bump Golang version to v1.22.10 and update CI actions

Signed-off-by: Guillaume Lours <[email protected]>

.github/workflows/ci.yml

@@ -56,7 +56,7 @@ jobs:
         uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       -
         name: Run
         run: |
@@ -81,13 +81,13 @@ jobs:
         uses: actions/checkout@v4
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       -
         name: Build
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v5
         with:
           targets: release
           set: |
@@ -110,10 +110,10 @@ jobs:
         uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       -
         name: Test
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v5
         with:
           targets: test
           set: |
@@ -141,10 +141,9 @@ jobs:
           - plugin
           - standalone
         engine:
-          - 24.0.9
           - 25.0.5
           - 26.1.4
-          - 27.4.0-rc.4
+          - 27.4.1
     steps:
       - name: Prepare
         run: |
@@ -165,7 +164,7 @@ jobs:
         run: docker --version
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       -
         name: Set up Go
         uses: actions/setup-go@v5
@@ -175,7 +174,7 @@ jobs:
           cache: true
       -
         name: Build
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v5
         with:
           targets: binary-with-coverage
           set: |

.github/workflows/merge.yml

@@ -84,14 +84,14 @@ jobs:
         uses: actions/checkout@v4
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             ${{ env.REPO_SLUG }}
@@ -102,13 +102,13 @@ jobs:
       -
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERPUBLICBOT_USERNAME }}
           password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
       -
         name: Build and push image
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v5
         id: bake
         with:
           files: |
@@ -129,14 +129,15 @@ jobs:
       -
         name: Generate Token
         id: generate_token
-        uses: tibdex/github-app-token@v1
+        uses: tibdex/github-app-token@3eb77c7243b85c65e84acfa93fdbac02fb6bd532 # v2.1.0
         with:
           app_id: ${{ vars.DOCKERDESKTOP_APP_ID }}
           private_key: ${{ secrets.DOCKERDESKTOP_APP_PRIVATEKEY }}
-          repository: docker/${{ secrets.DOCKERDESKTOP_REPO }}
+          repositories: >-
+            [docker/${{ secrets.DOCKERDESKTOP_REPO }}]
       -
         name: Trigger Docker Desktop e2e with edge version
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           github-token: ${{ steps.generate_token.outputs.token }}
           script: |

.github/workflows/scorecards.yml

@@ -22,12 +22,12 @@ jobs:
     
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.4.2
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # tag=v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -41,7 +41,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # tag=v4.5.0
         with:
           name: SARIF file
           path: results.sarif
@@ -49,6 +49,6 @@ jobs:
       
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
+        uses: github/codeql-action/upload-sarif@3096afedf9873361b2b2f65e1445b13272c83eb8 # tag=v2.20.00
         with:
           sarif_file: results.sarif

Dockerfile

@@ -15,7 +15,7 @@
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
 
-ARG GO_VERSION=1.22.8
+ARG GO_VERSION=1.22.10
 ARG XX_VERSION=1.6.1
 ARG GOLANGCI_LINT_VERSION=v1.60.2
 ARG ADDLICENSE_VERSION=v1.0.0

go.mod

@@ -1,8 +1,8 @@
 module github.com/docker/compose/v2
 
-go 1.22.7
+go 1.22.10
 
-toolchain go1.23.3
+toolchain go1.23.4
 
 require (
 	github.com/AlecAivazis/survey/v2 v2.3.7