diff --git a/.github/workflows/.build.yml b/.github/workflows/.build.yml index 420aa80d7..6f999966e 100644 --- a/.github/workflows/.build.yml +++ b/.github/workflows/.build.yml @@ -5,7 +5,7 @@ on: jobs: builds: name: Builds - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: packages: write strategy: diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml index 6cc93001d..9a77dd27d 100644 --- a/.github/workflows/.deploy.yml +++ b/.github/workflows/.deploy.yml @@ -63,7 +63,7 @@ jobs: deploys: name: Helm environment: ${{ inputs.environment }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: ${{ inputs.timeout-minutes }} env: UI_PUBLIC_KEY: | diff --git a/.github/workflows/.e2e-admin.yml b/.github/workflows/.e2e-admin.yml index fac125f41..245e54c89 100644 --- a/.github/workflows/.e2e-admin.yml +++ b/.github/workflows/.e2e-admin.yml @@ -56,7 +56,7 @@ jobs: defaults: run: working-directory: admin-frontend - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: ${{ inputs.timeout-minutes }} strategy: max-parallel: 1 diff --git a/.github/workflows/.e2e.yml b/.github/workflows/.e2e.yml index ad586159a..4201ca934 100644 --- a/.github/workflows/.e2e.yml +++ b/.github/workflows/.e2e.yml @@ -64,7 +64,7 @@ jobs: defaults: run: working-directory: frontend - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: ${{ fromJson(inputs.timeout-minutes) }} strategy: max-parallel: 2 diff --git a/.github/workflows/.integration.yml b/.github/workflows/.integration.yml index 45da0e393..16b10934a 100644 --- a/.github/workflows/.integration.yml +++ b/.github/workflows/.integration.yml @@ -45,7 +45,7 @@ jobs: defaults: run: working-directory: backend-external - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: ${{ inputs.timeout-minutes }} steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/.quota-check.yml b/.github/workflows/.quota-check.yml index d06afdd48..2468ee3ad 100644 --- a/.github/workflows/.quota-check.yml +++ b/.github/workflows/.quota-check.yml @@ -10,7 +10,7 @@ on: jobs: check-quota: name: Check Quota - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 environment: ${{ inputs.environment }} steps: - name: Check Quota For Deployment diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 8c5a228c7..658e6cd9c 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -42,7 +42,7 @@ jobs: tests: name: Unit Tests if: github.event_name != 'pull_request' || !github.event.pull_request.draft - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 environment: unit-test env: PUBLIC_KEY: | @@ -106,7 +106,7 @@ jobs: trivy: name: Trivy Security Scan if: github.event_name != 'pull_request' || !github.event.pull_request.draft - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -127,6 +127,6 @@ jobs: results: name: Analysis Results needs: [tests, trivy] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - run: echo "Workflow completed successfully!" diff --git a/.github/workflows/build-deploy-clamav-to-tools.yml b/.github/workflows/build-deploy-clamav-to-tools.yml index 70b48ed63..930432a39 100644 --- a/.github/workflows/build-deploy-clamav-to-tools.yml +++ b/.github/workflows/build-deploy-clamav-to-tools.yml @@ -5,7 +5,7 @@ on: jobs: builds: name: Builds - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: packages: write strategy: @@ -34,7 +34,7 @@ jobs: triggers: ${{ matrix.triggers }} deploy: name: Deploy - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: builds environment: tools timeout-minutes: 10 diff --git a/.github/workflows/cd-to-prod-on-workflow-dispatch.yml b/.github/workflows/cd-to-prod-on-workflow-dispatch.yml index 576b5b6bc..1478c260b 100644 --- a/.github/workflows/cd-to-prod-on-workflow-dispatch.yml +++ b/.github/workflows/cd-to-prod-on-workflow-dispatch.yml @@ -20,7 +20,7 @@ jobs: image-promotions-to-prod: # This is just for adding another tag to the image to reflect which docker tag is deployed to PROD. if: ${{ !github.event.inputs.is_hotfix }} name: Image Promotions to PROD - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: packages: write strategy: @@ -57,7 +57,7 @@ jobs: zap: name: ZAP Scan needs: [deploys] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Penetration Test uses: zaproxy/action-full-scan@v0.12.0 diff --git a/.github/workflows/cd-to-test-on-workflow-dispatch.yml b/.github/workflows/cd-to-test-on-workflow-dispatch.yml index 4793357d7..84fc75e2d 100644 --- a/.github/workflows/cd-to-test-on-workflow-dispatch.yml +++ b/.github/workflows/cd-to-test-on-workflow-dispatch.yml @@ -21,7 +21,7 @@ jobs: image-promotions-to-test: # This is just for adding another tag to the image to reflect which docker tag is deployed to TEST. if: ${{ !github.event.inputs.is_hotfix }} name: Image Promotions to TEST - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: packages: write strategy: diff --git a/.github/workflows/ci_cd_on_pr_hotfix.yml b/.github/workflows/ci_cd_on_pr_hotfix.yml index 04c1cf107..930c42cba 100644 --- a/.github/workflows/ci_cd_on_pr_hotfix.yml +++ b/.github/workflows/ci_cd_on_pr_hotfix.yml @@ -24,7 +24,7 @@ jobs: validate: if: startsWith(github.head_ref, 'hotfix/') && (!github.event.pull_request.head.repo.fork) name: Validate Branch Naming - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/cleanup-on-pr-close.yml b/.github/workflows/cleanup-on-pr-close.yml index 7680f47d0..bf324b124 100644 --- a/.github/workflows/cleanup-on-pr-close.yml +++ b/.github/workflows/cleanup-on-pr-close.yml @@ -31,7 +31,7 @@ jobs: name: Cleanup OpenShift env: release: pay-transparency-pr-${{ github.event.number }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Remove OpenShift artifacts run: | diff --git a/.github/workflows/cleanup_tag_hotfix-pr-close.yml b/.github/workflows/cleanup_tag_hotfix-pr-close.yml index e852bacc8..da4819dd1 100644 --- a/.github/workflows/cleanup_tag_hotfix-pr-close.yml +++ b/.github/workflows/cleanup_tag_hotfix-pr-close.yml @@ -31,7 +31,7 @@ jobs: name: Cleanup OpenShift env: release: pay-transparency-pr-${{ github.event.number }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Remove OpenShift artifacts run: | @@ -44,7 +44,7 @@ jobs: create-hotfix-github-tag: if: startsWith(github.head_ref, 'hotfix/') && (!github.event.pull_request.head.repo.fork) name: Create Hotfix Tag - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -61,7 +61,7 @@ jobs: git push origin "$TAG" create-hotfix-docker-tag: if: startsWith(github.head_ref, 'hotfix/') && (!github.event.pull_request.head.repo.fork) - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: package: [ backend, diff --git a/.github/workflows/maintenance.yml b/.github/workflows/maintenance.yml index d177332ae..fb606b56b 100644 --- a/.github/workflows/maintenance.yml +++ b/.github/workflows/maintenance.yml @@ -24,7 +24,7 @@ on: jobs: maintenance_on: name: Turn On Maintenance Mode - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 environment: ${{ github.event.inputs.environment }} if: ${{ github.event.inputs.action == 'true' }} steps: @@ -50,7 +50,7 @@ jobs: maintenance_off: name: Turn Off Maintenance Mode - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 environment: ${{ github.event.inputs.environment }} if: ${{ github.event.inputs.action == 'false' }} steps: diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index 09e35902e..b2aa58adb 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -32,7 +32,7 @@ jobs: name: Set Variables outputs: pr: ${{ steps.pr.outputs.pr }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 1 steps: # Get PR number for squash merges to main - name: PR Number @@ -40,7 +40,7 @@ jobs: uses: bcgov-nr/action-get-pr@v0.0.1 codeql: name: Semantic Code Analysis - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: actions: read contents: read @@ -66,7 +66,7 @@ jobs: semanticVersion: ${{ steps.changelog.outputs.version }} tag: ${{ steps.changelog.outputs.tag }} clean_changelog: ${{ steps.changelog.outputs.clean_changelog }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 1 steps: - uses: actions/checkout@v4 @@ -84,7 +84,7 @@ jobs: git-push: "true" retag-images: needs: [vars, semantic-version] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: package: diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml index e3c11ea56..d9b1ead40 100644 --- a/.github/workflows/pr-validate.yml +++ b/.github/workflows/pr-validate.yml @@ -22,6 +22,6 @@ jobs: results: name: Validate Results needs: [validate] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - run: echo "Workflow completed successfully!" diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index bf912caef..5b23835b3 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -9,7 +9,7 @@ jobs: zap: name: ZAP Scan - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Penetration Test uses: zaproxy/action-full-scan@v0.12.0 diff --git a/.github/workflows/schemaspy.yml b/.github/workflows/schemaspy.yml index a5849cfbc..8b01f7f21 100644 --- a/.github/workflows/schemaspy.yml +++ b/.github/workflows/schemaspy.yml @@ -15,7 +15,7 @@ concurrency: jobs: generate-schema-spy: name: Generate SchemaSpy Documentation - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 services: postgres: image: postgres diff --git a/.github/workflows/sysdig.yml b/.github/workflows/sysdig.yml index 3a40f906e..dc1340b70 100644 --- a/.github/workflows/sysdig.yml +++ b/.github/workflows/sysdig.yml @@ -8,7 +8,7 @@ on: jobs: add-sysdig-team: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 environment: tools steps: - uses: actions/checkout@v4 diff --git a/doc-gen-service/src/templates/report.script.spec.js b/doc-gen-service/src/templates/report.script.spec.js index 97e555360..93756f746 100644 --- a/doc-gen-service/src/templates/report.script.spec.js +++ b/doc-gen-service/src/templates/report.script.spec.js @@ -4,7 +4,15 @@ import { docGenServicePrivate } from '../v1/services/doc-gen-service'; let browser = null; beforeAll(async () => { browser = await puppeteer.launch({ - args: ['--enable-logging', '--v=1', '--allow-file-access-from-files'], + args: [ + '--enable-logging', + '--v=1', + '--allow-file-access-from-files', + '--no-sandbox', // --no-sandbox should only be used if there are absolutely no remote + // connections made and the source is fully trusted. In this case, the 'user data' + // is created by our test cases which will be safe, and this application doesn't make + // any remote connections to any other web service. + ], headless: 'new', dumpio: true, });