diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 4c5f98a7..66c825d5 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -603,7 +603,7 @@ jobs: steps: - name: Checkout specified branch id: checkout-specified-branch - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Force exact ref when running in act (it copies files locally, it breaks if we specify another ref) ref: ${{ !github.event.act && inputs.branch || github.sha }} @@ -611,7 +611,7 @@ jobs: - name: Define variables id: vars - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const fs = require('fs'); @@ -853,7 +853,7 @@ jobs: - name: Download GitHub artifact id: download-dist-artifacts continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.dist-artifacts-prefix }}dist-artifacts path: /tmp/dist-artifacts @@ -926,7 +926,7 @@ jobs: runs-on: ubuntu-arm64-small steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Force exact ref when running in act (it copies files locally, it breaks if we specify another ref) ref: ${{ !github.event.act && needs.setup.outputs.commit-sha || github.sha }} @@ -1143,7 +1143,7 @@ jobs: - name: Download GitHub artifact id: download-dist-artifacts continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.dist-artifacts-prefix }}dist-artifacts path: /tmp/dist-artifacts @@ -1238,7 +1238,7 @@ jobs: # and we will keep the last one. They all generate the same urls. - name: Generate GCS release URLs id: generate-urls - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: GCS_ARTIFACTS_RELEASE_PATH_TAG: ${{ steps.paths.outputs.gcs_artifacts_release_path_tag }} with: @@ -1309,7 +1309,7 @@ jobs: - /home/runner/work/_actions:/home/runner/work/_actions steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Force exact ref when running in act (it copies files locally, it breaks if we specify another ref) ref: ${{ !github.event.act && needs.setup.outputs.commit-sha || github.sha }} @@ -1347,7 +1347,7 @@ jobs: }} steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Force exact ref when running in act (it copies files locally, it breaks if we specify another ref) ref: ${{ !github.event.act && needs.setup.outputs.commit-sha || github.sha }} @@ -1356,7 +1356,7 @@ jobs: - name: Download GitHub artifact id: download-dist-artifacts continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.dist-artifacts-prefix }}dist-artifacts path: /tmp/dist-artifacts @@ -1386,7 +1386,7 @@ jobs: shell: bash - name: Create tag - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 # Allow the tag creation to fail, in case it already exists # (e.g.: created manually, or re-triggering a release). continue-on-error: true diff --git a/.github/workflows/check-release-channel.yml b/.github/workflows/check-release-channel.yml index 4c4f55e7..7ffed4b4 100644 --- a/.github/workflows/check-release-channel.yml +++ b/.github/workflows/check-release-channel.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-arm64-small steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Check for rolling releases channel run: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3163179..e8a98fe3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -403,14 +403,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Force exact ref when running in act (it copies files locally, it breaks if we specify another ref) ref: ${{ !github.event.act && inputs.branch || github.sha }} persist-credentials: false - name: Determine workflow context - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: workflow-context with: script: | @@ -439,7 +439,7 @@ jobs: - name: Determine Go and Node versions id: tooling-versions - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const fs = require('fs'); @@ -703,7 +703,7 @@ jobs: shell: bash - name: Upload GitHub artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ inputs.dist-artifacts-prefix }}dist-artifacts path: ${{ inputs.plugin-directory }}/dist-artifacts/ @@ -729,7 +729,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Force exact ref when running in act (it copies files locally, it breaks if we specify another ref) ref: ${{ !github.event.act && inputs.branch || github.sha }} @@ -825,7 +825,7 @@ jobs: - name: Download GitHub artifact id: download-dist-artifacts continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.dist-artifacts-prefix }}dist-artifacts path: /tmp/${{ inputs.dist-artifacts-prefix }}dist-artifacts diff --git a/.github/workflows/playwright-docker.yml b/.github/workflows/playwright-docker.yml index 00c36130..d49beedf 100644 --- a/.github/workflows/playwright-docker.yml +++ b/.github/workflows/playwright-docker.yml @@ -74,7 +74,7 @@ jobs: matrix: ${{ steps.resolve-versions.outputs.matrix }} steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -96,14 +96,14 @@ jobs: name: e2e ${{ matrix.GRAFANA_IMAGE.name }}@${{ matrix.GRAFANA_IMAGE.VERSION }} runs-on: ubuntu-x64-large steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Download GitHub artifact id: download-dist-artifacts continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dist-artifacts path: /tmp/dist-artifacts @@ -173,7 +173,7 @@ jobs: DOCKER_COMPOSE_FILE: ${{ inputs.grafana-compose-file }} - name: Upload artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ (inputs.upload-artifacts == true) && ((always() && steps.run-tests.outcome == 'success') || (failure() && steps.run-tests.outcome == 'failure')) }} with: name: playwright-report-${{ matrix.GRAFANA_IMAGE.NAME }}-v${{ matrix.GRAFANA_IMAGE.VERSION }}-${{github.run_id}} diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index df83cf77..8b83a673 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -124,7 +124,7 @@ jobs: matrix: ${{ steps.resolve-versions.outputs.matrix }} steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -147,7 +147,7 @@ jobs: name: e2e ${{ matrix.GRAFANA_IMAGE.name }}@${{ matrix.GRAFANA_IMAGE.VERSION }} runs-on: ubuntu-x64-large steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -180,7 +180,7 @@ jobs: working-directory: ${{ inputs.plugin-directory }} - name: Get Playwright version - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: version with: script: | @@ -237,7 +237,7 @@ jobs: - name: Cache Playwright id: cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: ~/.cache/ms-playwright key: playwright-${{ steps.version.outputs.version }}-${{ steps.browsers.outputs.cache-key }} @@ -261,7 +261,7 @@ jobs: - name: Download GitHub artifact id: download-dist-artifacts continue-on-error: true - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dist-artifacts path: /tmp/dist-artifacts @@ -349,7 +349,7 @@ jobs: working-directory: ${{ inputs.plugin-directory }} - name: Upload artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ (inputs.upload-artifacts == true) && ((always() && steps.run-tests.outcome == 'success') || (failure() && steps.run-tests.outcome == 'failure')) }} with: name: playwright-report-${{ matrix.GRAFANA_IMAGE.NAME }}-v${{ matrix.GRAFANA_IMAGE.VERSION }}-${{github.run_id}} diff --git a/.github/workflows/pr-checks-examples-readmes.yml b/.github/workflows/pr-checks-examples-readmes.yml index 8ec88adf..59bd2405 100644 --- a/.github/workflows/pr-checks-examples-readmes.yml +++ b/.github/workflows/pr-checks-examples-readmes.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/pr-checks-lint.yml b/.github/workflows/pr-checks-lint.yml index 007216e4..8f88c190 100644 --- a/.github/workflows/pr-checks-lint.yml +++ b/.github/workflows/pr-checks-lint.yml @@ -22,7 +22,7 @@ jobs: actionlint: runs-on: ubuntu-arm64-small steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Enable action lint matcher @@ -50,7 +50,7 @@ jobs: - examples/base steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 diff --git a/.github/workflows/pr-checks-test-ci.yml b/.github/workflows/pr-checks-test-ci.yml index c9ad7ba5..50fac625 100644 --- a/.github/workflows/pr-checks-test-ci.yml +++ b/.github/workflows/pr-checks-test-ci.yml @@ -26,7 +26,7 @@ jobs: relevant: ${{ steps.changed.outputs.any_changed }} steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: true fetch-depth: 2 @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-x64-xlarge-io steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.event.pull_request.head.sha || github.ref }} fetch-depth: 0 diff --git a/.github/workflows/pr-checks-workflow-references.yml b/.github/workflows/pr-checks-workflow-references.yml index 4172528b..f1a0049f 100644 --- a/.github/workflows/pr-checks-workflow-references.yml +++ b/.github/workflows/pr-checks-workflow-references.yml @@ -23,7 +23,7 @@ jobs: contents: read pull-requests: read steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/release-please-pr-update-tagged-references.yml b/.github/workflows/release-please-pr-update-tagged-references.yml index c7348de9..d5524dd5 100644 --- a/.github/workflows/release-please-pr-update-tagged-references.yml +++ b/.github/workflows/release-please-pr-update-tagged-references.yml @@ -29,7 +29,7 @@ jobs: automated-commit: ${{ steps.check.outputs.automated-commit }} steps: - name: Checkout PR branch - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.head_ref }} persist-credentials: false @@ -70,7 +70,7 @@ jobs: github_app: grafana-plugins-platform-bot - name: Checkout PR branch - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.head_ref }} token: ${{ steps.generate-github-token.outputs.token }} diff --git a/.github/workflows/release-please-restore-rolling-release.yml b/.github/workflows/release-please-restore-rolling-release.yml index 8f5841af..200790b5 100644 --- a/.github/workflows/release-please-restore-rolling-release.yml +++ b/.github/workflows/release-please-restore-rolling-release.yml @@ -41,7 +41,7 @@ jobs: github_app: grafana-plugins-platform-bot - name: Checkout main branch - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: main token: ${{ steps.generate-github-token.outputs.token }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 92d0179b..54611005 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -54,7 +54,7 @@ jobs: # `/--sha`. - name: tag major and minor versions if: steps.release.outputs.releases_created == 'true' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: RELEASES: ${{ toJSON(steps.release.outputs) }} with: diff --git a/actions/internal/plugins/setup/action.yml b/actions/internal/plugins/setup/action.yml index 44f48f44..3a33a4f1 100644 --- a/actions/internal/plugins/setup/action.yml +++ b/actions/internal/plugins/setup/action.yml @@ -132,7 +132,7 @@ runs: - name: Cache Go tooling if: ${{ inputs.frontend-only != 'true' }} id: cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: | ${{ steps.go-bin.outputs.gobin }}/golangci-lint diff --git a/actions/internal/plugins/trufflehog/action.yml b/actions/internal/plugins/trufflehog/action.yml index 5ef1b915..8b354859 100644 --- a/actions/internal/plugins/trufflehog/action.yml +++ b/actions/internal/plugins/trufflehog/action.yml @@ -39,7 +39,7 @@ runs: steps: - name: Cache Trufflehog binary id: cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: /usr/local/bin/trufflehog key: trufflehog-${{ runner.os }}-${{ runner.arch }}-${{ inputs.trufflehog-version }} diff --git a/actions/plugins/release-please/action.yml b/actions/plugins/release-please/action.yml index bc07669f..3d19a03c 100644 --- a/actions/plugins/release-please/action.yml +++ b/actions/plugins/release-please/action.yml @@ -36,7 +36,7 @@ runs: permission_set: release-please - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: token: ${{ steps.generate-github-token.outputs.token }} persist-credentials: true diff --git a/actions/plugins/version-bump-changelog/action.yml b/actions/plugins/version-bump-changelog/action.yml index dc1c6e0a..a2fcd79f 100644 --- a/actions/plugins/version-bump-changelog/action.yml +++ b/actions/plugins/version-bump-changelog/action.yml @@ -34,7 +34,7 @@ runs: github_app: grafana-plugins-platform-bot permission_set: version-bump-changelog - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: token: ${{ steps.generate-github-token.outputs.token }} persist-credentials: true @@ -89,7 +89,7 @@ runs: - name: Commit changes id: commit - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ steps.generate-github-token.outputs.token }} script: | @@ -162,7 +162,7 @@ runs: COMMIT_MESSAGE: "chore(version): bump version to ${{ steps.bump.outputs.new-version }}" - name: Create git tag - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ steps.generate-github-token.outputs.token }} script: |