Update dependencies and go version in CI and release workflows

[santoshkal]

• Updates Go version in CI and release
• Udpates golanglint-ci
• Updates other dependencies in CI and Release

[dryrunsecurity]

DryRun Security Summary

The pull request updates the GitHub Actions workflows for the project, including upgrading tool versions and implementing security-conscious practices like vulnerability scanning, artifact signing, and Software Bill of Materials (SBOM) generation, to ensure the project is using the latest versions of tools and following best practices for application security.

Expand for full summary

Summary:

The code changes in this pull request focus on updating the GitHub Actions workflows for the project, specifically the CI and release workflows. The changes involve upgrading the versions of various tools and dependencies used in the workflows, such as the Go version, golangci-lint-action, staticcheck-action, and several GitHub Actions. These updates are likely to ensure that the project is using the latest versions of the tools, which can provide bug fixes, security improvements, and new features.

From an application security perspective, the changes are positive as they include several security-conscious practices, such as running the Trivy vulnerability scanner, uploading the scan results to the GitHub Security tab, and performing linting and static analysis. Additionally, the release workflow includes the installation and use of the Cosign and Syft tools for signing and generating Software Bill of Materials (SBOM) for the released artifacts, which can help ensure the integrity and provenance of the released software.

Files Changed:

1. .github/workflows/ci.yaml: This file contains the changes related to the CI workflow, including updating the Go version, golangci-lint-action, and staticcheck-action. The workflow also includes a step to run the Trivy vulnerability scanner and upload the scan results to the GitHub Security tab, which are positive security practices.

2. .github/workflows/release.yaml: This file contains the changes related to the release workflow, including upgrading the versions of several GitHub Actions, the Go version, and the installation of Cosign and Syft tools. These changes help ensure the integrity and provenance of the released artifacts.

3. cmd/artifact_push.go: The changes in this file improve the error handling for the oci.GetRemoteURL() function and handle the parsing of annotations provided by the user. The code also supports various ways of providing credentials to authenticate with the OCI-compliant container registry and provides an option to sign the artifact using the Cosign tool, which are important security considerations.

Overall, the changes in this pull request appear to be focused on updating the tooling versions and strengthening the project's security through various security-conscious practices, such as vulnerability scanning, artifact signing, and SBOM generation. These are all positive steps from an application security perspective.

Code Analysis

We ran 7 analyzers against 3 files and 0 analyzers had findings. 7 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.