Resolving trunk GH actions errors

zachshallbetter · zachshallbetter · commit 803ccdadbb14 · 2025-01-31T13:46:42.000-08:00
diff --git a/.github/workflows/test-pipeline.yml b/.github/workflows/test-pipeline.yml
@@ -11,10 +11,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     
     - name: Set up Python 3.11
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: "3.11"
         cache: 'pip'
@@ -29,7 +29,7 @@ jobs:
         make test-coverage
         
     - name: Upload test results
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: test-results
         path: |
@@ -39,7 +39,7 @@ jobs:
           performance-results/
         
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v3
+      uses: codecov/codecov-action@v4
       with:
         file: ./coverage.xml
         fail_ci_if_error: true
@@ -49,10 +49,10 @@ jobs:
     needs: test
     
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     
     - name: Set up Python 3.11
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: "3.11"
         cache: 'pip'
@@ -67,7 +67,7 @@ jobs:
         make test-distributed
         
     - name: Upload distributed test results
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: distributed-test-results
         path: distributed-test-results/ 
diff --git a/.github/workflows/trunk-check.yml b/.github/workflows/trunk-check.yml
@@ -13,18 +13,18 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 1
 
       - name: Set up Python 3.11
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.11"
           cache: "pip"
 
       - name: Cache Trunk
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.cache/trunk
           key: trunk-${{ runner.os }}-${{ hashFiles('.trunk/trunk.yaml') }}
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
@@ -316,3 +316,30 @@ For security concerns, contact:
 - Emergency Contact: [INSERT EMERGENCY CONTACT]
 
 Remember: Security is everyone's responsibility. Stay vigilant and report any concerns promptly.
+
+# Security Guide
+
+## Automated Security Checks
+
+We use several automated tools to ensure code security:
+
+### Trunk Security Scanning
+
+Our Trunk configuration includes security-focused tools:
+
+- **trufflehog**: Scans for secrets and sensitive data
+  - Runs on all PRs and pushes
+  - Ignores test files and documentation
+  - Configured to detect various token formats
+
+- **bandit**: Python security linter
+  - Checks for common security issues
+  - Custom rules for our codebase
+  - Integrated with CI/CD
+
+- **git-diff-check**: Prevents accidental commits of sensitive data
+  - Runs pre-commit
+  - Checks for large binary files
+  - Validates line endings
+
+See [.trunk/README.md](../.trunk/README.md) for security tool configuration.
