From ec61e2b53aa6096847f35642a1a48cee973435cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 May 2026 13:19:46 +0000 Subject: [PATCH] Bump the github-actions-updates group across 1 directory with 19 updates Bumps the github-actions-updates group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.2.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.2.0` | | [chainguard-dev/setup-chainctl](https://github.com/chainguard-dev/setup-chainctl) | `0.5.0` | `0.5.1` | | [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.70` | `1.0.133` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` | `6.4.0` | | [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `9.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.1` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `5.0.5` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.5` | `47.0.6` | | [getsentry/action-release](https://github.com/getsentry/action-release) | `3.5.0` | `3.6.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.0.0` | `4.1.2` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `6.3.1` | `6.4.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.1` | Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) Updates `docker/login-action` from 4.0.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...650006c6eb7dba73a995cc03b0b2d7f5ca915bee) Updates `docker/build-push-action` from 7.0.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/d08e5c354a6adb9ed34480a06d141179aa583294...f9f3042f7e2789586610d6e8b85c8f03e5195baf) Updates `chainguard-dev/setup-chainctl` from 0.5.0 to 0.5.1 - [Release notes](https://github.com/chainguard-dev/setup-chainctl/releases) - [Commits](https://github.com/chainguard-dev/setup-chainctl/compare/c125f765e82b09a42af3185f3214465314d75c5d...2cddd35a2f120d9973e58094dc6878c93cf58c28) Updates `anthropics/claude-code-action` from 1.0.70 to 1.0.133 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](https://github.com/anthropics/claude-code-action/compare/26ec041249acb0a944c0a47b6c0c13f05dbc5b44...787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251) Updates `github/codeql-action` from 4.32.6 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...7211b7c8077ea37d8641b6271f6a365a22a5fbfa) Updates `actions/setup-go` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `actions/github-script` from 7.0.1 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7.0.1...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `aws-actions/configure-aws-credentials` from 6.0.0 to 6.1.1 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/8df5847569e6427dd6c4fb1cf565c83acfa8afa7...d979d5b3a71173a29b74b5b88418bfda9437d885) Updates `actions/cache` from 4.2.3 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4.2.3...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `tj-actions/changed-files` from 47.0.5 to 47.0.6 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/22103cc46bda19c2b464ffe86db46df6922fd323...9426d40962ed5378910ee2e21d5f8c6fcbf2dd96) Updates `getsentry/action-release` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/getsentry/action-release/releases) - [Changelog](https://github.com/getsentry/action-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/action-release/compare/dab6548b3c03c4717878099e43782cf5be654289...5657c9e888b4e2cc85f4d29143ea4131fde4a73a) Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/faadad0cce49287aee09b3a48701e75088a2c6ad...6f9f17788090df1f26f669e9d70d6ae9567deba6) Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5) Updates `mikepenz/action-junit-report` from 6.3.1 to 6.4.1 - [Release notes](https://github.com/mikepenz/action-junit-report/releases) - [Commits](https://github.com/mikepenz/action-junit-report/compare/49b2ca06f62aa7ef83ae6769a2179271e160d8e4...3a81627bfac62268172037048872e8ebd4207e6d) Updates `codecov/codecov-action` from 5.5.2 to 6.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...e79a6962e0d4c0c17b229090214935d2e33f8354) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: chainguard-dev/setup-chainctl dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: anthropics/claude-code-action dependency-version: 1.0.133 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: tj-actions/changed-files dependency-version: 47.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: getsentry/action-release dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: mikepenz/action-junit-report dependency-version: 6.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] --- .github/workflows/api.yml | 2 +- .github/workflows/build-server-image.yml | 14 ++++++------ .github/workflows/claude.yml | 2 +- .github/workflows/codeql-analysis.yml | 8 +++---- .github/workflows/docker-push-mirrored.yml | 2 +- .github/workflows/docs-impact-review.yml | 4 ++-- .github/workflows/e2e-tests-check.yml | 2 +- .github/workflows/e2e-tests-ci-template.yml | 18 +++++++-------- .../e2e-tests-cypress-template-v2.yml | 10 ++++----- .../workflows/e2e-tests-cypress-template.yml | 22 +++++++++---------- .../e2e-tests-playwright-template-v2.yml | 18 +++++++-------- .../e2e-tests-playwright-template.yml | 20 ++++++++--------- .github/workflows/i18n-ci-template.yml | 2 +- .github/workflows/mmctl-test-template.yml | 4 ++-- .github/workflows/scorecards-analysis.yml | 4 ++-- .github/workflows/sentry.yaml | 2 +- .github/workflows/server-ci-artifacts.yml | 12 +++++----- .github/workflows/server-ci-report.yml | 8 +++---- .github/workflows/server-ci.yml | 8 +++---- .../workflows/server-test-merge-template.yml | 6 ++--- .github/workflows/server-test-template.yml | 10 ++++----- .github/workflows/tools-ci.yml | 4 ++-- .github/workflows/webapp-ci.yml | 12 +++++----- 23 files changed, 97 insertions(+), 97 deletions(-) diff --git a/.github/workflows/api.yml b/.github/workflows/api.yml index 83bfa478eed..ba98b5795cc 100644 --- a/.github/workflows/api.yml +++ b/.github/workflows/api.yml @@ -20,7 +20,7 @@ jobs: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: .nvmrc cache: "npm" diff --git a/.github/workflows/build-server-image.yml b/.github/workflows/build-server-image.yml index 0293651cfc7..637c7821ef6 100644 --- a/.github/workflows/build-server-image.yml +++ b/.github/workflows/build-server-image.yml @@ -32,13 +32,13 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: buildenv/docker-login - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: buildenv/build - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: provenance: false file: server/build/Dockerfile.buildenv @@ -59,7 +59,7 @@ jobs: - name: buildenv/push if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-') - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: provenance: false file: server/build/Dockerfile.buildenv @@ -71,20 +71,20 @@ jobs: build-image-fips: runs-on: ubuntu-22.04 steps: - - uses: chainguard-dev/setup-chainctl@c125f765e82b09a42af3185f3214465314d75c5d # v0.5.0 + - uses: chainguard-dev/setup-chainctl@2cddd35a2f120d9973e58094dc6878c93cf58c28 # v0.5.1 with: identity: ${{ env.CHAINCTL_IDENTITY }} - name: buildenv/checkout-repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: buildenv/docker-login - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: buildenv/build - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: provenance: false file: server/build/Dockerfile.buildenv-fips @@ -105,7 +105,7 @@ jobs: - name: buildenv/push if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-') - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: provenance: false file: server/build/Dockerfile.buildenv-fips diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 8b403b3b172..1c66187f82f 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -31,7 +31,7 @@ jobs: - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@26ec041249acb0a944c0a47b6c0c13f05dbc5b44 # v1.0.70 + uses: anthropics/claude-code-action@787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251 # v1.0.133 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} model: claude-sonnet-4-20250514 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1edad68768d..86f46cf383d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -29,18 +29,18 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: languages: ${{ matrix.language }} debug: false config-file: ./.github/codeql/codeql-config.yml - name: Build JavaScript - uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 if: ${{ matrix.language == 'javascript' }} - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: server/go.mod if: ${{ matrix.language == 'go' }} @@ -54,4 +54,4 @@ jobs: # Perform Analysis - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 diff --git a/.github/workflows/docker-push-mirrored.yml b/.github/workflows/docker-push-mirrored.yml index f59e9136cf2..7ea6647f2f8 100644 --- a/.github/workflows/docker-push-mirrored.yml +++ b/.github/workflows/docker-push-mirrored.yml @@ -16,7 +16,7 @@ jobs: - name: Checkout mattermost project uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: cd/Login to Docker Hub - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_DEV_USERNAME }} password: ${{ secrets.DOCKERHUB_DEV_TOKEN }} diff --git a/.github/workflows/docs-impact-review.yml b/.github/workflows/docs-impact-review.yml index 8e19d1e7b59..acba3505004 100644 --- a/.github/workflows/docs-impact-review.yml +++ b/.github/workflows/docs-impact-review.yml @@ -52,7 +52,7 @@ jobs: - name: Analyze documentation impact id: docs-analysis if: ${{ env.HAS_ANTHROPIC_KEY == 'true' }} - uses: anthropics/claude-code-action@26ec041249acb0a944c0a47b6c0c13f05dbc5b44 # v1.0.70 + uses: anthropics/claude-code-action@787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251 # v1.0.133 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} allowed_bots: "cursor,claude" @@ -228,7 +228,7 @@ jobs: - name: Post analysis and manage label if: ${{ always() && env.HAS_ANTHROPIC_KEY == 'true' }} - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: ANALYSIS_OUTCOME: ${{ steps.docs-analysis.outcome }} with: diff --git a/.github/workflows/e2e-tests-check.yml b/.github/workflows/e2e-tests-check.yml index 13cd9b45fca..d64af705f89 100644 --- a/.github/workflows/e2e-tests-check.yml +++ b/.github/workflows/e2e-tests-check.yml @@ -18,7 +18,7 @@ jobs: fetch-depth: 0 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: npm diff --git a/.github/workflows/e2e-tests-ci-template.yml b/.github/workflows/e2e-tests-ci-template.yml index 83d8b93c33d..4671a83c3df 100644 --- a/.github/workflows/e2e-tests-ci-template.yml +++ b/.github/workflows/e2e-tests-ci-template.yml @@ -154,7 +154,7 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 0 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 id: setup_node with: node-version-file: ".nvmrc" @@ -248,7 +248,7 @@ jobs: ln -sfn /usr/local/opt/docker-compose/bin/docker-compose ~/.docker/cli-plugins/docker-compose sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 id: setup_node with: node-version-file: ".nvmrc" @@ -305,7 +305,7 @@ jobs: sudo dmesg | tail -500 >"$DIAG/host.dmesg.tail.txt" 2>&1 sudo dmesg | grep -iE 'apparmor|denied|oom|killed|openldap|slapd' >"$DIAG/host.dmesg.relevant.txt" 2>&1 - name: ci/upload-docker-diagnostics - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: docker-diagnostics-${{ inputs.TEST }}-${{ matrix.os }}-${{ matrix.worker_index }} @@ -313,7 +313,7 @@ jobs: retention-days: 7 if-no-files-found: ignore - name: ci/e2e-test-store-results - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: e2e-test-results-${{ inputs.TEST }}-${{ matrix.os }}-${{ matrix.worker_index }} @@ -345,13 +345,13 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 0 - name: ci/download-artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: e2e-test-results-${{ inputs.TEST }}-* path: e2e-tests/${{ inputs.TEST }}/ merge-multiple: true - name: ci/upload-report-global - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: e2e-test-results-${{ inputs.TEST }} path: | @@ -359,7 +359,7 @@ jobs: e2e-tests/${{ inputs.TEST }}/results/ - name: ci/setup-node if: "${{ inputs.enable_reporting }}" - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 id: setup_node with: node-version-file: ".nvmrc" @@ -386,7 +386,7 @@ jobs: # The results dir may have been modified as part of the reporting: re-upload - name: ci/upload-report-global if: "${{ inputs.enable_reporting }}" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: e2e-test-results-${{ inputs.TEST }} path: | @@ -397,7 +397,7 @@ jobs: # Configure AWS credentials - name: ci/aws-configure if: (inputs.TEST == 'playwright') - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: aws-region: us-east-1 aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/e2e-tests-cypress-template-v2.yml b/.github/workflows/e2e-tests-cypress-template-v2.yml index f08b7ec9f32..35ea72e62d3 100644 --- a/.github/workflows/e2e-tests-cypress-template-v2.yml +++ b/.github/workflows/e2e-tests-cypress-template-v2.yml @@ -208,7 +208,7 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 1 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" - name: ci/cache-cypress-deps @@ -216,7 +216,7 @@ jobs: # cypress's postinstall, not into node_modules). Both must be cached; # otherwise workers see "cypress npm package installed but binary missing". id: cache-cypress - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | e2e-tests/cypress/node_modules @@ -306,11 +306,11 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 0 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" - name: ci/restore-cypress-deps - uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | e2e-tests/cypress/node_modules @@ -339,7 +339,7 @@ jobs: run: make cloud-teardown - name: ci/upload-debug-artifacts if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: cypress-${{ inputs.test_type }}-${{ inputs.server_edition }}-debug-${{ matrix.worker_index }} path: | diff --git a/.github/workflows/e2e-tests-cypress-template.yml b/.github/workflows/e2e-tests-cypress-template.yml index a765b06b9fd..3dc396a0ac5 100644 --- a/.github/workflows/e2e-tests-cypress-template.yml +++ b/.github/workflows/e2e-tests-cypress-template.yml @@ -149,7 +149,7 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 0 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: npm @@ -210,7 +210,7 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 0 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: npm @@ -223,7 +223,7 @@ jobs: if: always() run: make cloud-teardown - name: ci/upload-results - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: cypress-${{ inputs.test_type }}-${{ inputs.server_edition }}-results-${{ matrix.worker_index }} @@ -256,7 +256,7 @@ jobs: - name: ci/checkout-repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: ci/download-results - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: cypress-${{ inputs.test_type }}-${{ inputs.server_edition }}-results-* path: e2e-tests/cypress/ @@ -304,7 +304,7 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 0 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: npm @@ -320,7 +320,7 @@ jobs: if: always() run: make cloud-teardown - name: ci/upload-retest-results - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: cypress-${{ inputs.test_type }}-${{ inputs.server_edition }}-retest-results @@ -351,7 +351,7 @@ jobs: - name: ci/checkout-repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: npm @@ -360,7 +360,7 @@ jobs: # PATH A: run-failed-tests was skipped (no failures to retest) - name: ci/download-results-path-a if: needs.run-failed-tests.result == 'skipped' - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: cypress-${{ inputs.test_type }}-${{ inputs.server_edition }}-results-* path: e2e-tests/cypress/ @@ -389,14 +389,14 @@ jobs: # PATH B: run-failed-tests ran, need to merge and recalculate - name: ci/download-original-results if: needs.run-failed-tests.result != 'skipped' - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: cypress-${{ inputs.test_type }}-${{ inputs.server_edition }}-results-* path: e2e-tests/cypress/ merge-multiple: true - name: ci/download-retest-results if: needs.run-failed-tests.result != 'skipped' - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: cypress-${{ inputs.test_type }}-${{ inputs.server_edition }}-retest-results path: e2e-tests/cypress/retest-results/ @@ -503,7 +503,7 @@ jobs: - name: ci/upload-combined-results if: inputs.workers > 1 - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: cypress-${{ inputs.test_type }}-${{ inputs.server_edition }}-results path: | diff --git a/.github/workflows/e2e-tests-playwright-template-v2.yml b/.github/workflows/e2e-tests-playwright-template-v2.yml index d2d1966209b..110d286b145 100644 --- a/.github/workflows/e2e-tests-playwright-template-v2.yml +++ b/.github/workflows/e2e-tests-playwright-template-v2.yml @@ -175,7 +175,7 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 1 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" - name: ci/cache-platform-pkgs @@ -184,7 +184,7 @@ jobs: # @mattermost/types. Without them, module resolution fails inside # the slim slice. id: cache-platform-pkgs - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | webapp/node_modules/@mattermost/client @@ -204,7 +204,7 @@ jobs: # Caches node_modules + the rolled-up @mattermost/playwright-lib dist # so workers don't re-run rollup on every job. id: cache-playwright - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | e2e-tests/playwright/node_modules @@ -225,7 +225,7 @@ jobs: # Cache chromium binary (~150MB) keyed on the playwright lockfile so a # version bump invalidates. Restored by workers; no docker image needed. id: cache-pw-browsers - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.cache/ms-playwright key: playwright-browsers-${{ runner.os }}-${{ hashFiles('e2e-tests/playwright/package-lock.json') }} @@ -302,13 +302,13 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 0 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" - name: ci/restore-platform-pkgs # Built lib/ for @mattermost/client and @mattermost/types, plus the # webapp workspace symlinks under webapp/node_modules/@mattermost/. - uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | webapp/node_modules/@mattermost/client @@ -320,7 +320,7 @@ jobs: key: e2e-platform-pkgs-${{ runner.os }}-${{ hashFiles('webapp/package-lock.json', 'webapp/platform/client/src/**', 'webapp/platform/client/tsconfig*.json', 'webapp/platform/types/src/**', 'webapp/platform/types/tsconfig*.json') }} fail-on-cache-miss: true - name: ci/restore-playwright-deps - uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | e2e-tests/playwright/node_modules @@ -329,7 +329,7 @@ jobs: key: e2e-playwright-deps-${{ runner.os }}-${{ hashFiles('e2e-tests/playwright/package-lock.json', 'e2e-tests/playwright/lib/src/**', 'e2e-tests/playwright/lib/package.json', 'e2e-tests/playwright/lib/rollup.config.js', 'e2e-tests/playwright/lib/tsconfig.json') }} fail-on-cache-miss: true - name: ci/restore-playwright-browsers - uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.cache/ms-playwright key: playwright-browsers-${{ runner.os }}-${{ hashFiles('e2e-tests/playwright/package-lock.json') }} @@ -364,7 +364,7 @@ jobs: run: make cloud-teardown - name: ci/upload-debug-artifacts if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: playwright-full-${{ inputs.server_edition }}-debug-${{ matrix.worker_index }} path: | diff --git a/.github/workflows/e2e-tests-playwright-template.yml b/.github/workflows/e2e-tests-playwright-template.yml index 80d92d71794..1662e4f942a 100644 --- a/.github/workflows/e2e-tests-playwright-template.yml +++ b/.github/workflows/e2e-tests-playwright-template.yml @@ -175,7 +175,7 @@ jobs: ref: ${{ inputs.commit_sha }} fetch-depth: 0 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: npm @@ -196,7 +196,7 @@ jobs: # the version. Avoids repeated MCR pulls which are frequently blocked by # Microsoft's CDN ("The request is blocked"). id: playwright-image-cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/playwright-docker-image.tar key: playwright-docker-image-${{ hashFiles('e2e-tests/.ci/server.generate.sh', '.github/workflows/e2e-tests-playwright-template.yml') }}-${{ runner.os }} @@ -247,7 +247,7 @@ jobs: sudo dmesg | tail -500 >"$DIAG/host.dmesg.tail.txt" 2>&1 sudo dmesg | grep -iE 'apparmor|denied|oom|killed|openldap|slapd' >"$DIAG/host.dmesg.relevant.txt" 2>&1 - name: ci/upload-docker-diagnostics - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: docker-diagnostics-playwright-${{ inputs.test_type }}-${{ inputs.server_edition }}-${{ matrix.worker_index }} @@ -255,7 +255,7 @@ jobs: retention-days: 7 if-no-files-found: ignore - name: ci/upload-results - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: playwright-${{ inputs.test_type }}-${{ inputs.server_edition }}-results-${{ matrix.worker_index }} @@ -290,13 +290,13 @@ jobs: - name: ci/checkout-repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: npm cache-dependency-path: "e2e-tests/playwright/package-lock.json" - name: ci/download-shard-results - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: playwright-${{ inputs.test_type }}-${{ inputs.server_edition }}-results-* path: e2e-tests/playwright/shard-results/ @@ -315,7 +315,7 @@ jobs: with: original-results-path: e2e-tests/playwright/results/reporter/results.json - name: ci/upload-merged-results - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: playwright-${{ inputs.test_type }}-${{ inputs.server_edition }}-results path: e2e-tests/playwright/results/ @@ -355,7 +355,7 @@ jobs: - name: ci/checkout-repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: npm @@ -365,7 +365,7 @@ jobs: # reports already include the inline per-shard retry results, so no # separate retest download/merge is needed here. - name: ci/download-results - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: playwright-${{ inputs.test_type }}-${{ inputs.server_edition }}-results path: e2e-tests/playwright/results/ @@ -380,7 +380,7 @@ jobs: original-results-path: e2e-tests/playwright/results/reporter/results.json - name: ci/aws-configure - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: aws-region: us-east-1 aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/i18n-ci-template.yml b/.github/workflows/i18n-ci-template.yml index e495b4e3d6f..4d3b68748ac 100644 --- a/.github/workflows/i18n-ci-template.yml +++ b/.github/workflows/i18n-ci-template.yml @@ -15,7 +15,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5 + uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # v47.0.6 with: files: | server/i18n/*.json diff --git a/.github/workflows/mmctl-test-template.yml b/.github/workflows/mmctl-test-template.yml index 5415e25558f..4fc3ed697b3 100644 --- a/.github/workflows/mmctl-test-template.yml +++ b/.github/workflows/mmctl-test-template.yml @@ -32,7 +32,7 @@ jobs: - name: buildenv/docker-login # Only FIPS requires login for private build container. (Forks won't have credentials.) if: inputs.fips-enabled - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -102,7 +102,7 @@ jobs: - name: Archive logs if: ${{ always() }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ steps.build.outputs.LOG_ARTIFACT_NAME }} path: | diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 1fc71de68d2..1a2916021d4 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -48,7 +48,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif @@ -56,6 +56,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: results.sarif diff --git a/.github/workflows/sentry.yaml b/.github/workflows/sentry.yaml index 1b143d1b0d1..ccad98518d9 100644 --- a/.github/workflows/sentry.yaml +++ b/.github/workflows/sentry.yaml @@ -20,5 +20,5 @@ jobs: - name: cd/Checkout mattermost project uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: cd/Create Sentry release - uses: getsentry/action-release@dab6548b3c03c4717878099e43782cf5be654289 # v3.5.0 + uses: getsentry/action-release@5657c9e888b4e2cc85f4d29143ea4131fde4a73a # v3.6.0 diff --git a/.github/workflows/server-ci-artifacts.yml b/.github/workflows/server-ci-artifacts.yml index 202a03bc199..c31b65a7518 100644 --- a/.github/workflows/server-ci-artifacts.yml +++ b/.github/workflows/server-ci-artifacts.yml @@ -33,14 +33,14 @@ jobs: - update-initial-status steps: - name: cd/configure-aws-credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: aws-region: us-east-1 aws-access-key-id: ${{ secrets.PR_BUILDS_BUCKET_AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.PR_BUILDS_BUCKET_AWS_SECRET_ACCESS_KEY }} - name: cd/download-artifacts-from-PR-workflow - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: run-id: ${{ github.event.workflow_run.id }} github-token: ${{ github.token }} @@ -77,7 +77,7 @@ jobs: TAG: ${{ steps.set_tag.outputs.TAG }} steps: - name: cd/docker-login - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: mattermostdev password: ${{ secrets.DOCKERHUB_DEV_TOKEN }} @@ -91,7 +91,7 @@ jobs: - name: cd/download-build-artifact if: github.event.workflow_run.head_repository.full_name == github.repository - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: run-id: ${{ github.event.workflow_run.id }} github-token: ${{ github.token }} @@ -99,12 +99,12 @@ jobs: path: server/build/ - name: cd/setup-cosign - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 with: cosign-release: v${{ env.COSIGN_VERSION }} - name: cd/setup-docker-buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: cd/set-docker-tag id: set_tag diff --git a/.github/workflows/server-ci-report.yml b/.github/workflows/server-ci-report.yml index 528b0fe34db..e83e871bff3 100644 --- a/.github/workflows/server-ci-report.yml +++ b/.github/workflows/server-ci-report.yml @@ -16,7 +16,7 @@ jobs: REPORT_MATRIX: ${{ steps.report.outputs.REPORT_MATRIX }} steps: - name: report/download-artifacts-from-PR-workflow - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: run-id: ${{ github.event.workflow_run.id }} github-token: ${{ github.token }} @@ -69,7 +69,7 @@ jobs: matrix: ${{ fromJson(needs.generate-report-matrix.outputs.REPORT_MATRIX) }} steps: - name: report/download-artifacts-from-PR-workflow - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: run-id: ${{ github.event.workflow_run.id }} github-token: ${{ github.token }} @@ -95,7 +95,7 @@ jobs: fi - name: Publish test report id: report - uses: mikepenz/action-junit-report@49b2ca06f62aa7ef83ae6769a2179271e160d8e4 # v6.3.1 + uses: mikepenz/action-junit-report@3a81627bfac62268172037048872e8ebd4207e6d # v6.4.1 with: report_paths: ${{ matrix.test.artifact }}/report.xml check_name: ${{ matrix.test.name }} (Results) @@ -108,7 +108,7 @@ jobs: check_annotations: true - name: Report retried tests (pull request) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: ${{ steps.report.outputs.flaky_summary != '
TestRetries
' && steps.report.outputs.failed == '0' && github.event.workflow_run.event == 'pull_request' }} env: TEST_NAME: "${{ matrix.test.name }}" diff --git a/.github/workflows/server-ci.yml b/.github/workflows/server-ci.yml index c7537dad254..fb1832dc46b 100644 --- a/.github/workflows/server-ci.yml +++ b/.github/workflows/server-ci.yml @@ -44,7 +44,7 @@ jobs: run: echo GO_VERSION=$(cat .go-version) >> "${GITHUB_OUTPUT}" - name: Check for go.mod changes id: changed-files - uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5 + uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # v47.0.6 with: files: | **/go.mod @@ -351,7 +351,7 @@ jobs: - name: Checkout mattermost project uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: ci/setup-node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" cache: "npm" @@ -364,7 +364,7 @@ jobs: make build-cmd make package - name: Persist dist artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-dist-artifact path: server/dist/ @@ -373,7 +373,7 @@ jobs: retention-days: 2 - name: Persist build artifacts if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-build-artifact path: server/build/ diff --git a/.github/workflows/server-test-merge-template.yml b/.github/workflows/server-test-merge-template.yml index c9f6866f854..ccc035e3a8e 100644 --- a/.github/workflows/server-test-merge-template.yml +++ b/.github/workflows/server-test-merge-template.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Download all shard artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: ${{ inputs.artifact-pattern }} path: shards @@ -65,7 +65,7 @@ jobs: done - name: Upload merged test logs - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ inputs.artifact-name }} path: merged/ @@ -91,7 +91,7 @@ jobs: # onto the lightest shard, overloading it and repeating the failure). - name: Save test timing cache if: inputs.save-timing-cache && inputs.all-shards-passed && steps.timing-prep.outputs.has_timing == 'true' && github.ref_name == github.event.repository.default_branch - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | server/prev-report.xml diff --git a/.github/workflows/server-test-template.yml b/.github/workflows/server-test-template.yml index a8168fa2f47..bb54bcb38c0 100644 --- a/.github/workflows/server-test-template.yml +++ b/.github/workflows/server-test-template.yml @@ -79,7 +79,7 @@ jobs: - name: buildenv/docker-login # Only FIPS requires login for private build container. (Forks won't have credentials.) if: inputs.fips-enabled - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -90,7 +90,7 @@ jobs: - name: Restore test timing data if: inputs.shard-total > 1 id: timing-cache - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | server/prev-report.xml @@ -150,7 +150,7 @@ jobs: - name: Setup Go for test discovery if: inputs.shard-total > 1 - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ inputs.go-version }} @@ -238,7 +238,7 @@ jobs: $DOCKER_CMD - name: Upload coverage to Codecov if: ${{ inputs.enablecoverage }} - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: token: ${{ secrets.CODECOV_TOKEN }} disable_search: true @@ -252,7 +252,7 @@ jobs: - name: Archive logs if: ${{ always() }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ steps.build.outputs.LOG_ARTIFACT_NAME }} path: | diff --git a/.github/workflows/tools-ci.yml b/.github/workflows/tools-ci.yml index 073acbea651..48737f0df7b 100644 --- a/.github/workflows/tools-ci.yml +++ b/.github/workflows/tools-ci.yml @@ -24,7 +24,7 @@ jobs: - name: Checkout mattermost project uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: tools/mattermost-govet/go.mod - name: Run check-style @@ -40,7 +40,7 @@ jobs: - name: Checkout mattermost project uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: tools/mattermost-govet/go.mod - name: Run tests diff --git a/.github/workflows/webapp-ci.yml b/.github/workflows/webapp-ci.yml index 869413d7e58..00c2463741d 100644 --- a/.github/workflows/webapp-ci.yml +++ b/.github/workflows/webapp-ci.yml @@ -54,7 +54,7 @@ jobs: working-directory: webapp steps: - name: ci/checkout-repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: ci/setup uses: ./.github/actions/webapp-setup - name: ci/check-external-links @@ -99,7 +99,7 @@ jobs: run: | npm run test-ci --workspace=platform/client --workspace=platform/components --workspace=platform/shared -- --coverage - name: ci/upload-coverage-artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage-platform path: | @@ -130,7 +130,7 @@ jobs: run: | npm run test-ci -- --config jest.config.mattermost-redux.js - name: ci/upload-coverage-artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage-mattermost-redux path: ./webapp/channels/coverage @@ -162,7 +162,7 @@ jobs: run: | npm run test-ci -- --config jest.config.channels.js --coverageDirectory=coverage/shard-${{ matrix.shard }} --shard=${{ matrix.shard }}/4 - name: ci/upload-coverage-artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage-channels-shard-${{ matrix.shard }} path: ./webapp/channels/coverage/shard-${{ matrix.shard }} @@ -181,7 +181,7 @@ jobs: - name: ci/setup uses: ./.github/actions/webapp-setup - name: ci/download-coverage-artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: coverage-* path: webapp/channels/coverage-artifacts @@ -218,7 +218,7 @@ jobs: npx nyc report --reporter=text-summary --reporter=lcov --temp-dir .nyc_output --report-dir coverage/merged echo "Coverage merged successfully" - name: Upload coverage to Codecov - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: token: ${{ secrets.CODECOV_TOKEN }} disable_search: true