ci(workflows): bump GitHub Actions to latest versions

appleboy · claude · appleboy · commit 41eea5347a8e · 2026-03-09T22:58:54.000+08:00
- Bump docker/metadata-action from v5 to v6
- Bump docker/build-push-action from v6 to v7
- Bump aquasecurity/trivy-action from 0.34.2 to 0.35.0
- Bump golangci-lint from v2.9 to v2.11.2

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -41,7 +41,7 @@ jobs:
 
       - name: Docker meta
         id: docker-meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: |
             ghcr.io/${{ github.repository }}
@@ -56,7 +56,7 @@ jobs:
           echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
 
       - name: Build Docker image for scanning
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: .
           platforms: linux/amd64
@@ -68,7 +68,7 @@ jobs:
             VERSION=${{ steps.docker-meta.outputs.version }}
 
       - name: Run Trivy vulnerability scanner on Docker image
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: ${{ env.REPO }}:scan
           ignore-unfixed: true
@@ -82,7 +82,7 @@ jobs:
           sarif_file: "trivy-docker-results.sarif"
 
       - name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: .
           platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -39,7 +39,7 @@ jobs:
           sarif_file: "trivy-results.sarif"
 
       - name: Run Trivy vulnerability scanner (table output)
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         if: always()
         with:
           scan-type: "fs"
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -39,7 +39,7 @@ jobs:
       - name: Setup golangci-lint
         uses: golangci/golangci-lint-action@v9
         with:
-          version: v2.9
+          version: v2.11.2
           args: --verbose
 
   test:
