diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index d47904e1c3..ff1343689d 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -15,7 +15,7 @@ runs: using: composite steps: - name: Install node - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 22 - name: Install yarn @@ -27,7 +27,7 @@ runs: run: echo "version=$(node -v)" >> "$GITHUB_OUTPUT" shell: bash - name: Cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 id: cache with: path: ${{ format('{0}/**/node_modules', inputs.working-directory) }} @@ -36,7 +36,7 @@ runs: run: mkdir -p ${{ format('{0}/.lage', inputs.working-directory) }} shell: bash - name: Cache Lage - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ format('{0}/.lage', inputs.working-directory) }} key: lage-${{ runner.os }}-${{ github.sha }} @@ -48,7 +48,7 @@ runs: shell: bash if: steps.cache.outputs.cache-hit != 'true' - name: Download translations - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: actualbudget/translations path: ${{ inputs.working-directory }}/packages/desktop-client/locale diff --git a/.github/workflows/ai-generated-release-notes.yml b/.github/workflows/ai-generated-release-notes.yml index db6c0324a6..7b0ceb7319 100644 --- a/.github/workflows/ai-generated-release-notes.yml +++ b/.github/workflows/ai-generated-release-notes.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index 66acab281a..702c5d83eb 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -15,11 +15,11 @@ jobs: autofix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: download-translations: 'false' - name: Format code run: yarn lint:fix - - uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27 + - uses: autofix-ci/action@7a166d7532b277f34e16238930461bf77f9d7ed8 # v1.3.3 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2cfe3a4aa8..c70fa55bcd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,7 @@ jobs: api: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -34,12 +34,12 @@ jobs: - name: Prepare bundle stats artifact run: cp packages/api/app/stats.json api-stats.json - name: Upload Build - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: actual-api path: packages/api/actual-api.tgz - name: Upload API bundle stats - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: api-build-stats path: api-stats.json @@ -47,7 +47,7 @@ jobs: crdt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -57,7 +57,7 @@ jobs: - name: Create package tgz run: cd packages/crdt && yarn pack && mv package.tgz actual-crdt.tgz - name: Upload Build - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: actual-crdt path: packages/crdt/actual-crdt.tgz @@ -65,18 +65,18 @@ jobs: web: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup - name: Build Web run: yarn build:browser - name: Upload Build - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: actual-web path: packages/desktop-client/build - name: Upload Build Stats - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: build-stats path: packages/desktop-client/build-stats @@ -84,7 +84,7 @@ jobs: server: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -92,7 +92,7 @@ jobs: - name: Build Server run: yarn workspace @actual-app/sync-server build - name: Upload Build - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: sync-server path: packages/sync-server/build diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 28765b5df0..8de4be4f64 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -15,7 +15,7 @@ jobs: constraints: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -25,7 +25,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -35,7 +35,7 @@ jobs: typecheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -45,7 +45,7 @@ jobs: validate-cli: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -57,7 +57,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -69,7 +69,7 @@ jobs: if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 18231c46a6..759be8982c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,14 +22,14 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 with: languages: javascript - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 with: category: '/language:javascript' diff --git a/.github/workflows/count-points.yml b/.github/workflows/count-points.yml index e4528fc54e..803d20da5e 100644 --- a/.github/workflows/count-points.yml +++ b/.github/workflows/count-points.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: diff --git a/.github/workflows/docker-edge.yml b/.github/workflows/docker-edge.yml index 597f17b5a8..1238c8e98b 100644 --- a/.github/workflows/docker-edge.yml +++ b/.github/workflows/docker-edge.yml @@ -36,17 +36,17 @@ jobs: matrix: os: [ubuntu, alpine] steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up QEMU - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Docker meta id: meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: # Push to both Docker Hub and Github Container Registry images: ${{ env.IMAGES }} @@ -54,14 +54,14 @@ jobs: tags: ${{ env.TAGS }} - name: Login to Docker Hub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 if: github.event_name != 'pull_request' && !github.event.repository.fork with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 if: github.event_name != 'pull_request' with: registry: ghcr.io @@ -76,7 +76,7 @@ jobs: run: yarn build:server - name: Build image for testing - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . push: false @@ -93,7 +93,7 @@ jobs: # This will use the cache from the earlier build step and not rebuild the image # https://docs.docker.com/build/ci/github-actions/test-before-push/ - name: Build and push images - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 94e3d74e2b..695da0ec0a 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -28,17 +28,17 @@ jobs: name: Build Docker image runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up QEMU - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Docker meta id: meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: # Push to both Docker Hub and Github Container Registry images: ${{ env.IMAGES }} @@ -48,7 +48,7 @@ jobs: - name: Docker meta for Alpine image id: alpine-meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ env.IMAGES }} # Automatically update :latest @@ -58,13 +58,13 @@ jobs: tags: ${{ env.TAGS }} - name: Login to Docker Hub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -78,7 +78,7 @@ jobs: run: yarn build:server - name: Build and push ubuntu image - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . push: true @@ -87,7 +87,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} - name: Build and push alpine image - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . push: true diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 1cfadb1ed8..6eeba472f7 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -32,7 +32,7 @@ jobs: container: image: mcr.microsoft.com/playwright:v1.58.2-jammy steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -41,7 +41,7 @@ jobs: run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Run E2E Tests run: yarn e2e --shard=${{ matrix.shard }}/5 - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: always() with: name: desktop-client-test-results-shard-${{ matrix.shard }} @@ -55,7 +55,7 @@ jobs: container: image: mcr.microsoft.com/playwright:v1.58.2-jammy steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: @@ -65,7 +65,7 @@ jobs: - name: Run Desktop app E2E Tests run: | xvfb-run --auto-servernum --server-args="-screen 0 1920x1080x24" -- yarn e2e:desktop - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: always() with: name: desktop-app-test-results @@ -83,14 +83,14 @@ jobs: container: image: mcr.microsoft.com/playwright:v1.58.2-jammy steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup with: download-translations: 'false' - name: Run VRT Tests run: yarn vrt --shard=${{ matrix.shard }}/5 - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: always() with: name: vrt-blob-report-${{ matrix.shard }} @@ -106,11 +106,11 @@ jobs: container: image: mcr.microsoft.com/playwright:v1.58.2-jammy steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup - name: Download all blob reports - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: packages/desktop-client/all-blob-reports pattern: vrt-blob-report-* @@ -118,7 +118,7 @@ jobs: - name: Merge reports id: merge-reports run: yarn workspace @actual-app/web run playwright merge-reports --reporter html ./all-blob-reports - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 id: playwright-report-vrt with: name: html-report--attempt-${{ github.run_attempt }} @@ -134,7 +134,7 @@ jobs: echo "${{ steps.playwright-report-vrt.outputs.artifact-url }}" > vrt-metadata/artifact-url.txt - name: Upload VRT metadata if: github.event_name == 'pull_request' - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: vrt-comment-metadata path: vrt-metadata/ diff --git a/.github/workflows/e2e-vrt-comment.yml b/.github/workflows/e2e-vrt-comment.yml index b2bad4bb77..723f5deae1 100644 --- a/.github/workflows/e2e-vrt-comment.yml +++ b/.github/workflows/e2e-vrt-comment.yml @@ -18,7 +18,7 @@ jobs: if: github.event.workflow_run.event == 'pull_request' steps: - name: Download VRT metadata - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} run-id: ${{ github.event.workflow_run.id }} @@ -53,7 +53,7 @@ jobs: - name: Comment on PR with VRT report link if: steps.metadata.outputs.should_comment == 'true' - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 + uses: marocchino/sticky-pull-request-comment@70d2764d1a7d5d9560b100cbea0077fc8f633987 # v3.0.2 with: number: ${{ steps.metadata.outputs.pr_number }} header: vrt-comment diff --git a/.github/workflows/electron-master.yml b/.github/workflows/electron-master.yml index 75090e0743..1d750d258b 100644 --- a/.github/workflows/electron-master.yml +++ b/.github/workflows/electron-master.yml @@ -29,7 +29,7 @@ jobs: - macos-latest runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - if: ${{ startsWith(matrix.os, 'windows') }} run: pip.exe install setuptools - if: ${{ ! startsWith(matrix.os, 'windows') }} @@ -74,7 +74,7 @@ jobs: if: ${{ ! startsWith(matrix.os, 'macos') }} run: ./bin/package-electron - name: Upload Build - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: actual-electron-${{ matrix.os }} path: | @@ -85,13 +85,13 @@ jobs: packages/desktop-electron/dist/*.flatpak - name: Upload Windows Store Build if: ${{ startsWith(matrix.os, 'windows') }} - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: actual-electron-${{ matrix.os }}-appx path: | packages/desktop-electron/dist/*.appx - name: Add to new release - uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2 + uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 with: draft: true body: | @@ -126,7 +126,7 @@ jobs: Install-Module -Name StoreBroker -AcceptLicense -Force -Scope CurrentUser -Verbose - name: Download Microsoft Store artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: actual-electron-windows-latest-appx diff --git a/.github/workflows/electron-pr.yml b/.github/workflows/electron-pr.yml index fb2cace81d..9c9207f8e8 100644 --- a/.github/workflows/electron-pr.yml +++ b/.github/workflows/electron-pr.yml @@ -33,7 +33,7 @@ jobs: - macos-latest runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - if: ${{ startsWith(matrix.os, 'windows') }} run: pip.exe install setuptools - if: ${{ ! startsWith(matrix.os, 'windows') }} @@ -65,56 +65,56 @@ jobs: run: ./bin/package-electron - name: Upload Linux x64 AppImage - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-linux-x86_64.AppImage if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-linux-x86_64.AppImage - name: Upload Linux arm64 AppImage - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-linux-arm64.AppImage if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-linux-arm64.AppImage - name: Upload Linux x64 flatpak - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-linux-x86_64.flatpak if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-linux-x86_64.flatpak - name: Upload Windows x32 exe - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-windows-ia32.exe if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-windows-ia32.exe - name: Upload Windows x64 exe - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-windows-x64.exe if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-windows-x64.exe - name: Upload Windows arm64 exe - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-windows-arm64.exe if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-windows-arm64.exe - name: Upload Mac x64 dmg - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-mac-x64.dmg if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-mac-x64.dmg - name: Upload Mac arm64 dmg - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-mac-arm64.dmg if-no-files-found: ignore @@ -122,7 +122,7 @@ jobs: - name: Upload Windows Store Build if: ${{ startsWith(matrix.os, 'windows') }} - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: actual-electron-${{ matrix.os }}-appx path: | diff --git a/.github/workflows/fork-pr-welcome.yml b/.github/workflows/fork-pr-welcome.yml index 0b1a15a7fb..92c2abe332 100644 --- a/.github/workflows/fork-pr-welcome.yml +++ b/.github/workflows/fork-pr-welcome.yml @@ -25,7 +25,7 @@ jobs: if: github.event.pull_request.head.repo.full_name != github.repository steps: - name: Post welcome comment - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 + uses: marocchino/sticky-pull-request-comment@70d2764d1a7d5d9560b100cbea0077fc8f633987 # v3.0.2 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} number: ${{ github.event.pull_request.number }} diff --git a/.github/workflows/generate-release-pr.yml b/.github/workflows/generate-release-pr.yml index d6de8afad7..8ead4530b0 100644 --- a/.github/workflows/generate-release-pr.yml +++ b/.github/workflows/generate-release-pr.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.inputs.ref }} - name: Set up environment @@ -55,7 +55,7 @@ jobs: echo "version=$NEW_WEB_VERSION" >> "$GITHUB_OUTPUT" - name: Create PR - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: token: ${{ secrets.ACTIONS_UPDATE_TOKEN }} commit-message: '🔖 (${{ steps.bump_package_versions.outputs.version }})' diff --git a/.github/workflows/i18n-string-extract-master.yml b/.github/workflows/i18n-string-extract-master.yml index 41eca59560..bcbcef9023 100644 --- a/.github/workflows/i18n-string-extract-master.yml +++ b/.github/workflows/i18n-string-extract-master.yml @@ -12,7 +12,7 @@ jobs: if: github.repository == 'actualbudget/actual' steps: - name: Check out main repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: actual - name: Set up environment @@ -44,7 +44,7 @@ jobs: push \ actualbudget/actual - name: Check out updated translations - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ssh-key: ${{ secrets.STRING_IMPORT_DEPLOY_KEY }} repository: actualbudget/translations diff --git a/.github/workflows/issues-feature-implemented.yml b/.github/workflows/issues-feature-implemented.yml index 18ba978ad7..423822e92d 100644 --- a/.github/workflows/issues-feature-implemented.yml +++ b/.github/workflows/issues-feature-implemented.yml @@ -24,8 +24,8 @@ jobs: runs-on: ubuntu-latest steps: # This is not a security concern because we have approved & merged the PR - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 22 - name: Handle feature requests diff --git a/.github/workflows/netlify-release.yml b/.github/workflows/netlify-release.yml index 59c9805c72..f1c128a066 100644 --- a/.github/workflows/netlify-release.yml +++ b/.github/workflows/netlify-release.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Repository Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup diff --git a/.github/workflows/publish-flathub.yml b/.github/workflows/publish-flathub.yml index 7aa366be06..4bc9722948 100644 --- a/.github/workflows/publish-flathub.yml +++ b/.github/workflows/publish-flathub.yml @@ -92,7 +92,7 @@ jobs: echo "APPIMAGE_ARM64_SHA256=$APPIMAGE_ARM64_SHA256" >> "$GITHUB_ENV" - name: Checkout Flathub repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: flathub/com.actualbudget.actual token: ${{ secrets.FLATHUB_GITHUB_TOKEN }} @@ -113,7 +113,7 @@ jobs: cat com.actualbudget.actual.yml - name: Create PR in Flathub repo - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: token: ${{ secrets.FLATHUB_GITHUB_TOKEN }} commit-message: 'Update Actual flatpak to version ${{ steps.resolve_version.outputs.version }}' diff --git a/.github/workflows/publish-nightly-electron.yml b/.github/workflows/publish-nightly-electron.yml index 6ae84fc9f0..d2edacb8ab 100644 --- a/.github/workflows/publish-nightly-electron.yml +++ b/.github/workflows/publish-nightly-electron.yml @@ -28,7 +28,7 @@ jobs: runs-on: ${{ matrix.os }} if: github.event.repository.fork == false steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - if: ${{ startsWith(matrix.os, 'windows') }} run: pip.exe install setuptools @@ -83,49 +83,49 @@ jobs: run: ./bin/package-electron - name: Upload Linux x64 AppImage - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-linux-x86_64.AppImage if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-linux-x86_64.AppImage - name: Upload Linux arm64 AppImage - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-linux-arm64.AppImage if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-linux-arm64.AppImage - name: Upload Windows x32 exe - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-windows-ia32.exe if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-windows-ia32.exe - name: Upload Windows x64 exe - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-windows-x64.exe if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-windows-x64.exe - name: Upload Windows arm64 exe - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-windows-arm64.exe if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-windows-arm64.exe - name: Upload Mac x64 dmg - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-mac-x64.dmg if-no-files-found: ignore path: packages/desktop-electron/dist/Actual-mac-x64.dmg - name: Upload Mac arm64 dmg - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Actual-mac-arm64.dmg if-no-files-found: ignore @@ -133,7 +133,7 @@ jobs: - name: Upload Windows Store Build if: ${{ startsWith(matrix.os, 'windows') }} - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: actual-electron-${{ matrix.os }}-appx path: | diff --git a/.github/workflows/publish-nightly-npm-packages.yml b/.github/workflows/publish-nightly-npm-packages.yml index 0064289cd5..2ced314d31 100644 --- a/.github/workflows/publish-nightly-npm-packages.yml +++ b/.github/workflows/publish-nightly-npm-packages.yml @@ -12,7 +12,7 @@ jobs: name: Build and pack npm packages if: github.event.repository.fork == false steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup @@ -55,7 +55,7 @@ jobs: yarn workspace @actual-app/api pack --filename @actual-app/api.tgz - name: Upload package artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: npm-packages path: | @@ -73,12 +73,12 @@ jobs: packages: write steps: - name: Download the artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: npm-packages - name: Setup node and npm registry - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 22 registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/publish-npm-packages.yml b/.github/workflows/publish-npm-packages.yml index 445544fabd..133d955ec2 100644 --- a/.github/workflows/publish-npm-packages.yml +++ b/.github/workflows/publish-npm-packages.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest name: Build and pack npm packages steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up environment uses: ./.github/actions/setup @@ -36,7 +36,7 @@ jobs: yarn workspace @actual-app/api pack --filename @actual-app/api.tgz - name: Upload package artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: npm-packages path: | @@ -54,12 +54,12 @@ jobs: packages: write steps: - name: Download the artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: npm-packages - name: Setup node and npm registry - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 22 registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index b4cd2b3f20..4de02c39eb 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Get changed files diff --git a/.github/workflows/size-compare.yml b/.github/workflows/size-compare.yml index b0b6a7881c..a67952afa3 100644 --- a/.github/workflows/size-compare.yml +++ b/.github/workflows/size-compare.yml @@ -35,7 +35,7 @@ jobs: contents: read steps: - name: Checkout base branch - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.base_ref }} - name: Set up environment @@ -80,7 +80,7 @@ jobs: exit 1 - name: Download web build artifact from ${{github.base_ref}} - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@1f8785ff7a5130826f848e7f72725c85d241860f # v18 id: pr-web-build with: branch: ${{github.base_ref}} @@ -89,7 +89,7 @@ jobs: name: build-stats path: base - name: Download API build artifact from ${{github.base_ref}} - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@1f8785ff7a5130826f848e7f72725c85d241860f # v18 id: pr-api-build with: branch: ${{github.base_ref}} @@ -98,7 +98,7 @@ jobs: name: api-build-stats path: base - name: Download build stats from PR - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@1f8785ff7a5130826f848e7f72725c85d241860f # v18 with: pr: ${{github.event.pull_request.number}} workflow: build.yml @@ -107,7 +107,7 @@ jobs: path: head allow_forks: true - name: Download API stats from PR - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@1f8785ff7a5130826f848e7f72725c85d241860f # v18 with: pr: ${{github.event.pull_request.number}} workflow: build.yml diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 5d300c9a4a..02a6edcc20 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -8,7 +8,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.' close-pr-message: 'This PR was closed because it has been stalled for 5 days with no activity.' @@ -18,7 +18,7 @@ jobs: stale-wip: runs-on: ubuntu-latest steps: - - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: stale-pr-message: ':wave: Hi! It looks like this PR has not had any changes for a week now. Would you like someone to review this PR? If so - please remove the "[WIP]" prefix from the PR title. That will let the community know that this PR is open for a review.' days-before-stale: 7 @@ -29,7 +29,7 @@ jobs: stale-needs-info: runs-on: ubuntu-latest steps: - - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: stale-issue-label: 'needs info' days-before-stale: -1 diff --git a/.github/workflows/vrt-update-apply.yml b/.github/workflows/vrt-update-apply.yml index a0c761241e..083eaca6c8 100644 --- a/.github/workflows/vrt-update-apply.yml +++ b/.github/workflows/vrt-update-apply.yml @@ -19,7 +19,7 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - name: Download patch artifact - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} run-id: ${{ github.event.workflow_run.id }} @@ -27,7 +27,7 @@ jobs: path: /tmp/artifacts - name: Download metadata artifact - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} run-id: ${{ github.event.workflow_run.id }} @@ -54,7 +54,7 @@ jobs: - name: Checkout fork branch if: steps.metadata.outputs.pr_number != '' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ steps.metadata.outputs.head_repo }} ref: ${{ steps.metadata.outputs.head_ref }} diff --git a/.github/workflows/vrt-update-generate.yml b/.github/workflows/vrt-update-generate.yml index 55b4169498..f412cf067d 100644 --- a/.github/workflows/vrt-update-generate.yml +++ b/.github/workflows/vrt-update-generate.yml @@ -60,7 +60,7 @@ jobs: core.setOutput('head_ref', pr.head.ref); core.setOutput('head_repo', pr.head.repo.full_name); - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ steps.pr.outputs.head_sha }} @@ -113,7 +113,7 @@ jobs: - name: Upload patch artifact if: steps.create-patch.outputs.has_changes == 'true' - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: vrt-patch-${{ github.event.issue.number }} path: vrt-update.patch @@ -129,7 +129,7 @@ jobs: - name: Upload PR metadata if: steps.create-patch.outputs.has_changes == 'true' - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: vrt-metadata-${{ github.event.issue.number }} path: pr-metadata/ diff --git a/upcoming-release-notes/7234.md b/upcoming-release-notes/7234.md new file mode 100644 index 0000000000..1901c62212 --- /dev/null +++ b/upcoming-release-notes/7234.md @@ -0,0 +1,6 @@ +--- +category: Maintenance +authors: [matt-fidd] +--- + +Bump GitHub actions versions