diff --git a/.github/workflows/curriculum-i18n-submodule.yml b/.github/workflows/curriculum-i18n-submodule.yml index 7eae49305c1..eafe9720fba 100644 --- a/.github/workflows/curriculum-i18n-submodule.yml +++ b/.github/workflows/curriculum-i18n-submodule.yml @@ -40,7 +40,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false diff --git a/.github/workflows/deploy-client.yml b/.github/workflows/deploy-client.yml index a351c1f048b..6647d90b349 100644 --- a/.github/workflows/deploy-client.yml +++ b/.github/workflows/deploy-client.yml @@ -78,7 +78,7 @@ jobs: matrix: ${{ steps.matrix.outputs.matrix }} steps: - name: Setup Matrix - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 id: matrix env: TARGET_LANG: ${{ inputs.target_language }} @@ -189,7 +189,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false diff --git a/.github/workflows/devcontainer-ci.yml b/.github/workflows/devcontainer-ci.yml index 94144364fb3..c39d7b6a034 100644 --- a/.github/workflows/devcontainer-ci.yml +++ b/.github/workflows/devcontainer-ci.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Login to GHCR - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/docker-docr.yml b/.github/workflows/docker-docr.yml index e1e359b5a27..b269a2dfdcd 100644 --- a/.github/workflows/docker-docr.yml +++ b/.github/workflows/docker-docr.yml @@ -69,7 +69,7 @@ jobs: echo "tagname=$tagname" >> $GITHUB_OUTPUT - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Install doctl uses: digitalocean/action-doctl@3cb3953159719656269e044e0e24ca16dd2a690f # v2.5.2 @@ -80,7 +80,7 @@ jobs: run: doctl registry login --expiry-seconds 1200 - name: Build & Push Image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: docker/${{ inputs.app }}/Dockerfile diff --git a/.github/workflows/docker-ghcr.yml b/.github/workflows/docker-ghcr.yml index 09f03a4b668..be4cbc46578 100644 --- a/.github/workflows/docker-ghcr.yml +++ b/.github/workflows/docker-ghcr.yml @@ -26,20 +26,20 @@ jobs: submodules: 'recursive' - name: Set up QEMU - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Log in to GHCR - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push images - uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6 + uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7 with: files: docker/devcontainer/docker-bake.hcl targets: devcontainer diff --git a/.github/workflows/e2e-playwright.yml b/.github/workflows/e2e-playwright.yml index 9446f6ff8ba..2868560e91f 100644 --- a/.github/workflows/e2e-playwright.yml +++ b/.github/workflows/e2e-playwright.yml @@ -39,7 +39,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false @@ -70,13 +70,13 @@ jobs: run: cp client-config/serve.json client/public/serve.json - name: Upload Client Artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: client-artifact path: client/public - name: Upload Webpack Stats - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: webpack-stats path: client/public/stats.json @@ -102,7 +102,7 @@ jobs: run: docker save fcc-api > api-artifact.tar - name: Upload API Artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: api-artifact path: api-artifact.tar @@ -129,13 +129,13 @@ jobs: persist-credentials: false - name: Download Client Artifact - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: client-artifact path: client/public - name: Download Api Artifact - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: api-artifact path: api-artifact @@ -151,7 +151,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false @@ -182,7 +182,7 @@ jobs: - name: Run playwright tests run: pnpm run playwright:run --project=${{ matrix.browsers }} --grep-invert 'third-party-donation.spec.ts' - - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 if: ${{ !cancelled() }} with: name: playwright-report-${{ matrix.browsers }} diff --git a/.github/workflows/e2e-third-party.yml b/.github/workflows/e2e-third-party.yml index c2c2eb5ed71..6254a4af59e 100644 --- a/.github/workflows/e2e-third-party.yml +++ b/.github/workflows/e2e-third-party.yml @@ -35,7 +35,7 @@ jobs: path: client-config - name: Setup pnpm - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6.0.3 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 @@ -61,7 +61,7 @@ jobs: run: tar -cf client-artifact.tar client/public - name: Upload Client Artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: client-artifact path: client-artifact.tar @@ -86,7 +86,7 @@ jobs: run: docker save fcc-api > api-artifact.tar - name: Upload API Artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: api-artifact path: api-artifact.tar @@ -110,7 +110,7 @@ jobs: with: persist-credentials: false - - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 - name: Unpack Client Artifact run: | @@ -123,7 +123,7 @@ jobs: rm api-artifact/api-artifact.tar - name: Setup pnpm - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6.0.3 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 @@ -158,7 +158,7 @@ jobs: - name: Run playwright tests run: pnpm run playwright:run third-party-donation.spec.ts --project=${{ matrix.browsers }} - - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 if: ${{ !cancelled() }} with: name: playwright-report-${{ matrix.browsers }} diff --git a/.github/workflows/github-autoclose.yml b/.github/workflows/github-autoclose.yml index 7af2c6ec2e9..21c446dc8af 100644 --- a/.github/workflows/github-autoclose.yml +++ b/.github/workflows/github-autoclose.yml @@ -10,7 +10,7 @@ jobs: autoclose: runs-on: ubuntu-24.04 steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/github-lock-closed-prs.yml b/.github/workflows/github-lock-closed-prs.yml index 5ae4973015c..7fc6b1b13b4 100644 --- a/.github/workflows/github-lock-closed-prs.yml +++ b/.github/workflows/github-lock-closed-prs.yml @@ -9,7 +9,7 @@ jobs: name: Lock Closed PR runs-on: ubuntu-24.04 steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/github-no-i18n-via-prs.yml b/.github/workflows/github-no-i18n-via-prs.yml index ddd2f5f519d..71fa6c7cbe4 100644 --- a/.github/workflows/github-no-i18n-via-prs.yml +++ b/.github/workflows/github-no-i18n-via-prs.yml @@ -12,7 +12,7 @@ jobs: has-translation: runs-on: ubuntu-24.04 steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}} script: | diff --git a/.github/workflows/github-pr-guidelines.yml b/.github/workflows/github-pr-guidelines.yml index cf22135be50..c5e0fa51d19 100644 --- a/.github/workflows/github-pr-guidelines.yml +++ b/.github/workflows/github-pr-guidelines.yml @@ -20,7 +20,7 @@ jobs: - name: Check if PR author is allow-listed id: pr_author - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: # GITHUB_TOKEN does not have the read:org permission needed for this call # while CAMPERBOT_NO_TRANSLATE does, since it is a PAT for the camperbot account with read:org scope @@ -49,7 +49,7 @@ jobs: fi - name: Add comment on PR if commits are made on GitHub Web UI - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 if: steps.pr_author.outputs.is_allow_listed == 'false' && env.IS_GITHUB_COMMIT == 'true' && github.event.action != 'edited' with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -64,7 +64,7 @@ jobs: - name: Add deprioritized label if: failure() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -88,7 +88,7 @@ jobs: sparse-checkout: .github/scripts/pr-guidelines sparse-checkout-cone-mode: false - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -113,7 +113,7 @@ jobs: sparse-checkout-cone-mode: false - id: check - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -135,7 +135,7 @@ jobs: sparse-checkout-cone-mode: false - id: check - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -155,7 +155,7 @@ jobs: sparse-checkout: .github/scripts/pr-guidelines sparse-checkout-cone-mode: false - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/github-spam.yml b/.github/workflows/github-spam.yml index 6f797d8ae49..68ab60c7da6 100644 --- a/.github/workflows/github-spam.yml +++ b/.github/workflows/github-spam.yml @@ -8,7 +8,7 @@ jobs: is-spam: runs-on: ubuntu-24.04 steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}} script: | diff --git a/.github/workflows/i18n-validate-builds.yml b/.github/workflows/i18n-validate-builds.yml index 30a025ebedb..cf332fe291e 100644 --- a/.github/workflows/i18n-validate-builds.yml +++ b/.github/workflows/i18n-validate-builds.yml @@ -28,7 +28,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false diff --git a/.github/workflows/i18n-validate-prs.yml b/.github/workflows/i18n-validate-prs.yml index d4ee343ae7d..7942398e98c 100644 --- a/.github/workflows/i18n-validate-prs.yml +++ b/.github/workflows/i18n-validate-prs.yml @@ -30,7 +30,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false @@ -49,7 +49,7 @@ jobs: - name: Create Comment # Run if the validate challenge files step fails, specifically. Note that we need the failure() call for this step to trigger if the action fails. if: ${{ failure() && steps.validate.conclusion == 'failure' }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}} script: | diff --git a/.github/workflows/node.js-tests.yml b/.github/workflows/node.js-tests.yml index 73e80e8f221..9407b0eddd0 100644 --- a/.github/workflows/node.js-tests.yml +++ b/.github/workflows/node.js-tests.yml @@ -55,7 +55,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false @@ -115,7 +115,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false @@ -158,7 +158,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false @@ -211,7 +211,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false @@ -266,7 +266,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Install pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@903f9c1a6ebcba6cf41d87230be49611ac97822e # v6 id: pnpm-install with: run_install: false