From 7e241eef7c2e77edd882c25ccc6c38d1f29367ea Mon Sep 17 00:00:00 2001 From: David Sanders Date: Wed, 14 Feb 2024 02:13:03 -0800 Subject: [PATCH] ci: update GitHub actions workflow dependencies (#41321) --- .github/workflows/branch-created.yml | 8 ++++---- .github/workflows/issue-commented.yml | 2 +- .github/workflows/issue-labeled.yml | 6 +++--- .github/workflows/issue-opened.yml | 2 +- .github/workflows/issue-unlabeled.yml | 4 ++-- .github/workflows/pull-request-labeled.yml | 6 +++--- .github/workflows/scorecards.yml | 9 +++++---- .github/workflows/semantic.yml | 2 +- .github/workflows/stable-prep-items.yml | 2 +- .github/workflows/stale.yml | 8 ++++---- .github/workflows/update_appveyor_image.yml | 6 +++--- 11 files changed, 28 insertions(+), 27 deletions(-) diff --git a/.github/workflows/branch-created.yml b/.github/workflows/branch-created.yml index 2a0bf85694..8ca6388a9c 100644 --- a/.github/workflows/branch-created.yml +++ b/.github/workflows/branch-created.yml @@ -73,7 +73,7 @@ jobs: org: electron - name: Generate Release Project Board Metadata if: ${{ steps.check-major-version.outputs.MAJOR }} - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 id: generate-project-metadata with: script: | @@ -92,7 +92,7 @@ jobs: })) - name: Create Release Project Board if: ${{ steps.check-major-version.outputs.MAJOR }} - uses: dsanders11/project-actions/copy-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0 + uses: dsanders11/project-actions/copy-project@82e99438bd44a14ad18d92d036dbc25cbfb9a8c4 # v1.2.0 id: create-release-board with: drafts: true @@ -112,14 +112,14 @@ jobs: GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} - name: Find Previous Release Project Board if: ${{ steps.check-major-version.outputs.MAJOR }} - uses: dsanders11/project-actions/find-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0 + uses: dsanders11/project-actions/find-project@82e99438bd44a14ad18d92d036dbc25cbfb9a8c4 # v1.2.0 id: find-prev-release-board with: title: ${{ steps.generate-project-metadata.outputs.prev-prev-major }}-x-y token: ${{ steps.generate-token.outputs.token }} - name: Close Previous Release Project Board if: ${{ steps.check-major-version.outputs.MAJOR }} - uses: dsanders11/project-actions/close-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0 + uses: dsanders11/project-actions/close-project@82e99438bd44a14ad18d92d036dbc25cbfb9a8c4 # v1.2.0 with: project-number: ${{ steps.find-prev-release-board.outputs.number }} token: ${{ steps.generate-token.outputs.token }} diff --git a/.github/workflows/issue-commented.yml b/.github/workflows/issue-commented.yml index d21f6a3ec4..f17254858b 100644 --- a/.github/workflows/issue-commented.yml +++ b/.github/workflows/issue-commented.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate GitHub App token - uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0 + uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1 id: generate-token with: creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }} diff --git a/.github/workflows/issue-labeled.yml b/.github/workflows/issue-labeled.yml index 20205f0128..e92b46739c 100644 --- a/.github/workflows/issue-labeled.yml +++ b/.github/workflows/issue-labeled.yml @@ -14,13 +14,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate GitHub App token - uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0 + uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1 id: generate-token with: creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }} org: electron - name: Set status - uses: dsanders11/project-actions/edit-item@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1 + uses: dsanders11/project-actions/edit-item@82e99438bd44a14ad18d92d036dbc25cbfb9a8c4 # v1.2.0 with: token: ${{ steps.generate-token.outputs.token }} project-number: 90 @@ -46,7 +46,7 @@ jobs: fi - name: Generate GitHub App token if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }} - uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0 + uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1 id: generate-token with: creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }} diff --git a/.github/workflows/issue-opened.yml b/.github/workflows/issue-opened.yml index 7883ea6ea0..b739983f1c 100644 --- a/.github/workflows/issue-opened.yml +++ b/.github/workflows/issue-opened.yml @@ -19,7 +19,7 @@ jobs: creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }} org: electron - name: Add to Issue Triage - uses: dsanders11/project-actions/add-item@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1 + uses: dsanders11/project-actions/add-item@82e99438bd44a14ad18d92d036dbc25cbfb9a8c4 # v1.2.0 with: field: Reporter field-value: ${{ github.event.issue.user.login }} diff --git a/.github/workflows/issue-unlabeled.yml b/.github/workflows/issue-unlabeled.yml index 6de3d7c83f..03f2e0cc3b 100644 --- a/.github/workflows/issue-unlabeled.yml +++ b/.github/workflows/issue-unlabeled.yml @@ -23,14 +23,14 @@ jobs: fi - name: Generate GitHub App token if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }} - uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0 + uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1 id: generate-token with: creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }} org: electron - name: Set status if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }} - uses: dsanders11/project-actions/edit-item@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1 + uses: dsanders11/project-actions/edit-item@82e99438bd44a14ad18d92d036dbc25cbfb9a8c4 # v1.2.0 with: token: ${{ steps.generate-token.outputs.token }} project-number: 90 diff --git a/.github/workflows/pull-request-labeled.yml b/.github/workflows/pull-request-labeled.yml index 6b339a7ea1..3462f0005b 100644 --- a/.github/workflows/pull-request-labeled.yml +++ b/.github/workflows/pull-request-labeled.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Trigger Slack workflow - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 + uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 with: payload: | { @@ -27,13 +27,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate GitHub App token - uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0 + uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1 id: generate-token with: creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }} org: electron - name: Set status - uses: dsanders11/project-actions/edit-item@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1 + uses: dsanders11/project-actions/edit-item@82e99438bd44a14ad18d92d036dbc25cbfb9a8c4 # v1.2.0 with: token: ${{ steps.generate-token.outputs.token }} project-number: 94 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 532734c542..27130c16ff 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -22,12 +22,13 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false + # This is a pre-submit / pre-release. - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # tag=v2.1.2 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif @@ -41,7 +42,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # tag=v3.1.2 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif @@ -49,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # tag=v2.1.27 + uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 with: sarif_file: results.sarif diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml index 031902020f..1a7dad3e18 100644 --- a/.github/workflows/semantic.yml +++ b/.github/workflows/semantic.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: semantic-pull-request - uses: amannn/action-semantic-pull-request@01d5fd8a8ebb9aafe902c40c53f0f4744f7381eb # tag: v5 + uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/stable-prep-items.yml b/.github/workflows/stable-prep-items.yml index b5ec575b9f..74dabd23a5 100644 --- a/.github/workflows/stable-prep-items.yml +++ b/.github/workflows/stable-prep-items.yml @@ -27,7 +27,7 @@ jobs: PROJECT_NUMBER=$(gh project list --owner electron --format json | jq -r '.projects | map(select(.title | test("^[0-9]+-x-y$"))) | max_by(.number) | .number') echo "PROJECT_NUMBER=$PROJECT_NUMBER" >> "$GITHUB_OUTPUT" - name: Update Completed Stable Prep Items - uses: dsanders11/project-actions/completed-by@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1 + uses: dsanders11/project-actions/completed-by@82e99438bd44a14ad18d92d036dbc25cbfb9a8c4 # v1.2.0 with: field: Prep Status field-value: ✅ Complete diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index a0102ad488..400e393b3c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,11 +12,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate GitHub App token - uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0 + uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1 id: generate-token with: creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }} - - uses: actions/stale@5ebf00ea0e4c1561e9b43a292ed34424fb1d4578 # tag: v6.0.1 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0 with: repo-token: ${{ steps.generate-token.outputs.token }} days-before-stale: 90 @@ -35,11 +35,11 @@ jobs: needs: stale steps: - name: Generate GitHub App token - uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0 + uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1 id: generate-token with: creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }} - - uses: actions/stale@5ebf00ea0e4c1561e9b43a292ed34424fb1d4578 # tag: v6.0.1 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0 with: repo-token: ${{ steps.generate-token.outputs.token }} days-before-stale: -1 diff --git a/.github/workflows/update_appveyor_image.yml b/.github/workflows/update_appveyor_image.yml index bb09408eaa..5eba50527a 100644 --- a/.github/workflows/update_appveyor_image.yml +++ b/.github/workflows/update_appveyor_image.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Yarn install @@ -38,7 +38,7 @@ jobs: fi - name: (Optionally) Update Appveyor Image if: ${{ env.APPVEYOR_IMAGE_VERSION }} - uses: mikefarah/yq@1c7dc0e88aad311c89889bc5ce5d8f96931a1bd0 # v4.27.2 + uses: mikefarah/yq@bb66c9c872a7a4cf3d6846c2ff6d182c66ec3f77 # v4.40.7 with: cmd: | yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor.yml" > "appveyor2.yml" @@ -57,7 +57,7 @@ jobs: rm appveyor-woa2.yml appveyor-woa.diff - name: (Optionally) Commit and Pull Request if: ${{ env.APPVEYOR_IMAGE_VERSION }} - uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3 + uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: 'build: update appveyor image to latest version'