita/feature/pinact

version up all actions

.github/workflows/actions-linter.yaml

@@ -9,12 +9,15 @@ jobs:
     permissions:
       pull-requests: write
       contents: read
+
     steps:
       - name: clone application source code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
       - name: install package using aqua
         uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
         with:
           aqua_version: v2.29.0
+
       - name: run ghalint
         run: github-comment exec --token ${{ secrets.token }} -- ghalint run

.github/workflows/react-dependency-check.yaml

@@ -9,9 +9,11 @@ on:
   schedule:
     # 日曜日の午前0時に実行
     - cron:  '0 0 * * 0'
+defaults:
+  run:
+    shell: bash
 
 jobs:
-
   trivy-scan:
     runs-on: ubuntu-latest
     permissions:
@@ -20,7 +22,7 @@ jobs:
 
     steps:
       - name: clone application source code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: use trivy
         uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
@@ -33,11 +35,13 @@ jobs:
           format: 'sarif'
           output: 'sca-report.sarif'
           severity: 'CRITICAL,HIGH'
+
       - name: save report as pipeline artifact
         uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: sca-report.sarif
           path: sca-report.sarif
+
       - name: publish trivy alerts
         uses: github/codeql-action/upload-sarif@a073c66b2accf653a511d88537804dcafa07812e # v2.25.10
         with:

.github/workflows/react-jest.yaml

@@ -6,7 +6,6 @@ on:
       - "src/**.ts"
       - "public/**.html"
       - ".github/workflows/react-jest.yaml"
-
 defaults:
   run:
     shell: bash
@@ -21,17 +20,16 @@ jobs:
       run:
         working-directory: /home/runner/work/devsecops-demo-aws-ecs/devsecops-demo-aws-ecs
 
+
     steps:
       # checkout repository to runner
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: set up node20
         uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
         with:
           node-version: '20'
 
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
-
       - name: install package using aqua
         uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
         with:

.github/workflows/react-semgrep.yaml

@@ -11,9 +11,11 @@ on:
   schedule:
     # 日曜日の午前0時に実行
     - cron:  '0 0 * * 0'
+defaults:
+  run:
+    shell: bash
 
 jobs:
-
   semgrep-full:
     runs-on: ubuntu-latest
     permissions:
@@ -24,7 +26,7 @@ jobs:
 
     steps:
       - name: clone application source code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: install package using aqua
         uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
         with:
@@ -42,6 +44,7 @@ jobs:
           name: report.sarif
           path: report.sarif
       # scanの結果を解析。GithubのSecurity --> Code Scanning等でアラートが見られる。
+      #
       - name: publish code scanning alerts
         uses: github/codeql-action/upload-sarif@a073c66b2accf653a511d88537804dcafa07812e # v2.25.10
         with: