Skip to content

Security

Security #265

Triggered via schedule March 19, 2024 11:02
Status Failure
Total duration 33s
Artifacts

security.yml

on: schedule
Fit to window
Zoom out
Zoom in

Annotations

5 errors and 4 warnings
Docker Scan
Unable to process command '::set-env name=RELEASE_VERSION::' successfully.
Docker Scan
The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
Go Scan
This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
Go Scan
Failure invoking /opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/autobuild.sh with arguments . Exit code 1 and error was: 2024/03/19 11:03:05 Autobuilder was built with go1.22.0, environment has go1.21.8 2024/03/19 11:03:05 LGTM_SRC is /home/runner/work/iron-redis/iron-redis 2024/03/19 11:03:05 Found no go.work files in the workspace; looking for go.mod files... 2024/03/19 11:03:05 Found 1 go.mod file(s). 2024/03/19 11:03:05 Import path is 'github.com/ironpeakservices/iron-redis' 2024/03/19 11:03:05 Build failed, continuing to install dependencies. 2024/03/19 11:03:05 Skipping dependency installation because a Go vendor directory was found. 2024/03/19 11:03:05 Running extractor command '/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/linux64/go-extractor [-mod=vendor ./...]' from directory 'healthcheck'. 2024/03/19 11:03:05 Build flags: '-mod=vendor'; patterns: './...' 2024/03/19 11:03:05 Running packages.Load. 2024/03/19 11:03:05 Error running go tooling: err: exit status 1: stderr: go: inconsistent vendoring in /home/runner/work/iron-redis/iron-redis/healthcheck: github.com/go-redis/[email protected]+incompatible: is explicitly required in go.mod, but vendor/modules.txt indicates github.com/go-redis/[email protected]+incompatible To ignore the vendor directory, use -mod=readonly or -mod=mod. To sync the vendor directory, run: go mod vendor 2024/03/19 11:03:05 Extraction failed for healthcheck: exit status 1 2024/03/19 11:03:05 Extraction failed for all discovered Go projects.
Go Scan
This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
Docker Scan
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
Go Scan
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, github/codeql-action/init@v1, github/codeql-action/analyze@v1. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
Go Scan
The following actions uses node12 which is deprecated and will be forced to run on node16: github/codeql-action/init@v1, github/codeql-action/analyze@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
Go Scan
1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.