From ffcabf1e0bed6045518afbab0fc1fd803b0b960f Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 23 Feb 2024 15:49:28 +0100 Subject: [PATCH 1/8] [CI] Update Ana06/automatic-pull-request-review The old version was using a deprecated version of Node. --- .github/workflows/changelog.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 853a5cc4b..d8d6ad3c8 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -29,14 +29,14 @@ jobs: echo $FILES | grep -qF 'CHANGELOG.md' || echo $PR_BODY | grep -qiF "$NO_CHANGELOG" - name: Reject pull request if no CHANGELOG update if: ${{ always() && steps.changelog_updated.outcome == 'failure' }} - uses: Ana06/automatic-pull-request-review@0cf4e8a17ba79344ed3fdd7fed6dd0311d08a9d4 # v0.1.0 + uses: Ana06/automatic-pull-request-review@76aaf9b15b116a54e1da7a28a46f91fe089600bf # v0.2.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} event: REQUEST_CHANGES body: "Please add bug fixes, new features, breaking changes and anything else you think is worthwhile mentioning to the `master (unreleased)` section of CHANGELOG.md. If no CHANGELOG update is needed add the following to the PR description: `${{ env.NO_CHANGELOG }}`" allow_duplicate: false - name: Dismiss previous review if CHANGELOG update - uses: Ana06/automatic-pull-request-review@0cf4e8a17ba79344ed3fdd7fed6dd0311d08a9d4 # v0.1.0 + uses: Ana06/automatic-pull-request-review@76aaf9b15b116a54e1da7a28a46f91fe089600bf # v0.2.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} event: DISMISS From 8857511e553439869a2a17783779609ca497db91 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 23 Feb 2024 16:02:20 +0100 Subject: [PATCH 2/8] [CI] Fix CHANGELOG PR review Sending a PR review with a message about the CHANGELOG needing to be updated has been broken since July, where the permissions were changed. --- .github/workflows/changelog.yml | 3 ++- CHANGELOG.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index d8d6ad3c8..d915e67d4 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -7,7 +7,8 @@ on: pull_request_target: types: [opened, edited, synchronize] -permissions: read-all +permissions: + pull-requests: write jobs: check_changelog: diff --git a/CHANGELOG.md b/CHANGELOG.md index 514fd4d78..e6fa77d05 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,7 @@ ### Development +- ci: Fix PR review in the changelog check GH action #2004 @Ana06 - ci: update github workflows to use latest version for depricated actions (checkout, setup-python, upload-artifact, download-artifact) #1967 @sjha2048 ### Raw diffs From cabb9c09755798221cc3f420f41cbd5cb9ead9dd Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 23 Feb 2024 15:17:21 +0100 Subject: [PATCH 3/8] [CI] Update Ana06/get-changed-files Update Ana06/get-changed-files to the latest version that I released yesterday using Node 20. The old version was using a deprecated version of Node. --- .github/workflows/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index d915e67d4..86e9026b5 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Get changed files id: files - uses: Ana06/get-changed-files@e0c398b7065a8d84700c471b6afc4116d1ba4e96 # v2.2.0 + uses: Ana06/get-changed-files@25f79e676e7ea1868813e21465014798211fad8c # v2.3.0 - name: check changelog updated id: changelog_updated env: From 610a86e5e24bac159b3aee583f732ab4c1b740c8 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 23 Feb 2024 15:26:31 +0100 Subject: [PATCH 4/8] [CI] Update ad-m/github-push-action The old version was using a deprecated version of Node. --- .github/workflows/tag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index ea14817e6..34eabbedc 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -25,7 +25,7 @@ jobs: git tag $name -m "https://github.com/mandiant/capa/releases/$name" # TODO update branch name-major=${name%%.*} - name: Push tag to capa-rules - uses: ad-m/github-push-action@0fafdd62b84042d49ec0cb92d9cac7f7ce4ec79e # master + uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0 with: repository: mandiant/capa-rules github_token: ${{ secrets.CAPA_TOKEN }} From bb0dff06106615fe10109cd5a4c4088a2f581514 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 23 Feb 2024 15:33:06 +0100 Subject: [PATCH 5/8] [CI] Update gradle/gradle-build-action Replace gradle/gradle-build-action by gradle/gradle-build-action, which supersedes it since v3. The previous version used a deprecated version of Node. --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 05d6414ad..cbe933bba 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -173,7 +173,7 @@ jobs: distribution: 'temurin' java-version: ${{ matrix.java-version }} - name: Set up Gradle ${{ matrix.gradle-version }} - uses: gradle/gradle-build-action@40b6781dcdec2762ad36556682ac74e31030cfe2 # v2.5.1 + uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 with: gradle-version: ${{ matrix.gradle-version }} - name: Install Jep ${{ matrix.jep-version }} @@ -201,4 +201,4 @@ jobs: cat ../output.log exit_code=$(cat ../output.log | grep exit | awk '{print $NF}') exit $exit_code - \ No newline at end of file + From 3a90247e5b3e9ffa9acd06397c057a8c230d40d4 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 23 Feb 2024 15:38:03 +0100 Subject: [PATCH 6/8] [CI] Update github/codeql-action/upload-sarif The old version was using a deprecated version of Node. --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1844b881c..5485d0791 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + uses: github/codeql-action/upload-sarif@592977e6ae857384aa79bb31e7a1d62d63449ec5 # v2.16.3 with: sarif_file: results.sarif From f5893d7bd3344ed6c592b248f7c46b2b7dd706fb Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 23 Feb 2024 16:19:13 +0100 Subject: [PATCH 7/8] [changelog] Add actions update --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d68df913..a4eff5a81 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,8 +29,8 @@ ### Development - ci: Fix PR review in the changelog check GH action #2004 @Ana06 -- ci: update github workflows to use latest version for depricated actions (checkout, setup-python, upload-artifact, download-artifact) #1967 @sjha2048 - ci: use rules number badge stored in our bot gist and generated using `schneegans/dynamic-badges-action` #2001 capa-rules#882 @Ana06 +- ci: update github workflows to use latest version of actions that were using a deprecated version of node #1967 #2003 capa-rules#883 @sjha2048 @Ana06 ### Raw diffs - [capa v7.0.1...master](https://github.com/mandiant/capa/compare/v7.0.1...master) From 08b3ae60d76f6f7a40ad2578d3a54135da41f638 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Tue, 27 Feb 2024 11:56:47 +0000 Subject: [PATCH 8/8] Sync capa rules submodule --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index 34e375562..ce3e6d74b 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 34e3755624530a6ed0da9942ad3c68ea8afa89d3 +Subproject commit ce3e6d74b1526bacd370d1c4001ff844876e3edc