From 4f29c9641e6dbeed6da54ddcce3ae07d580eddda Mon Sep 17 00:00:00 2001 From: Nara Kasbergen Kwon <855115+xiehan@users.noreply.github.com> Date: Mon, 8 Jul 2024 14:56:05 +0200 Subject: [PATCH] chore(deps): update pinned versions of GitHub Actions (#324) --- .github/workflows/auto-approve.yml | 2 +- .github/workflows/automerge.yml | 2 +- .github/workflows/build.yml | 22 +++++++++++----------- .github/workflows/pull-request-lint.yml | 2 +- .github/workflows/release.yml | 16 ++++++++-------- .github/workflows/upgrade-cdktf.yml | 4 ++-- .github/workflows/upgrade-main.yml | 10 +++++----- .projenrc.ts | 13 +++++++------ 8 files changed, 36 insertions(+), 35 deletions(-) diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index 647b7e7..f696b8a 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -18,7 +18,7 @@ jobs: if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false steps: - name: Checkout PR - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 217a9df..6f3ff87 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -18,7 +18,7 @@ jobs: if: contains(github.event.pull_request.labels.*.name, 'automerge') && github.event.pull_request.draft == false steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Turn on automerge for this PR by a trusted user or bot if: github.event.pull_request.user.login == 'team-tf-cdk' || contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]' env: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a0f5070..48a0dd8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: CI: "true" steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -24,7 +24,7 @@ jobs: - name: build run: npx projen build - name: Setup Copywrite tool - uses: hashicorp/setup-copywrite@867a1a2a064a0626db322392806428f7dc59cb3e + uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 - name: Add headers using Copywrite tool run: copywrite headers - name: Find mutations @@ -35,7 +35,7 @@ jobs: working-directory: ./ - name: Upload patch if: steps.self_mutation.outputs.self_mutation_happened - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 with: name: .repo.patch path: .repo.patch @@ -50,7 +50,7 @@ jobs: run: cd dist && getfacl -R . > permissions-backup.acl continue-on-error: true - name: Upload artifact - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 with: name: build-artifact path: dist @@ -63,13 +63,13 @@ jobs: if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository) steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: token: ${{ secrets.PROJEN_GITHUB_TOKEN }} ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Download patch - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: .repo.patch path: ${{ runner.temp }} @@ -96,7 +96,7 @@ jobs: with: node-version: 18.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -125,7 +125,7 @@ jobs: with: node-version: 18.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -153,7 +153,7 @@ jobs: with: python-version: 3.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -181,7 +181,7 @@ jobs: with: dotnet-version: 6.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -209,7 +209,7 @@ jobs: with: go-version: ^1.18.0 - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist diff --git a/.github/workflows/pull-request-lint.yml b/.github/workflows/pull-request-lint.yml index 4fc977e..af9b7a7 100644 --- a/.github/workflows/pull-request-lint.yml +++ b/.github/workflows/pull-request-lint.yml @@ -17,7 +17,7 @@ jobs: permissions: pull-requests: write steps: - - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index db3268f..2db1011 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: CI: "true" steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 - name: Set git identity @@ -52,7 +52,7 @@ jobs: continue-on-error: true - name: Upload artifact if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 with: name: build-artifact path: dist @@ -75,7 +75,7 @@ jobs: with: node-version: 18.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -105,7 +105,7 @@ jobs: with: node-version: 18.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -143,7 +143,7 @@ jobs: with: node-version: 18.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -182,7 +182,7 @@ jobs: with: python-version: 3.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -217,7 +217,7 @@ jobs: with: dotnet-version: 6.x - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist @@ -251,7 +251,7 @@ jobs: with: go-version: ^1.18.0 - name: Download build artifacts - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: build-artifact path: dist diff --git a/.github/workflows/upgrade-cdktf.yml b/.github/workflows/upgrade-cdktf.yml index e185d12..c8b4c44 100644 --- a/.github/workflows/upgrade-cdktf.yml +++ b/.github/workflows/upgrade-cdktf.yml @@ -17,7 +17,7 @@ jobs: CHECKPOINT_DISABLE: "1" steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Install run: yarn install - name: Get current CDKTF version @@ -39,7 +39,7 @@ jobs: run: scripts/update-cdktf.sh ${{ steps.latest_version.outputs.value }} - name: Create draft pull request if: steps.current_version.outputs.short != steps.latest_version.outputs.short - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c with: commit-message: "chore!: upgrade to cdktf ${{ steps.latest_version.outputs.value }}" branch: auto/upgrade-cdktf-${{ steps.latest_version.outputs.short }} diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index 0f92403..196df0a 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -15,7 +15,7 @@ jobs: patch_created: ${{ steps.create_patch.outputs.patch_created }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: ref: main - name: Install dependencies @@ -30,7 +30,7 @@ jobs: working-directory: ./ - name: Upload patch if: steps.create_patch.outputs.patch_created - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 with: name: .repo.patch path: .repo.patch @@ -44,11 +44,11 @@ jobs: if: ${{ needs.upgrade.outputs.patch_created }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: ref: main - name: Download patch - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e with: name: .repo.patch path: ${{ runner.temp }} @@ -60,7 +60,7 @@ jobs: git config user.email "github-team-tf-cdk@hashicorp.com" - name: Create Pull Request id: create-pr - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c with: token: ${{ secrets.PROJEN_GITHUB_TOKEN }} commit-message: |- diff --git a/.projenrc.ts b/.projenrc.ts index e0ba770..a619f71 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -12,14 +12,15 @@ import { CustomizedLicense } from "./projenrc/customized-license"; import { UpgradeCDKTF } from "./projenrc/upgrade-cdktf"; const githubActionPinnedVersions = { - "actions/checkout": "b4ffde65f46336ab88eb53be808477a3936bae11", // v4.1.1 - "actions/download-artifact": "c850b930e6ba138125429b7e5c93fc707a7f8427", // v4.1.4 + "actions/checkout": "692973e3d937129bcbf40652eb9f2f61becf3332", // v4.1.7 + "actions/download-artifact": "65a9edc5881444af0b9093a5e628f2fe47ea3b2e", // v4.1.7 "actions/github-script": "60a0d83039c74a4aee543508d2ffcb1c3799cdea", // v7.0.1 "actions/setup-node": "60edb5dd545a775178f52524783378180af0d1f8", // v4.0.2 - "actions/upload-artifact": "5d5d22a31266ced268874388b861e4b58bb5c2f3", // v4.3.1 + "actions/upload-artifact": "65462800fd760344b1a7b4382951275a0abb4808", // v4.3.3 "amannn/action-semantic-pull-request": - "e9fabac35e210fea40ca5b14c0da95a099eff26f", // v5.4.0 - "peter-evans/create-pull-request": "a4f52f8033a6168103c2538976c07b467e8163bc", // v6.0.1 + "0723387faaf9b38adef4775cd42cfd5155ed6017", // v5.5.3 + "hashicorp/setup-copywrite": "32638da2d4e81d56a0764aa1547882fc4d209636", // v1.1.3 + "peter-evans/create-pull-request": "c5a7806660adbe173f04e3e038b0ccdcd758773c", // v6.1.0 }; const project = new ConstructLibraryCdktf({ @@ -103,7 +104,7 @@ project.addPackageIgnore(".copywrite.hcl"); project.buildWorkflow?.addPostBuildSteps( { name: "Setup Copywrite tool", - uses: "hashicorp/setup-copywrite@867a1a2a064a0626db322392806428f7dc59cb3e", // v1.1.2 + uses: "hashicorp/setup-copywrite", }, { name: "Add headers using Copywrite tool", run: "copywrite headers" } );