merge Main to develop

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/check-binaries.yml

@@ -15,19 +15,19 @@ jobs:
       report_contents: ${{ steps.save-output.outputs.report_contents }}
     steps:
       - name: Setup python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.11'
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: main
       - name: Download latest release
-        uses: robinraju/release-downloader@v1.10
-        with:
-          latest: true
-          fileName: 'aws-lambda-rie*'
-          out-file-path: "bin"
+        run: |
+          mkdir -p bin
+          gh release download --pattern 'aws-lambda-rie*' --dir bin
+        env:
+          GH_TOKEN: ${{ github.token }}
       - name: Run check for vulnerabilities
         id: check-binaries
         run: |
@@ -61,25 +61,29 @@ jobs:
         name: Save outputs for the check with the latest build
         id: save-new-version
         run: |
-          if [ "${{ steps.check-new-version.outcome }}" == "failure" ]; then
+          if [ "${CHECK_OUTCOME}" == "failure" ]; then
             fixed="No"
           else
             fixed="Yes"
           fi
           echo "fixed=$fixed" >> "$GITHUB_OUTPUT"
+        env:
+          CHECK_OUTCOME: ${{ steps.check-new-version.outcome }}
       - if: always() && steps.save-output.outputs.report_contents
         name: Create GitHub Issue indicating vulnerabilities
         id: create-issue
-        uses: dacbd/create-issue-action@main
-        with:
-          token: ${{ github.token }}
-          title: |
-            CVEs found in latest RIE release
-          body: |
-            ###  CVEs found in latest RIE release
-            ```
-            ${{ steps.save-output.outputs.report_contents }}
-            ```
-
-            #### Are these resolved by building with the latest patch version of Go (${{ steps.check-new-version.outputs.latest_version }})?:
-            > **${{ steps.save-new-version.outputs.fixed }}**
+        run: |
+          gh issue create \
+            --title "CVEs found in latest RIE release" \
+            --body "###  CVEs found in latest RIE release
+          \`\`\`
+          ${REPORT_CONTENTS}
+          \`\`\`
+
+          #### Are these resolved by building with the latest patch version of Go (${LATEST_VERSION})?:
+          > **${FIXED}**"
+        env:
+          GH_TOKEN: ${{ github.token }}
+          REPORT_CONTENTS: ${{ steps.save-output.outputs.report_contents }}
+          LATEST_VERSION: ${{ steps.check-new-version.outputs.latest_version }}
+          FIXED: ${{ steps.save-new-version.outputs.fixed }}

.github/workflows/integ-tests.yml

@@ -13,41 +13,33 @@ permissions:
 jobs:
   go-tests:
     runs-on: ubuntu-latest
-    environment:
-      name: integ-tests
     steps:
-        - uses: actions/checkout@v4
+        - uses: actions/checkout@v6
         - name: run go tests
           run: make tests-with-docker
   integ-tests-x86:
     runs-on: ubuntu-latest
-    environment:
-      name: integ-tests
     steps:
-        - uses: actions/checkout@v4
-        - uses: actions/setup-python@v5
+        - uses: actions/checkout@v6
+        - uses: actions/setup-python@v6
           with:
             python-version: '3.11'
         - name: run integration tests
           run: make integ-tests-with-docker-x86-64
   integ-tests-arm64:
     runs-on: ubuntu-latest
-    environment:
-      name: integ-tests
     steps:
-        - uses: actions/checkout@v4
-        - uses: actions/setup-python@v5
+        - uses: actions/checkout@v6
+        - uses: actions/setup-python@v6
           with:
             python-version: '3.11'
         - name: run integration tests
           run: make integ-tests-with-docker-arm64
   integ-tests-old:
     runs-on: ubuntu-latest
-    environment:
-      name: integ-tests
     steps:
-        - uses: actions/checkout@v4
-        - uses: actions/setup-python@v5
+        - uses: actions/checkout@v6
+        - uses: actions/setup-python@v6
           with:
             python-version: '3.11'
         - name: run integration tests

.github/workflows/release.yml

@@ -19,11 +19,11 @@ jobs:
     environment: Release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: main
       - name: Set up python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.11'
       - name: Build
@@ -33,12 +33,14 @@ jobs:
           make tests-with-docker
           make integ-tests
       - name: Release
-        uses: softprops/action-gh-release@v2
-        with:
-          name: Release ${{ github.event.inputs.releaseVersion }}
-          tag_name: v${{ github.event.inputs.releaseVersion }}
-          body: ${{ github.event.inputs.releaseBody }}
-          files: |
-            bin/aws-lambda-rie
-            bin/aws-lambda-rie-arm64
+        run: |
+          gh release create "v${RELEASE_VERSION}" \
+            --title "Release ${RELEASE_VERSION}" \
+            --notes "${RELEASE_BODY}" \
+            bin/aws-lambda-rie \
+            bin/aws-lambda-rie-arm64 \
             bin/aws-lambda-rie-x86_64
+        env:
+          GH_TOKEN: ${{ github.token }}
+          RELEASE_VERSION: ${{ github.event.inputs.releaseVersion }}
+          RELEASE_BODY: ${{ github.event.inputs.releaseBody }}