CardoAI · aquadrini-cardoai · Mar 24, 2026
diff --git a/.github/workflows/crowdstrike-scan-test.yaml b/.github/workflows/crowdstrike-scan-test.yaml
@@ -14,7 +14,7 @@ jobs:
           - name: 861208160487.dkr.ecr.eu-central-1.amazonaws.com/cardoai-eu-ar-ecr-repository-oxygen:backend-main
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.2
 
       - name: EU ECR login
         uses: CardoAI/composite/ecrlogin_with_role@main

diff --git a/.github/workflows/single-arch-build.yaml b/.github/workflows/single-arch-build.yaml
@@ -18,11 +18,11 @@ on:
       directory:
         description: The directory containing the Dockerfile.
         type: string
-        default: '.'
+        default: "."
       context:
         description: The context for the Dockerfile.
         type: string
-        default: '.'
+        default: "."
       tag:
         description: The tag to use for the image.
         type: string
@@ -47,11 +47,11 @@ on:
       build-args:
         description: The build arguments to pass to the Docker build command.
         type: string
-        default: ''
+        default: ""
       docker-driver:
         description: The Docker driver to use for building the image.
         type: string
-        default: 'docker-container'
+        default: "docker-container"
       aws-region:
         description: The AWS region where the ECR repository is located.
         type: string
@@ -72,22 +72,22 @@ on:
     #   gh_pat:
     #     description: The GitHub Personal Access Token to access the repository.
     #     required: true
-      
+
 jobs:
   build_image:
     name: ${{ inputs.os}}/${{ inputs.architecture }}
     runs-on: ${{ inputs.runner-id }}
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.2
         with:
-        #   token: ${{ secrets.gh_pat }}
+          #   token: ${{ secrets.gh_pat }}
           ref: ${{ inputs.sha }}
           fetch-depth: 0
-          submodules: 'true'
+          submodules: "true"
 
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
         with:
           driver: ${{ inputs.docker-driver }}
 
@@ -97,7 +97,7 @@ jobs:
         with:
           aws-region: ${{ inputs.base-image-aws-region }}
           aws-id: ${{ inputs.base-image-aws-id }}
-        
+
       - name: ECR login
         uses: CardoAI/composite/ecrlogin_with_role@main
         with:
@@ -126,7 +126,7 @@ jobs:
           medium-threshold: 0
           low-threshold: 0
           other-threshold: 0
-          
+
       - name: Push Docker image
         id: push-image
         shell: bash

diff --git a/.github/workflows/single-platform-docker-build.yaml b/.github/workflows/single-platform-docker-build.yaml
@@ -17,7 +17,7 @@ on:
       context:
         description: The Docker build context.
         type: string
-        default: '.'
+        default: "."
       repositories:
         description: The AWS ECR repositories to push the image to (JSON string list).
         type: string
@@ -37,7 +37,7 @@ on:
       extra-args:
         description: The extra arguments to pass to the Docker build command.
         type: string
-        default: ''
+        default: ""
       base-image-aws-account-id:
         description: The AWS account ID where the base image is located.
         type: string
@@ -48,26 +48,26 @@ on:
         default: eu-central-1
 jobs:
   single-platform-docker-build:
-    name: '${{ inputs.tag }} - ${{ inputs.platform }}'
+    name: "${{ inputs.tag }} - ${{ inputs.platform }}"
     runs-on: ${{ inputs.github-runner }}
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.2
         with:
           ref: ${{ inputs.sha }}
           fetch-depth: 0
-          submodules: 'true'
+          submodules: "true"
 
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to ECR for base image
         if: ${{ (inputs.base-image-aws-region != '') && (inputs.base-image-aws-account-id != '') }}
         shell: bash
         env:
           REGISTRY: ${{ inputs.base-image-aws-account-id }}.dkr.ecr.${{ inputs.base-image-aws-region }}.amazonaws.com
         run: |
-          set -e          
+          set -e
           docker login --username AWS -p $(aws ecr get-login-password --region ${{ inputs.base-image-aws-region }}) "${REGISTRY}"
 
       - name: Build Docker image

diff --git a/acrlogin/action.yaml b/acrlogin/action.yaml
@@ -1,25 +1,25 @@
-name: 'Login ACR'
-description: 'Login to ACR'
+name: "Login ACR"
+description: "Login to ACR"
 inputs:
   aws-access-key-id:
     required: true
-    description: 'key-id'
+    description: "key-id"
   aws-secret-access-key:
     required: true
-    description: 'key-id'
+    description: "key-id"
   aws-region:
     required: true
-    description: 'key-id'
+    description: "key-id"
 
 runs:
   using: composite
   steps:
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v6.0.0
       with:
         aws-access-key-id: ${{ inputs.aws-access-key-id }}
         aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
         aws-region: ${{ inputs.aws-region}}
     - name: Login to Amazon ECR
       id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v1
+      uses: aws-actions/amazon-ecr-login@v2.1.0
diff --git a/build_image_sha/action.yaml b/build_image_sha/action.yaml
@@ -18,14 +18,14 @@ runs:
   using: composite
   steps:
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
-      
+      uses: docker/setup-buildx-action@v4
+
     - name: Build and tag image
       id: build-image
       shell: bash
       run: |
         echo "${{ inputs.arguments }}"
-        DOCKER_BUILDKIT=1 docker buildx build -f ${{ inputs.location }} . --cache-from ${{ inputs.ECR_REGISTRY }}/${{ inputs.service }}:${GITHUB_REF#refs/heads/} -t ${{ inputs.ECR_REGISTRY }}/${{ inputs.service }}:${GITHUB_REF#refs/heads/} ${{ inputs.arguments }} --build-arg BUILDKIT_INLINE_CACHE=1 --load       
+        DOCKER_BUILDKIT=1 docker buildx build -f ${{ inputs.location }} . --cache-from ${{ inputs.ECR_REGISTRY }}/${{ inputs.service }}:${GITHUB_REF#refs/heads/} -t ${{ inputs.ECR_REGISTRY }}/${{ inputs.service }}:${GITHUB_REF#refs/heads/} ${{ inputs.arguments }} --build-arg BUILDKIT_INLINE_CACHE=1 --load
         image_tag="${{ inputs.ECR_REGISTRY }}/${{ inputs.service }}:${GITHUB_REF#refs/heads/}"
         echo "image-tag=$image_tag" >> $GITHUB_ENV
         echo "image-tag=$image_tag" >> $GITHUB_OUTPUT

diff --git a/create_multi_arch_manifest/action.yaml b/create_multi_arch_manifest/action.yaml
@@ -22,19 +22,19 @@ runs:
       run: |
         echo "Registry: ${{ inputs.registry }}"
         echo "Image: ${{ inputs.image }}"
-        echo "Tag: ${{ inputs.tag }}" 
+        echo "Tag: ${{ inputs.tag }}"
         echo "Tag Suffixes: ${{ inputs.tag-suffixes }}"
 
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
-      
+      uses: docker/setup-buildx-action@v4
+
     - name: Create and push manifest
       shell: bash
       run: |
         #! /bin/bash
         # Enable docker manifest command
         export DOCKER_CLI_EXPERIMENTAL=enabled
-        
+
         IFS=',' read -ra suffixes <<< "${{ inputs.tag-suffixes }}"
 
         # Build manifest create command
@@ -45,6 +45,6 @@ runs:
             suffix="${suffixes[$i]}"
             manifest_cmd+=" ${{ inputs.registry }}/${{ inputs.image }}:${{ inputs.tag }}-${suffix}"
         done
-      
+
         echo "Running manifest command: $manifest_cmd"
-        $manifest_cmd
+        $manifest_cmd
diff --git a/lint_test/action.yaml b/lint_test/action.yaml
@@ -1,22 +1,22 @@
-name: 'lint and test'
-description: 'This action will lint and test the code'
+name: "lint and test"
+description: "This action will lint and test the code"
 inputs:
   requirements:
     required: true
-    description: 'requirements namefile'
+    description: "requirements namefile"
   virtualenv:
     required: true
-    description: 'virtualenv name'
+    description: "virtualenv name"
   lint:
-    description: 'lint condition'
+    description: "lint condition"
   test:
-    description: 'test condition'
+    description: "test condition"
 runs:
   using: composite
   steps:
     - uses: actions/checkout@v6
     # - name: Set up Python 3.10
-    #   uses: actions/setup-python@v4
+    #   uses: actions/setup-python@v6.2.0
     #   with:
     #     python-version: '3.10'
     - name: Lint and Test

diff --git a/lint_test_python/action.yaml b/lint_test_python/action.yaml
@@ -22,7 +22,7 @@ runs:
   steps:
     - uses: actions/checkout@v6
     - name: Set up Python Version
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v6.2.0
       with:
         python-version: ${{ inputs.python-version }}
     - name: Lint and Test

diff --git a/multi-platform-manifest/action.yaml b/multi-platform-manifest/action.yaml
@@ -19,7 +19,7 @@ runs:
   using: composite
   steps:
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
 
     - name: Login to ECR
       shell: bash
@@ -41,5 +41,5 @@ runs:
         for suffix in $(echo "${TAG_SUFFIXES}" | jq -r '.[]'); do
           TAGS_TO_MERGE+=" ${FINAL_TAG}-${suffix}"
         done
-      
+
         docker buildx imagetools create -t ${FINAL_TAG} ${TAGS_TO_MERGE}
diff --git a/single-platform-docker-build-v2/action.yaml b/single-platform-docker-build-v2/action.yaml
@@ -12,7 +12,7 @@ inputs:
   context:
     description: The Docker build context.
     type: string
-    default: '.'
+    default: "."
   repositories:
     description: The AWS ECR repositories to push the image to (JSON string list).
     type: string
@@ -32,11 +32,11 @@ inputs:
   extra-args:
     description: The extra arguments to pass to the Docker build command.
     type: string
-    default: ''
+    default: ""
   docker-driver:
     description: The Docker driver to use for building the image.
     type: string
-    default: 'docker-container'
+    default: "docker-container"
   base-image-aws-account-id:
     description: The AWS account ID where the base image is located.
     type: string
@@ -54,10 +54,10 @@ runs:
       with:
         ref: ${{ inputs.sha }}
         fetch-depth: 0
-        submodules: 'true'
+        submodules: "true"
 
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
       with:
         driver: ${{ inputs.docker-driver }}
 
@@ -95,17 +95,17 @@ runs:
       run: |
         #! /bin/bash
         echo "Building image ${{ inputs.tag }}"
-        
+
         # Get the first repository for caching
         FIRST_REPO=$(echo "${REPOSITORIES}" | jq -c '.[0]')
         NAME=$(echo "${FIRST_REPO}" | jq -r '.name')
         ACCOUNT_ID=$(echo "${FIRST_REPO}" | jq -r '.account_id')
         REGION=$(echo "${FIRST_REPO}" | jq -r '.region')
         REGISTRY="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com"
-    
+
         # Cache reference
         CACHE_REF="${REGISTRY}/${NAME}:cache-${{ inputs.tag }}"
-        
+
         # Cache args if not using Docker driver
         CACHE_ARGS=""
         if [[ "${{ inputs.docker-driver }}" != "docker" ]]; then

diff --git a/single-platform-docker-build-v3/action.yaml b/single-platform-docker-build-v3/action.yaml
@@ -52,7 +52,7 @@ runs:
         submodules: "true"
 
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
       with:
         driver: ${{ inputs.docker-driver }}
 

diff --git a/single-platform-docker-build-v4/action.yaml b/single-platform-docker-build-v4/action.yaml
@@ -52,7 +52,7 @@ runs:
         submodules: "true"
 
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
       with:
         driver: ${{ inputs.docker-driver }}
 

diff --git a/single-platform-docker-build-v5/action.yaml b/single-platform-docker-build-v5/action.yaml
@@ -52,7 +52,7 @@ runs:
         submodules: "true"
 
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
       with:
         driver: ${{ inputs.docker-driver }}
 

diff --git a/single-platform-docker-build/action.yaml b/single-platform-docker-build/action.yaml
@@ -12,7 +12,7 @@ inputs:
   context:
     description: The Docker build context.
     type: string
-    default: '.'
+    default: "."
   repositories:
     description: The AWS ECR repositories to push the image to (JSON string list).
     type: string
@@ -32,7 +32,7 @@ inputs:
   extra-args:
     description: The extra arguments to pass to the Docker build command.
     type: string
-    default: ''
+    default: ""
   base-image-aws-account-id:
     description: The AWS account ID where the base image is located.
     type: string
@@ -50,10 +50,10 @@ runs:
       with:
         ref: ${{ inputs.sha }}
         fetch-depth: 0
-        submodules: 'true'
+        submodules: "true"
 
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
 
     - name: Login to ECR for base image
       if: ${{ (inputs.base-image-aws-region != '') && (inputs.base-image-aws-account-id != '') }}