diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml index 4d932b13..7715f64a 100644 --- a/.github/workflows/build-and-test.yaml +++ b/.github/workflows/build-and-test.yaml @@ -3,7 +3,7 @@ on: [pull_request, push] jobs: build: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v3 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@sch-UID2-6742-update-node20-actions secrets: inherit with: vulnerability_scan_only: true \ No newline at end of file diff --git a/.github/workflows/shared-build-and-test.yaml b/.github/workflows/shared-build-and-test.yaml index 1878ee2c..9499c2be 100644 --- a/.github/workflows/shared-build-and-test.yaml +++ b/.github/workflows/shared-build-and-test.yaml @@ -31,18 +31,18 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout uid2-shared-actions repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Set up JDK if: ${{ inputs.vulnerability_scan_only == 'false' }} - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} @@ -66,7 +66,7 @@ jobs: - name: Archive code coverage results if: ${{ inputs.vulnerability_scan_only == 'false' }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: code-coverage-report path: ${{ inputs.working_dir }}/target/site/jacoco/* diff --git a/.github/workflows/shared-check-stable-dependency.yaml b/.github/workflows/shared-check-stable-dependency.yaml index 4c028d4d..f515e13b 100644 --- a/.github/workflows/shared-check-stable-dependency.yaml +++ b/.github/workflows/shared-check-stable-dependency.yaml @@ -8,7 +8,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Resolve dependencies run: mvn -B dependency:resolve diff --git a/.github/workflows/shared-increase-version-number.yaml b/.github/workflows/shared-increase-version-number.yaml index e412cf27..fe898c91 100644 --- a/.github/workflows/shared-increase-version-number.yaml +++ b/.github/workflows/shared-increase-version-number.yaml @@ -44,7 +44,7 @@ jobs: with: release_type: ${{ inputs.release_type }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 20 @@ -74,7 +74,7 @@ jobs: - name: Commit ${{ inputs.working_dir }}/package.json, ${{ inputs.working_dir }}/package-lock.json and ${{ inputs.working_dir }}/version.json if: ${{ inputs.version_number_input == '' && steps.setup.outputs.IS_RELEASE != 'true' }} id: commit-without-tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/package.json ${{ inputs.working_dir }}/package-lock.json ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -83,7 +83,7 @@ jobs: - name: Commit ${{ inputs.working_dir }}/package.json, ${{ inputs.working_dir }}/package-lock.json, ${{ inputs.working_dir }}/version.json and set tag if: ${{ inputs.version_number_input == '' && steps.setup.outputs.IS_RELEASE == 'true' }} id: commit-and-tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/package.json ${{ inputs.working_dir }}/package-lock.json ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -91,7 +91,7 @@ jobs: github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }} - name: Print outputs - uses: actions/github-script@v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 with: script: | console.log('Result', '${{ steps.commit-and-tag.outcome }}'); diff --git a/.github/workflows/shared-promote-auto-pr.yaml b/.github/workflows/shared-promote-auto-pr.yaml index 6118fe66..b0cab44c 100644 --- a/.github/workflows/shared-promote-auto-pr.yaml +++ b/.github/workflows/shared-promote-auto-pr.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create Pull Request run: | echo "branch ${{ github.ref }} was pushed to" diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index 36bad1ec..06778ae8 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -72,7 +72,7 @@ jobs: steps: - name: Check branch and release type id: checkRelease - uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v3 + uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@sch-UID2-6742-update-node20-actions with: release_type: ${{ inputs.release_type }} force_release: ${{ inputs.force_release }} @@ -87,20 +87,20 @@ jobs: IS_RELEASE: ${{ steps.checkRelease.outputs.is_release }} - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} - name: Checkout full history on Main - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ inputs.version_number_input == ''}} with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 - name: Checkout full history at tag v${{ inputs.version_number_input }} - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ inputs.version_number_input != ''}} with: ref: v${{ inputs.version_number_input }} @@ -112,7 +112,7 @@ jobs: - name: Set version number id: version - uses: IABTechLab/uid2-shared-actions/actions/version_number@v2 + uses: IABTechLab/uid2-shared-actions/actions/version_number@sch-UID2-6742-update-node20-actions with: type: ${{ inputs.release_type }} version_number: ${{ inputs.version_number_input }} @@ -145,7 +145,7 @@ jobs: - name: Commit pom.xml and version.json if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release != 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{inputs.working_dir}}/pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -153,7 +153,7 @@ jobs: - name: Commit pom.xml, version.json and set tag if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{inputs.working_dir}}/pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -161,7 +161,7 @@ jobs: github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }} - name: Log in to the Docker container registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -169,7 +169,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ inputs.append_image_name }} tags: | @@ -183,7 +183,7 @@ jobs: echo "firstTag=$FIRST_TAG" >> $GITHUB_OUTPUT - name: Build and export to Docker - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{inputs.working_dir}} load: true @@ -194,7 +194,7 @@ jobs: IMAGE_VERSION=${{ steps.version.outputs.new_version }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_severity }} @@ -203,7 +203,7 @@ jobs: scan_type: image - name: Push to Docker - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{inputs.working_dir}} push: true @@ -229,11 +229,11 @@ jobs: - name: Delete Draft Releases if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@v3 + uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@sch-UID2-6742-update-node20-actions - name: Create Release if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-publish-to-docker-versioned.yaml b/.github/workflows/shared-publish-to-docker-versioned.yaml index 942b4953..dd4946f9 100644 --- a/.github/workflows/shared-publish-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-to-docker-versioned.yaml @@ -62,7 +62,7 @@ jobs: - name: Publish to Docker id: publishToDocker - uses: IABTechLab/uid2-shared-actions/actions/shared_publish_to_docker@v3 + uses: IABTechLab/uid2-shared-actions/actions/shared_publish_to_docker@sch-UID2-6742-update-node20-actions with: new_version: ${{ inputs.new_version }} image_tag: ${{ inputs.image_tag }} diff --git a/.github/workflows/shared-publish-to-ios-version.yaml b/.github/workflows/shared-publish-to-ios-version.yaml index e56bce26..367273f6 100644 --- a/.github/workflows/shared-publish-to-ios-version.yaml +++ b/.github/workflows/shared-publish-to-ios-version.yaml @@ -44,7 +44,7 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -91,7 +91,7 @@ jobs: xcodebuild test -scheme UID2Prebid -destination "OS=26.2,name=iPhone 17" - name: Commit SDK properties, podspecs, version.json and set tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/Sources/UID2/Properties/UID2SDKProperties.swift ${{ inputs.working_dir }}/UID2.podspec.json ${{ inputs.working_dir }}/UID2Prebid.podspec.json ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -112,7 +112,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Create Release - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-publish-to-maven-versioned.yaml b/.github/workflows/shared-publish-to-maven-versioned.yaml index 1fe1b952..b4aa98d3 100644 --- a/.github/workflows/shared-publish-to-maven-versioned.yaml +++ b/.github/workflows/shared-publish-to-maven-versioned.yaml @@ -64,19 +64,19 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} @@ -87,7 +87,7 @@ jobs: key: ${{ secrets.GPG_KEY }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_failure_severity }} @@ -144,7 +144,7 @@ jobs: - name: Commit pom.xml and version.json if: ${{ steps.checkRelease.outputs.is_release != 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/pom.xml ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -152,7 +152,7 @@ jobs: - name: Commit pom.xml, version.json and set tag if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/pom.xml ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -175,7 +175,7 @@ jobs: - name: Create Release if: ${{ env.IS_RELEASE == 'true' }} - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-publish-to-nuget-versioned.yaml b/.github/workflows/shared-publish-to-nuget-versioned.yaml index 19061075..096a3362 100644 --- a/.github/workflows/shared-publish-to-nuget-versioned.yaml +++ b/.github/workflows/shared-publish-to-nuget-versioned.yaml @@ -54,12 +54,12 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup dotnet ${{ inputs.dotnet_version }} - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 with: dotnet-version: ${{ inputs.dotnet_version }} @@ -86,7 +86,7 @@ jobs: - name: Vulnerability Scan id: vulnerability-scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: ${{ inputs.vulnerability_severity }} failure_severity: ${{ inputs.vulnerability_severity }} @@ -100,7 +100,7 @@ jobs: dotnet nuget push ./src/UID2.Client/bin/Release/UID2.Client.${{ steps.version.outputs.new_version }}.nupkg -k ${{ secrets.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json - name: Commit UID2.Client.nuspec, version.json and set tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/UID2.Client.nuspec ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -123,7 +123,7 @@ jobs: - name: Create Release if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-publish-to-pypi-versioned.yaml b/.github/workflows/shared-publish-to-pypi-versioned.yaml index d0a76467..e1c911a9 100644 --- a/.github/workflows/shared-publish-to-pypi-versioned.yaml +++ b/.github/workflows/shared-publish-to-pypi-versioned.yaml @@ -51,12 +51,12 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_failure_severity }} @@ -90,7 +90,7 @@ jobs: python3 -m twine upload dist/* -u __token__ -p "${{ secrets.PYPI_API_KEY }}" - name: Commit pyproject.toml, version.json and set tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/pyproject.toml ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -111,7 +111,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Create Release - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 41b64e2c..637f103d 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -111,52 +111,52 @@ jobs: aws_stack_name: ${{ steps.start_aws_private_operator.outputs.aws_stack_name }} steps: - name: Log in to the Docker container registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Checkout full history - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout uid2-operator repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.operator_branch }} repository: IABTechLab/uid2-operator path: uid2-operator - name: Checkout uid2-core repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.core_branch }} repository: IABTechLab/uid2-core path: uid2-core - name: Checkout uid2-optout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.optout_branch }} repository: IABTechLab/uid2-optout path: uid2-optout - name: Checkout uid2-admin repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.admin_branch }} repository: IABTechLab/uid2-admin path: uid2-admin - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Checkout uid2-e2e repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: IABTechLab/uid2-e2e path: uid2-e2e @@ -180,7 +180,7 @@ jobs: - name: Prepare GCP metadata id: prepare_gcp_metadata if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_gcp_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_gcp_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -190,7 +190,7 @@ jobs: - name: Prepare Azure metadata id: prepare_azure_metadata if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_azure_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_azure_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -198,7 +198,7 @@ jobs: - name: Prepare AWS metadata id: prepare_aws_metadata if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aws_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_aws_metadata@sch-UID2-6742-update-node20-actions with: identity_scope: ${{ inputs.identity_scope }} target_environment: ${{ inputs.target_environment }} @@ -207,7 +207,7 @@ jobs: - name: Start AKS cluster id: start_aks_cluster if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} @@ -226,7 +226,7 @@ jobs: - name: Prepare AKS metadata id: prepare_aks_metadata if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -254,7 +254,7 @@ jobs: - name: Start GCP private operator id: start_gcp_private_operator if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/start_gcp_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_gcp_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -266,7 +266,7 @@ jobs: - name: Start Azure private operator id: start_azure_private_operator if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/start_azure_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_azure_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -278,7 +278,7 @@ jobs: - name: Start AWS private operator id: start_aws_private_operator if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aws_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aws_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -292,7 +292,7 @@ jobs: - name: Start AKS private operator id: start_aks_private_operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@sch-UID2-6742-update-node20-actions with: template_file: ${{ steps.prepare_aks_metadata.outputs.template_file }} azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} @@ -316,7 +316,7 @@ jobs: - name: Run E2E tests id: e2e - uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v3 + uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@sch-UID2-6742-update-node20-actions with: e2e_network: ${{ steps.decide_env_var.outputs.e2e_network }} e2e_image_version: ${{ inputs.e2e_image_version }} @@ -375,15 +375,15 @@ jobs: id-token: write steps: - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Stop GCP private operator if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@sch-UID2-6742-update-node20-actions with: gcp_project: ${{ inputs.gcp_project }} gcp_service_account: ${{ inputs.gcp_service_account }} @@ -392,21 +392,21 @@ jobs: - name: Stop Azure private operator if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }} - name: Stop AWS private operator if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@sch-UID2-6742-update-node20-actions with: aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }} aws_region: ${{ inputs.aws_region }} - name: Stop AKS private operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} diff --git a/.github/workflows/shared-test-slack-webhook.yaml b/.github/workflows/shared-test-slack-webhook.yaml index e371f2eb..df7be41f 100644 --- a/.github/workflows/shared-test-slack-webhook.yaml +++ b/.github/workflows/shared-test-slack-webhook.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Send Slack test message - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2 + uses: rtCamp/action-slack-notify@cdf0a2130cbcdfd82ba5fcac8e076370bf381b36 # v2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_TITLE: Slack Webhook Test diff --git a/.github/workflows/shared-validate-image.yaml b/.github/workflows/shared-validate-image.yaml index 4a3f3044..d6ec33b5 100644 --- a/.github/workflows/shared-validate-image.yaml +++ b/.github/workflows/shared-validate-image.yaml @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout full history - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 @@ -53,7 +53,7 @@ jobs: uses: thetradedesk/git-restore-mtime-action@a6059d100648f8027eb1af5e6e6fd6e1328083af # v1.3 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} @@ -71,7 +71,7 @@ jobs: echo "git_commit=$(git show --format="%h" --no-patch)" >> $GITHUB_OUTPUT - name: Log in to the Docker container registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -79,14 +79,14 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=sha,prefix=${{ steps.package.outputs.jar_version }}-,suffix=-${{ inputs.cloud_provider }},format=short - name: Build Docker image - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: . load: true @@ -97,7 +97,7 @@ jobs: IMAGE_VERSION=${{ steps.package.outputs.jar_version }}-${{ steps.package.outputs.git_commit }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.failure_severity }} diff --git a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml index cf2fde11..2592ec24 100644 --- a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml @@ -40,18 +40,18 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Set up JDK if: inputs.scan_type == 'image' - uses: actions/setup-java@v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} @@ -77,7 +77,7 @@ jobs: - name: Build Docker image if: inputs.scan_type == 'image' - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{inputs.working_dir}} load: true @@ -88,7 +88,7 @@ jobs: - name: Vulnerability Scan id: vulnerability-scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: ${{ inputs.vulnerability_severity }} failure_severity: ${{ inputs.vulnerability_severity }} @@ -104,7 +104,7 @@ jobs: SLACK_MESSAGE: ':x: Vulnerability scan failed. Please review details: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}. Check past alerts before acting and log new actions to avoid duplicate efforts.' SLACK_TITLE: Vulnerability Scan Failure SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2 + uses: rtCamp/action-slack-notify@cdf0a2130cbcdfd82ba5fcac8e076370bf381b36 # v2 - name: Fail Workflow if Vulnerability Scan step Fails if: ${{ steps.vulnerability-scan.outcome == 'failure' }} diff --git a/.github/workflows/vulnerability-scan-failure-notify.yaml b/.github/workflows/vulnerability-scan-failure-notify.yaml index 6704b919..dec38c01 100644 --- a/.github/workflows/vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/vulnerability-scan-failure-notify.yaml @@ -16,7 +16,7 @@ on: jobs: vulnerability-scan-failure-notify: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@v3 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@sch-UID2-6742-update-node20-actions secrets: SLACK_WEBHOOK : ${{ secrets.SLACK_WEBHOOK }} with: diff --git a/actions/check_branch_and_release_type/action.yaml b/actions/check_branch_and_release_type/action.yaml index f0f31ff6..8effc0ba 100644 --- a/actions/check_branch_and_release_type/action.yaml +++ b/actions/check_branch_and_release_type/action.yaml @@ -41,14 +41,14 @@ runs: - name: Fail if Pre-release on Default branch if: ${{ inputs.release_type == 'Snapshot' && github.event.repository.default_branch == github.ref_name }} - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 with: script: | core.setFailed('Snapshot packages can not be created on the default branch. Release Type: ${{ inputs.release_type }}, Branch: ${{ github.ref_name }}') - name: Fail if Release and not on Default branch or release-yyyy-q branch if: ${{ inputs.release_type != 'Snapshot' && github.event.repository.default_branch != github.ref_name && !startsWith(github.ref_name, 'release')}} - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 with: script: | core.setFailed('Releases can only be created on a Default or release-yyyy-q branch. Release Type: ${{ inputs.release_type }}, Branch: ${{ github.ref_name }}') diff --git a/actions/commit_pr_and_merge/action.yaml b/actions/commit_pr_and_merge/action.yaml index ffdc8780..c7ee2a8f 100644 --- a/actions/commit_pr_and_merge/action.yaml +++ b/actions/commit_pr_and_merge/action.yaml @@ -53,7 +53,7 @@ runs: run: echo "name=ci-${{ github.sha }}-${RANDOM}" >> $GITHUB_OUTPUT - name: Commit to new branch - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 + uses: EndBug/add-and-commit@0a145b91207725ab63102736ff2ddcf18f90cdb5 # v10.0.0 if: steps.changes.outputs.changes_exist == 'true' id: create-branch-and-commit with: @@ -64,7 +64,7 @@ runs: add: ${{ inputs.add }} - name: Create PR - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 if: steps.changes.outputs.changes_exist == 'true' id: create-pr with: @@ -100,7 +100,7 @@ runs: "repos/${{ github.repository }}/git/refs/heads/$BRANCH" || true - name: Tag commit - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 id: tag-commit if: ${{ inputs.tag != '' && steps.changes.outputs.changes_exist == 'true' }} with: @@ -120,7 +120,7 @@ runs: core.setOutput('commit_tag', '${{ inputs.tag }}'); - name: Get commit SHA - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 id: get-commit-sha if: steps.changes.outputs.changes_exist == 'true' with: @@ -134,7 +134,7 @@ runs: core.setOutput('commit_sha', pr.merge_commit_sha); - name: Print outputs - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 if: ${{ inputs.tag != '' && steps.changes.outputs.changes_exist == 'true' }} with: script: | diff --git a/actions/delete_draft_releases/action.yaml b/actions/delete_draft_releases/action.yaml index 7ed426c2..0659d958 100644 --- a/actions/delete_draft_releases/action.yaml +++ b/actions/delete_draft_releases/action.yaml @@ -6,7 +6,7 @@ runs: steps: - name: Delete draft releases - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 id: delete-release with: result-encoding: string diff --git a/actions/prepare_gcp_metadata/action.yaml b/actions/prepare_gcp_metadata/action.yaml index 2639a249..a30f7637 100644 --- a/actions/prepare_gcp_metadata/action.yaml +++ b/actions/prepare_gcp_metadata/action.yaml @@ -32,7 +32,7 @@ runs: steps: - name: Authenticate with Google Cloud id: gcp_auth - uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: token_format: access_token workload_identity_provider: ${{ inputs.gcp_workload_identity_provider_id }} @@ -40,10 +40,10 @@ runs: access_token_lifetime: 1200s - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Log in to the GCP Registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ inputs.gcp_registry }} username: oauth2accesstoken diff --git a/actions/shared_publish_setup/action.yaml b/actions/shared_publish_setup/action.yaml index 0c3dcf81..aad6df3c 100644 --- a/actions/shared_publish_setup/action.yaml +++ b/actions/shared_publish_setup/action.yaml @@ -45,21 +45,21 @@ runs: IS_RELEASE: ${{ steps.checkRelease.outputs.IS_RELEASE }} - name: Set up JDK - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 if: ${{ inputs.java_version != '' }} with: distribution: 'temurin' java-version: ${{ inputs.java_version }} - name: Checkout full history on the commit that triggered the workflow - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ inputs.git_tag_or_hash == ''}} with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 - name: Checkout full history at tag ${{ inputs.git_tag_or_hash }} - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ inputs.git_tag_or_hash != ''}} with: ref: ${{ inputs.git_tag_or_hash }} diff --git a/actions/shared_publish_to_docker/action.yaml b/actions/shared_publish_to_docker/action.yaml index 295ee6d9..48f070c7 100644 --- a/actions/shared_publish_to_docker/action.yaml +++ b/actions/shared_publish_to_docker/action.yaml @@ -46,7 +46,7 @@ runs: uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Log in to the Docker container registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ inputs.docker_registry }} username: ${{ github.actor }} @@ -54,7 +54,7 @@ runs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ inputs.docker_registry }}/${{ inputs.docker_image_name }} tags: | @@ -69,7 +69,7 @@ runs: echo "firstTag=$FIRST_TAG" >> $GITHUB_OUTPUT - name: Build and export to Docker - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{ inputs.docker_context }} file: ${{ inputs.docker_file }} @@ -81,7 +81,7 @@ runs: IMAGE_VERSION=${{ inputs.new_version }} - name: Vulnerability scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: publish_vulnerabilities: ${{ inputs.publish_vulnerabilities }} failure_severity: CRITICAL @@ -90,7 +90,7 @@ runs: scan_type: ${{ inputs.scan_type }} - name: Push to Docker - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{ inputs.docker_context }} file: ${{ inputs.docker_file }} diff --git a/actions/start_aks_cluster/action.yaml b/actions/start_aks_cluster/action.yaml index 5dbdd608..3a7f416e 100644 --- a/actions/start_aks_cluster/action.yaml +++ b/actions/start_aks_cluster/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/start_aks_private_operator/action.yaml b/actions/start_aks_private_operator/action.yaml index b25cf6aa..37bef153 100644 --- a/actions/start_aks_private_operator/action.yaml +++ b/actions/start_aks_private_operator/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/start_aws_private_operator/action.yaml b/actions/start_aws_private_operator/action.yaml index f7530c5c..b74e9559 100644 --- a/actions/start_aws_private_operator/action.yaml +++ b/actions/start_aws_private_operator/action.yaml @@ -40,7 +40,7 @@ runs: steps: - name: Setup Python 3 - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.x @@ -50,7 +50,7 @@ runs: path: ./uid2-shared-actions/scripts/aws/requirements.txt - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ff717079ee2060e4bcee96c4779b553acc87447c # v4 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: us-east-2 role-to-assume: arn:aws:iam::072245134533:role/github-runner-for-uid2-operator diff --git a/actions/start_azure_private_operator/action.yaml b/actions/start_azure_private_operator/action.yaml index 985a958d..32e428d8 100644 --- a/actions/start_azure_private_operator/action.yaml +++ b/actions/start_azure_private_operator/action.yaml @@ -34,7 +34,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/stop_aks_private_operator/action.yaml b/actions/stop_aks_private_operator/action.yaml index 069f71ff..bbbe2ec1 100644 --- a/actions/stop_aks_private_operator/action.yaml +++ b/actions/stop_aks_private_operator/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/stop_aws_private_operator/action.yaml b/actions/stop_aws_private_operator/action.yaml index 7ddb7d1b..23428f24 100644 --- a/actions/stop_aws_private_operator/action.yaml +++ b/actions/stop_aws_private_operator/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ff717079ee2060e4bcee96c4779b553acc87447c # v4 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: us-east-2 role-to-assume: arn:aws:iam::072245134533:role/github-runner-for-uid2-operator diff --git a/actions/stop_azure_private_operator/action.yaml b/actions/stop_azure_private_operator/action.yaml index faa2db48..1091e0e4 100644 --- a/actions/stop_azure_private_operator/action.yaml +++ b/actions/stop_azure_private_operator/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/stop_gcp_private_operator/action.yaml b/actions/stop_gcp_private_operator/action.yaml index 7d14ab74..529922b7 100644 --- a/actions/stop_gcp_private_operator/action.yaml +++ b/actions/stop_gcp_private_operator/action.yaml @@ -24,7 +24,7 @@ runs: steps: - name: Authenticate with Google Cloud id: gcp_auth - uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: token_format: access_token workload_identity_provider: ${{ inputs.gcp_workload_identity_provider_id }} @@ -32,10 +32,10 @@ runs: access_token_lifetime: 1200s - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Log in to the GCP Registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ inputs.gcp_registry }} username: oauth2accesstoken diff --git a/actions/update-major-version-tag/action.yaml b/actions/update-major-version-tag/action.yaml index 2bef6b9c..ce2e276c 100644 --- a/actions/update-major-version-tag/action.yaml +++ b/actions/update-major-version-tag/action.yaml @@ -16,7 +16,7 @@ runs: steps: - name: Update major version tag id: updateTag - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 with: script: | const inputVersion = `${{ inputs.version }}`; diff --git a/actions/vulnerability_scan/action.yaml b/actions/vulnerability_scan/action.yaml index 0b83bbb8..d874cc2b 100644 --- a/actions/vulnerability_scan/action.yaml +++ b/actions/vulnerability_scan/action.yaml @@ -26,7 +26,7 @@ runs: using: "composite" steps: - name: Checkout repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: IABTechLab/uid2-shared-actions ref: v3 @@ -39,7 +39,7 @@ runs: rm -rf tmp-vulnerability-scan - name: Setup oras - uses: oras-project/setup-oras@22ce207df3b08e061f537244349aac6ae1d214f6 # v1 + uses: oras-project/setup-oras@38de303aac69abb66f3e6255b7198bff35f323e3 # v2.0.0 - name: Get current date id: date @@ -48,7 +48,7 @@ runs: - name: Check Cache for Databases id: cache-check - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ${{ github.workspace }}/.cache/trivy key: cache-trivy-${{ steps.date.outputs.date }} @@ -72,14 +72,14 @@ runs: rm javadb.tar.gz - name: Cache DBs - uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 if: ${{ !steps.cache-check.outputs.cache-hit }} with: path: ${{ github.workspace }}/.cache/trivy key: cache-trivy-${{ steps.date.outputs.date }} - name: Generate Trivy vulnerability scan report - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0 if: inputs.publish_vulnerabilities == 'true' with: image-ref: ${{ inputs.image_ref }} @@ -96,14 +96,14 @@ runs: TRIVY_SKIP_JAVA_DB_UPDATE: true - name: Upload Trivy scan report to GitHub Security tab - uses: github/codeql-action/upload-sarif@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3 + uses: github/codeql-action/upload-sarif@c3f298df8c1fea2fefe20c785e6aa00f32df8260 # v4.35.3 if: inputs.publish_vulnerabilities == 'true' with: sarif_file: 'trivy-results.sarif' - name: Local vulnerability scanner for MEDIUM,HIGH,CRITICAL for reporting if: ${{ inputs.full_report == 'true' }} - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0 with: image-ref: ${{ inputs.image_ref }} scan-type: ${{ inputs.scan_type }} @@ -119,7 +119,7 @@ runs: TRIVY_DEPENDENCY_TREE: true - name: Test with Trivy vulnerability scanner - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0 with: image-ref: ${{ inputs.image_ref }} scan-type: ${{ inputs.scan_type }}