From 91f2af5492f7e4040699db41f682ab3a94c1ba98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 20:12:31 +0000 Subject: [PATCH] ci(deps): bump the github-actions group across 1 directory with 12 updates Bumps the github-actions group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [benchmark-action/github-action-benchmark](https://github.com/benchmark-action/github-action-benchmark) | `1.20.7` | `1.22.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.2.1` | `6.1.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.4.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [nick-fields/retry](https://github.com/nick-fields/retry) | `3` | `4` | | [WyriHaximus/github-action-get-previous-tag](https://github.com/wyrihaximus/github-action-get-previous-tag) | `1.4.0` | `2.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` | | [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `5.0.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.0.0` | `8.1.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.0` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `benchmark-action/github-action-benchmark` from 1.20.7 to 1.22.0 - [Release notes](https://github.com/benchmark-action/github-action-benchmark/releases) - [Changelog](https://github.com/benchmark-action/github-action-benchmark/blob/master/CHANGELOG.md) - [Commits](https://github.com/benchmark-action/github-action-benchmark/compare/4bdcce38c94cec68da58d012ac24b7b1155efe8b...a60cea5bc7b49e15c1f58f411161f99e0df48372) Updates `aws-actions/configure-aws-credentials` from 4.2.1 to 6.1.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v4.2.1...ec61189d14ec14c8efccab744f656cffd0e33f37) Updates `actions/setup-go` from 5.5.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5.5.0...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) Updates `nick-fields/retry` from 3 to 4 - [Release notes](https://github.com/nick-fields/retry/releases) - [Commits](https://github.com/nick-fields/retry/compare/v3...v4) Updates `WyriHaximus/github-action-get-previous-tag` from 1.4.0 to 2.0.0 - [Release notes](https://github.com/wyrihaximus/github-action-get-previous-tag/releases) - [Commits](https://github.com/wyrihaximus/github-action-get-previous-tag/compare/04e8485ecb6487243907e330d522ff60f02283ce...61819f33034117e6c686e6a31dba995a85afc9de) Updates `actions/upload-artifact` from 6.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `googleapis/release-please-action` from 4.4.0 to 5.0.0 - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/release-please-action/compare/16a9c90856f42705d54a6fda1823352bdc62cf38...45996ed1f6d02564a971a2fa1b5860e934307cf7) Updates `peter-evans/create-pull-request` from 8.0.0 to 8.1.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/98357b18bf14b5342f975ff684046ec3b2a07725...5f6978faf089d4d20b00c7766989d076bb2fc7f1) Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `softprops/action-gh-release` from 2.5.0 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: benchmark-action/github-action-benchmark dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: googleapis/release-please-action dependency-version: 4.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: nick-fields/retry dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: WyriHaximus/github-action-get-previous-tag dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/benchmark.yaml | 4 +-- .github/workflows/build-and-test-deb.yaml | 8 ++--- .github/workflows/build-and-test-msi.yaml | 24 +++++++------- .github/workflows/build-and-test-pkg.yaml | 2 +- .github/workflows/build-pkg.yaml | 6 ++-- .github/workflows/canary-deb.yaml | 4 +-- .github/workflows/ci-docs.yaml | 10 +++--- .github/workflows/ci.yaml | 32 +++++++++---------- .github/workflows/e2e-linux.yaml | 8 ++--- .github/workflows/e2e-macos.yaml | 8 ++--- .../workflows/e2e-ubuntu-finch-daemon.yaml | 10 +++--- .github/workflows/e2e-ubuntu-finch.yaml | 10 +++--- .github/workflows/e2e-windows.yaml | 8 ++--- .github/workflows/go-version-protection.yaml | 2 +- .github/workflows/release-automation.yaml | 8 ++--- .github/workflows/release-please.yaml | 2 +- .github/workflows/samcli-vm.yaml | 14 ++++---- .../workflows/sync-submodules-and-deps.yaml | 6 ++-- .github/workflows/test-pkg.yaml | 10 +++--- .github/workflows/upload-build-to-S3.yaml | 20 ++++++------ .github/workflows/upload-deb-to-release.yaml | 10 +++--- .../upload-installer-to-release.yaml | 4 +-- .github/workflows/upload-msi-to-release.yaml | 4 +-- .github/workflows/upload-test-report.yaml | 4 +-- .../upload-verified-artifacts-to-s3.yaml | 4 +-- 25 files changed, 111 insertions(+), 111 deletions(-) diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml index 070266ebd..4ce653e13 100644 --- a/.github/workflows/benchmark.yaml +++ b/.github/workflows/benchmark.yaml @@ -29,7 +29,7 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 30 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail. fetch-depth: 0 @@ -62,7 +62,7 @@ jobs: echo "OS_VERSION=$(sw_vers -productVersion | cut -d '.' -f 1)" >> $GITHUB_ENV echo "ARCH=$(uname -m)" >> $GITHUB_ENV - name: Store benchmark result - uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7 + uses: benchmark-action/github-action-benchmark@a60cea5bc7b49e15c1f58f411161f99e0df48372 # v1.22.0 with: name: Finch Benchmark tool: 'go' diff --git a/.github/workflows/build-and-test-deb.yaml b/.github/workflows/build-and-test-deb.yaml index 1c75086cb..cc2cedd2d 100644 --- a/.github/workflows/build-and-test-deb.yaml +++ b/.github/workflows/build-and-test-deb.yaml @@ -53,7 +53,7 @@ jobs: version="0.0.1+${{ github.sha }}" fi echo "version=$version" >> ${GITHUB_OUTPUT} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ steps.check-tag.outputs.tag }} fetch-depth: 0 @@ -80,7 +80,7 @@ jobs: timeout-minutes: 60 steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.DEB_ROLE_PROD }} role-session-name: ubuntu-deb @@ -88,13 +88,13 @@ jobs: - name: Clean ubuntu runner workspace run: | rm -rf ${{ github.workspace }}/* - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.get-tag-and-version.outputs.commit }} fetch-depth: 0 persist-credentials: false submodules: true - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false diff --git a/.github/workflows/build-and-test-msi.yaml b/.github/workflows/build-and-test-msi.yaml index 7acbda884..eb0e0d499 100644 --- a/.github/workflows/build-and-test-msi.yaml +++ b/.github/workflows/build-and-test-msi.yaml @@ -53,7 +53,7 @@ jobs: version="0.0.1" fi echo "version=$version" >> ${GITHUB_OUTPUT} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ steps.check-tag.outputs.tag }} fetch-depth: 0 @@ -78,25 +78,25 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.x' - name: Install AWS CLI run: | python -m pip install --upgrade pip pip install awscli - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.get-tag-name.outputs.commit }} fetch-depth: 0 persist-credentials: false submodules: recursive - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.WINDOWS_ROLE }} role-session-name: windows-msi @@ -152,7 +152,7 @@ jobs: throw "Failed after $maxRetries attempts." } - name: configure aws credentials for upload signed MSI to installer bucket - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: windows-msi @@ -186,18 +186,18 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.x' - name: Install AWS CLI run: | python -m pip install --upgrade pip pip install awscli - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.get-tag-name.outputs.commit }} fetch-depth: 0 @@ -210,7 +210,7 @@ jobs: echo "has_creds=$has_creds" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append exit 0 # if $has_creds is false, powershell will exit with code 1 and this step will fail - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: msi-test @@ -246,7 +246,7 @@ jobs: # set networking config option to allow for VM/container -> host communication echo "networkingMode=mirrored`nhostAddressLoopback=true" > C:\Users\Administrator\.wslconfig - name: Run VM e2e tests - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 with: timeout_minutes: 180 max_attempts: 3 @@ -264,7 +264,7 @@ jobs: shell: pwsh run: ./scripts/cleanup_wsl.ps1 - name: Run container e2e tests - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 with: timeout_minutes: 180 max_attempts: 3 diff --git a/.github/workflows/build-and-test-pkg.yaml b/.github/workflows/build-and-test-pkg.yaml index e1e16694e..935fe1b61 100644 --- a/.github/workflows/build-and-test-pkg.yaml +++ b/.github/workflows/build-and-test-pkg.yaml @@ -46,7 +46,7 @@ jobs: fi echo "using tag=${tag}" echo "tag=$tag" >> ${GITHUB_OUTPUT} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ steps.check-tag.outputs.tag }} fetch-depth: 0 diff --git a/.github/workflows/build-pkg.yaml b/.github/workflows/build-pkg.yaml index 9b5999446..86bb7c901 100644 --- a/.github/workflows/build-pkg.yaml +++ b/.github/workflows/build-pkg.yaml @@ -47,13 +47,13 @@ jobs: run: | setopt NULL_GLOB && rm -rf ${{ github.workspace }}/* shell: zsh {0} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.commit }} fetch-depth: 0 persist-credentials: false submodules: true - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -68,7 +68,7 @@ jobs: shell: zsh {0} - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: dependency-upload-session diff --git a/.github/workflows/canary-deb.yaml b/.github/workflows/canary-deb.yaml index a703cc4ac..4ae15d7ea 100644 --- a/.github/workflows/canary-deb.yaml +++ b/.github/workflows/canary-deb.yaml @@ -30,12 +30,12 @@ jobs: timeout-minutes: 10 steps: - name: Checkout canary script - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6 with: sparse-checkout: | scripts/canary-deb.sh - name: Run canary script with retry - uses: nick-fields/retry@v3 + uses: nick-fields/retry@v4 with: timeout_minutes: 2 max_attempts: 3 diff --git a/.github/workflows/ci-docs.yaml b/.github/workflows/ci-docs.yaml index 32cb1dc3f..89b89ded8 100644 --- a/.github/workflows/ci-docs.yaml +++ b/.github/workflows/ci-docs.yaml @@ -58,7 +58,7 @@ jobs: timeout-minutes: 2 steps: - name: Pull latest awslabs/git-secrets repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: awslabs/git-secrets ref: 1.3.0 @@ -67,7 +67,7 @@ jobs: - name: Install git secrets from source run: sudo make install working-directory: git-secrets - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Scan repository for git secrets run: | git secrets --register-aws @@ -99,8 +99,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -175,7 +175,7 @@ jobs: contents: read timeout-minutes: 2 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0 with: args: '**/*.md' diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9fa072f9a..bb1201542 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -57,7 +57,7 @@ jobs: timeout-minutes: 2 steps: - name: Pull latest awslabs/git-secrets repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: awslabs/git-secrets ref: 1.3.0 @@ -66,7 +66,7 @@ jobs: - name: Install git secrets from source run: sudo make install working-directory: git-secrets - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Scan repository for git secrets run: | git secrets --register-aws @@ -79,12 +79,12 @@ jobs: outputs: tag: ${{ steps.latest-tag.outputs.tag }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: 'Get the latest tag' id: latest-tag - uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 + uses: "WyriHaximus/github-action-get-previous-tag@61819f33034117e6c686e6a31dba995a85afc9de" # v2.0.0 gen-code-no-diff: strategy: @@ -94,8 +94,8 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 5 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ matrix.go-version }} cache: false @@ -115,8 +115,8 @@ jobs: run: | git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ matrix.go-version }} cache: false @@ -128,8 +128,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -161,7 +161,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run ShellCheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 with: @@ -172,8 +172,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 1 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -185,8 +185,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 1 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -261,7 +261,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0 with: args: '**/*.md' diff --git a/.github/workflows/e2e-linux.yaml b/.github/workflows/e2e-linux.yaml index e3d3084d3..8f9ad13a9 100644 --- a/.github/workflows/e2e-linux.yaml +++ b/.github/workflows/e2e-linux.yaml @@ -52,13 +52,13 @@ jobs: run: | echo "ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true" >> $GITHUB_ENV echo "ACTIONS_RUNNER_FORCE_ACTIONS_NODE_VERSION=node16" >> $GITHUB_ENV - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail. fetch-depth: 0 persist-credentials: false submodules: recursive - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -68,7 +68,7 @@ jobs: has_creds=${{ (github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name) && github.actor != 'dependabot[bot]' }} echo "has_creds=$has_creds" >> $GITHUB_OUTPUT - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 # this action requires node20, skip on AL2 if: ${{ steps.vars.outputs.has_creds == 'true' && (!(startsWith(inputs.os, 'amazon') && inputs.version == '2' ))}} with: @@ -162,7 +162,7 @@ jobs: echo "VM_SERIAL_REPORT=${{ github.run_id }}-${{ github.run_attempt }}-e2e-vm-serial-report.json" >> $GITHUB_OUTPUT - name: Upload reports artifact if: ${{ steps.vars.outputs.has_creds == 'true' && (!(startsWith(inputs.os, 'amazon') && inputs.version == '2' ))}} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: linux-${{ inputs.version }}-test-e2e-${{ inputs.arch }}-${{ github.run_id }}-${{ github.run_attempt }}-e2e-reports path: ${{ github.workspace }}/reports/${{ github.run_id }}-${{ github.run_attempt }}-*.json diff --git a/.github/workflows/e2e-macos.yaml b/.github/workflows/e2e-macos.yaml index 600eae1ea..ed666d3d5 100644 --- a/.github/workflows/e2e-macos.yaml +++ b/.github/workflows/e2e-macos.yaml @@ -45,13 +45,13 @@ jobs: - name: Clean macOS runner workspace run: | rm -rf ${{ github.workspace }}/* - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail. fetch-depth: 0 persist-credentials: false submodules: recursive - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -61,7 +61,7 @@ jobs: has_creds=${{ (github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name) && github.actor != 'dependabot[bot]' }} echo "has_creds=$has_creds" >> $GITHUB_OUTPUT - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 if: ${{ steps.vars.outputs.has_creds == 'true' }} with: role-to-assume: ${{ secrets.ROLE }} @@ -105,7 +105,7 @@ jobs: echo "VM_SERIAL_REPORT=${{ github.run_id }}-${{ github.run_attempt }}-e2e-vm-serial-report.json" >> $GITHUB_OUTPUT - name: Upload reports artifact if: always() - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: macos-${{ inputs.version }}-${{ inputs.test-command }}-${{ inputs.arch }}-${{ github.run_id }}-${{ github.run_attempt }}-e2e-reports path: ${{ github.workspace }}/reports/${{ github.run_id }}-${{ github.run_attempt }}-*.json diff --git a/.github/workflows/e2e-ubuntu-finch-daemon.yaml b/.github/workflows/e2e-ubuntu-finch-daemon.yaml index ff2103c9e..41fca2c41 100644 --- a/.github/workflows/e2e-ubuntu-finch-daemon.yaml +++ b/.github/workflows/e2e-ubuntu-finch-daemon.yaml @@ -27,12 +27,12 @@ jobs: outputs: tag: ${{ steps.latest-tag.outputs.tag }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: 'Get the latest tag' id: latest-tag - uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 + uses: "WyriHaximus/github-action-get-previous-tag@61819f33034117e6c686e6a31dba995a85afc9de" # v2.0.0 get-tag-and-version: needs: get-latest-tag @@ -120,13 +120,13 @@ jobs: run: | sudo df -h sudo df -h /tmp - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail. fetch-depth: 0 persist-credentials: false submodules: recursive - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -195,7 +195,7 @@ jobs: echo "DAEMON_REPORT=${{ github.run_id }}-${{ github.run_attempt }}-e2e-daemon-report.json" >> $GITHUB_OUTPUT - name: Upload reports artifact if: always() - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ubuntu-test-e2e-finch-daemon-${{ inputs.arch }}-${{ github.run_id }}-${{ github.run_attempt }}-e2e-reports path: ${{ github.workspace }}/reports/${{ github.run_id }}-${{ github.run_attempt }}-*.json diff --git a/.github/workflows/e2e-ubuntu-finch.yaml b/.github/workflows/e2e-ubuntu-finch.yaml index e465532e7..76e9283a0 100644 --- a/.github/workflows/e2e-ubuntu-finch.yaml +++ b/.github/workflows/e2e-ubuntu-finch.yaml @@ -27,12 +27,12 @@ jobs: outputs: tag: ${{ steps.latest-tag.outputs.tag }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: 'Get the latest tag' id: latest-tag - uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 + uses: "WyriHaximus/github-action-get-previous-tag@61819f33034117e6c686e6a31dba995a85afc9de" # v2.0.0 get-tag-and-version: needs: get-latest-tag @@ -123,13 +123,13 @@ jobs: run: | sudo df -h sudo df -h /tmp - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail. fetch-depth: 0 persist-credentials: false submodules: recursive - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -206,7 +206,7 @@ jobs: echo "VM_SERIAL_REPORT=${{ github.run_id }}-${{ github.run_attempt }}-e2e-vm-serial-report.json" >> $GITHUB_OUTPUT - name: Upload reports artifact if: always() - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ubuntu-test-e2e-finch-${{ inputs.arch }}-${{ github.run_id }}-${{ github.run_attempt }}-e2e-reports path: ${{ github.workspace }}/reports/${{ github.run_id }}-${{ github.run_attempt }}-*.json diff --git a/.github/workflows/e2e-windows.yaml b/.github/workflows/e2e-windows.yaml index 66d82fe5b..aee08d043 100644 --- a/.github/workflows/e2e-windows.yaml +++ b/.github/workflows/e2e-windows.yaml @@ -49,7 +49,7 @@ jobs: run: | takeown /F C:\actions-runner\_work\finch /R Remove-Item C:\actions-runner\_work\finch\finch -Recurse -Force -ErrorAction Ignore - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail. fetch-depth: 0 @@ -62,7 +62,7 @@ jobs: echo "has_creds=$has_creds" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append exit 0 # if $has_creds is false, powershell will exit with code 1 and this step will fail - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 if: env.has_creds == 'true' with: role-to-assume: ${{ secrets.ROLE }} @@ -78,7 +78,7 @@ jobs: Remove-Item ${{ github.workspace }}\cov -Recurse -ErrorAction Ignore make clean cd deps/finch-core && make clean - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -111,7 +111,7 @@ jobs: "VM_SERIAL_REPORT=${{ github.run_id }}-${{ github.run_attempt }}-e2e-vm-serial-report.json" >> $env:GITHUB_OUTPUT - name: Upload reports artifact if: always() - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: windows-${{ inputs.test-command }}-2022-${{ inputs.arch }}-${{ github.run_id }}-${{ github.run_attempt }}-e2e-reports path: ${{ github.workspace }}/reports/${{ github.run_id }}-${{ github.run_attempt }}-*.json diff --git a/.github/workflows/go-version-protection.yaml b/.github/workflows/go-version-protection.yaml index 377c2b4db..f6ea5f86e 100644 --- a/.github/workflows/go-version-protection.yaml +++ b/.github/workflows/go-version-protection.yaml @@ -24,7 +24,7 @@ jobs: pull-requests: write steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml index 8af3ae077..533f99bab 100644 --- a/.github/workflows/release-automation.yaml +++ b/.github/workflows/release-automation.yaml @@ -13,12 +13,12 @@ jobs: outputs: tag: ${{ steps.latest-tag.outputs.tag }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: 'Get the latest tag' id: latest-tag - uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 + uses: "WyriHaximus/github-action-get-previous-tag@61819f33034117e6c686e6a31dba995a85afc9de" # v2.0.0 build-and-test-finch-pkg: needs: get-latest-tag @@ -109,7 +109,7 @@ jobs: contents: read steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: update-latest-version-in-s3 @@ -138,7 +138,7 @@ jobs: contents: read steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ vars.AWS_RELEASE_TRIGGER_ROLE }} role-session-name: upload-release-definition-to-s3 diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index a7f0bf541..8e3425cf5 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -19,7 +19,7 @@ jobs: outputs: release_created: ${{ steps.release.outputs.release_created }} steps: - - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0 + - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 id: release trigger-release-automation: name: Trigger release-automation.yaml if PR is merged diff --git a/.github/workflows/samcli-vm.yaml b/.github/workflows/samcli-vm.yaml index 99b2cf33d..00330a99e 100644 --- a/.github/workflows/samcli-vm.yaml +++ b/.github/workflows/samcli-vm.yaml @@ -101,7 +101,7 @@ jobs: shell: bash - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -115,7 +115,7 @@ jobs: run: echo "A" | /usr/sbin/softwareupdate --install-rosetta --agree-to-license || true - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ env.PYTHON_VERSION }} @@ -130,7 +130,7 @@ jobs: shell: bash - name: Checkout finch - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive @@ -166,7 +166,7 @@ jobs: shell: bash - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.SAMCLI_VM_ROLE }} role-session-name: samcli-${{ matrix.test_type }}-tests @@ -184,7 +184,7 @@ jobs: echo "tag=$TAG" >> $GITHUB_OUTPUT - name: Checkout SAM CLI - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: aws/aws-sam-cli submodules: recursive @@ -223,10 +223,10 @@ jobs: sudo rm -rf /tmp/finch-* || true - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 with: role-to-assume: ${{ secrets.SAMCLI_VM_ROLE }} role-session-name: cleanup diff --git a/.github/workflows/sync-submodules-and-deps.yaml b/.github/workflows/sync-submodules-and-deps.yaml index ba3af4f73..822e8513e 100644 --- a/.github/workflows/sync-submodules-and-deps.yaml +++ b/.github/workflows/sync-submodules-and-deps.yaml @@ -19,13 +19,13 @@ jobs: timeout-minutes: 2 steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive token: ${{ secrets.GITHUB_TOKEN }} - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: ${{ secrets.REGION }} role-to-assume: ${{ secrets.ROLE }} @@ -36,7 +36,7 @@ jobs: git submodule update --remote - name: Create PR - uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} signoff: true diff --git a/.github/workflows/test-pkg.yaml b/.github/workflows/test-pkg.yaml index ec9fd6818..3dd3543d3 100644 --- a/.github/workflows/test-pkg.yaml +++ b/.github/workflows/test-pkg.yaml @@ -46,13 +46,13 @@ jobs: ACCESS_TOKEN: ${{ secrets.FINCH_BOT_TOKEN }} steps: - name: Checkout the tag - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.commit }} fetch-depth: 0 persist-credentials: false submodules: true - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -68,7 +68,7 @@ jobs: sudo pkill '^socket_vmnet' fi - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: download-installer-session @@ -153,7 +153,7 @@ jobs: # Example workflow run https://github.com/runfinch/finch/actions/runs/4367457552/jobs/7638794529 sudo installer -pkg Finch-${{ inputs.tag }}-${{ inputs.output_arch }}.pkg -target / - name: Run VM e2e tests - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 with: timeout_minutes: 180 max_attempts: 3 @@ -162,7 +162,7 @@ jobs: git clean -f -d INSTALLED=true make test-e2e-vm - name: Run container e2e tests - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 with: timeout_minutes: 180 max_attempts: 3 diff --git a/.github/workflows/upload-build-to-S3.yaml b/.github/workflows/upload-build-to-S3.yaml index 78e0f7863..f4043082c 100644 --- a/.github/workflows/upload-build-to-S3.yaml +++ b/.github/workflows/upload-build-to-S3.yaml @@ -17,12 +17,12 @@ jobs: runs-on: [self-hosted, macos, arm64, 15, release] timeout-minutes: 60 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false submodules: true - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -36,7 +36,7 @@ jobs: shell: zsh {0} - name: Upload macos aarch64 build - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: finch.macos-aarch64 path: finch.*.aarch64.tar.gz @@ -46,12 +46,12 @@ jobs: runs-on: [self-hosted, macos, amd64, 15, release] timeout-minutes: 60 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false submodules: true - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: false @@ -65,7 +65,7 @@ jobs: shell: zsh {0} - name: Upload macos x86_64 build - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: finch.macos-x86_64 path: finch.*.x86_64.tar.gz @@ -78,26 +78,26 @@ jobs: - macos-x86_64-build - macos-aarch64-build steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: dependency-upload-session aws-region: ${{ secrets.REGION }} - name: Download macos aarch64 build - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: finch.macos-aarch64 path: build - name: Download macos x86_64 build - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: finch.macos-x86_64 path: build diff --git a/.github/workflows/upload-deb-to-release.yaml b/.github/workflows/upload-deb-to-release.yaml index 72f5c5981..0dd50e536 100644 --- a/.github/workflows/upload-deb-to-release.yaml +++ b/.github/workflows/upload-deb-to-release.yaml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 10 steps: - name: Configure Signing AWS credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.DEB_ROLE_PROD }} role-session-name: ubuntu-deb @@ -98,7 +98,7 @@ jobs: KEY_ID=$(sudo gpg --import pool/main/f/runfinch-finch/publickey.pem 2>&1 | grep "gpg: key" | cut -d' ' -f3 | cut -d':' -f1) sudo gpg --import pool/main/f/runfinch-finch/publickey.pem && sudo gpg --export --armor $KEY_ID > GPG_KEY.pub - name: Configure Artifacts AWS credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: ubuntu-deb-create-release @@ -148,7 +148,7 @@ jobs: done } >> dists/noble/Release - name: Configure Signing AWS credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.DEB_ROLE_PROD }} role-session-name: ubuntu-deb @@ -180,7 +180,7 @@ jobs: mv Release.gpg dists/noble/ mv Release dists/noble/ - name: Configure Artifacts AWS credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: ubuntu-deb-create-release @@ -205,7 +205,7 @@ jobs: aws cloudfront create-invalidation --distribution-id ${{ secrets.ARTIFACTS_DISTRO_ID_PROD }} --paths "/deb/dists/noble/Release" "/deb/dists/noble/Release.gpg" "/deb/dists/noble/main/binary-amd64/Packages*" "/deb/dists/noble/main/binary-arm64/Packages*" - name: Upload deb archives and signatures to release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v0.1.15 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v0.1.15 with: tag_name: ${{ needs.get-tag-and-version.outputs.tag }} files: | diff --git a/.github/workflows/upload-installer-to-release.yaml b/.github/workflows/upload-installer-to-release.yaml index dbe9f1f37..a77523e6f 100644 --- a/.github/workflows/upload-installer-to-release.yaml +++ b/.github/workflows/upload-installer-to-release.yaml @@ -34,7 +34,7 @@ jobs: timeout-minutes: 2 steps: - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: download-installer-session @@ -45,7 +45,7 @@ jobs: aws s3 cp s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ needs.get-tag-name.outputs.tag }}-x86_64.pkg Finch-${{ needs.get-tag-name.outputs.tag }}-x86_64.pkg aws s3 cp s3://${{ secrets.DEPENDENCY_BUCKET_NAME }}/dependency-sources.tar.gz DependenciesSourceCode.tar.gz - name: Upload installers and dependency source code to release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v0.1.15 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v0.1.15 with: tag_name: ${{ needs.get-tag-name.outputs.tag }} files: | diff --git a/.github/workflows/upload-msi-to-release.yaml b/.github/workflows/upload-msi-to-release.yaml index e796b03eb..d8ae9fdcf 100644 --- a/.github/workflows/upload-msi-to-release.yaml +++ b/.github/workflows/upload-msi-to-release.yaml @@ -44,7 +44,7 @@ jobs: timeout-minutes: 2 steps: - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: download-installer-session @@ -53,7 +53,7 @@ jobs: run: | aws s3 cp s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ needs.get-version-tag.outputs.tag }}.msi Finch-${{ needs.get-version-tag.outputs.tag }}.msi - name: Upload installers and dependency source code to release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v0.1.15 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v0.1.15 with: tag_name: ${{ needs.get-version-tag.outputs.tag }} files: | diff --git a/.github/workflows/upload-test-report.yaml b/.github/workflows/upload-test-report.yaml index bc49fc94d..081073a69 100644 --- a/.github/workflows/upload-test-report.yaml +++ b/.github/workflows/upload-test-report.yaml @@ -46,7 +46,7 @@ jobs: is_al2=${{ (startsWith(inputs.os, 'amazon') && inputs.version == '2' ) }} echo "is_al2=$is_al2" >> $GITHUB_OUTPUT - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 if: | steps.linux2.outputs.is_al2 == 'false' && inputs.has-creds == 'true' @@ -58,7 +58,7 @@ jobs: role-session-name: credhelper-test aws-region: ${{ secrets.REGION }} - name: download artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v4.1.08 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4.1.08 if: | steps.linux2.outputs.is_al2 == 'false' && inputs.has-creds == 'true' diff --git a/.github/workflows/upload-verified-artifacts-to-s3.yaml b/.github/workflows/upload-verified-artifacts-to-s3.yaml index 3f25421ff..7f7bd549e 100644 --- a/.github/workflows/upload-verified-artifacts-to-s3.yaml +++ b/.github/workflows/upload-verified-artifacts-to-s3.yaml @@ -18,12 +18,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: ${{ secrets.REGION }} role-to-assume: ${{ secrets.ROLE }}