From 372c1eb1515d98bb0e3500d01c07b9af2f2d3838 Mon Sep 17 00:00:00 2001 From: Angular Robot Date: Wed, 19 Nov 2025 05:04:18 +0000 Subject: [PATCH] build: update all github actions See associated pull request for more information. --- .github/workflows/assistant-to-the-branch-manager.yml | 2 +- .github/workflows/branch-manager.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/commit-message-based-labels.yml | 2 +- .github/workflows/feature-request.yml | 2 +- .github/workflows/gemini-review.yml | 2 +- .github/workflows/ng-renovate.yml | 2 +- .github/workflows/org-wide-actions.yml | 4 ++-- .github/workflows/perf.yml | 4 ++-- .github/workflows/post-approval-changes.yml | 2 +- .github/workflows/pr.yml | 4 ++-- .github/workflows/publish-snapshots.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- github-actions/npm/checkout-and-setup-node/action.yml | 2 +- 15 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/assistant-to-the-branch-manager.yml b/.github/workflows/assistant-to-the-branch-manager.yml index f8eca6617..f261260de 100644 --- a/.github/workflows/assistant-to-the-branch-manager.yml +++ b/.github/workflows/assistant-to-the-branch-manager.yml @@ -16,7 +16,7 @@ jobs: assistant_to_the_branch_manager: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: # Setting persist-credentials instructs actions/checkout not to persist the credentials # in configuration or environment. Since we don't rely on the credentials used for diff --git a/.github/workflows/branch-manager.yml b/.github/workflows/branch-manager.yml index 2c9ae54c7..e547871b3 100644 --- a/.github/workflows/branch-manager.yml +++ b/.github/workflows/branch-manager.yml @@ -24,7 +24,7 @@ jobs: branch_manager: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: # Setting `persist-credentials: false` prevents the github-action account from being the # account that is attempted to be used for authentication, instead the remote is set to diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4ede0f8a0..8ff2c21dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,7 +37,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9695dc30c..0d8fa3d36 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,12 +25,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Initialize CodeQL - uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: category: '/language:${{matrix.language}}' diff --git a/.github/workflows/commit-message-based-labels.yml b/.github/workflows/commit-message-based-labels.yml index a94a5607b..c5349a29e 100644 --- a/.github/workflows/commit-message-based-labels.yml +++ b/.github/workflows/commit-message-based-labels.yml @@ -12,7 +12,7 @@ jobs: commit_message_based_labels: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/pull-request-labeling with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/feature-request.yml b/.github/workflows/feature-request.yml index 5f1f4ee44..c8caf1633 100644 --- a/.github/workflows/feature-request.yml +++ b/.github/workflows/feature-request.yml @@ -10,7 +10,7 @@ jobs: feature_triage: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/feature-request with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml index cc1bc7904..8adb32cf6 100644 --- a/.github/workflows/gemini-review.yml +++ b/.github/workflows/gemini-review.yml @@ -40,7 +40,7 @@ jobs: --repo "${REPOSITORY}" - name: 'Checkout repository' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: 'Run Gemini security analysis review' uses: 'google-github-actions/run-gemini-cli@f7db4b6f82ad0c3725cf4c98bdd93af80e22b4dc' # v0.1.14 diff --git a/.github/workflows/ng-renovate.yml b/.github/workflows/ng-renovate.yml index ae60bc60a..65dd30672 100644 --- a/.github/workflows/ng-renovate.yml +++ b/.github/workflows/ng-renovate.yml @@ -30,7 +30,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/npm/checkout-and-setup-node with: cache-dependency-path: './.github/ng-renovate/pnpm-lock.yaml' diff --git a/.github/workflows/org-wide-actions.yml b/.github/workflows/org-wide-actions.yml index 1db861223..fe9c709e2 100644 --- a/.github/workflows/org-wide-actions.yml +++ b/.github/workflows/org-wide-actions.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'angular/dev-infra' runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./.github/local-actions/labels-sync with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} @@ -28,7 +28,7 @@ jobs: if: github.repository == 'angular/dev-infra' runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./.github/local-actions/lock-closed with: lock-bot-key: ${{ secrets.LOCK_BOT_PRIVATE_KEY }} diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml index 2359ffaf5..aa18ad02a 100644 --- a/.github/workflows/perf.yml +++ b/.github/workflows/perf.yml @@ -23,7 +23,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - run: pnpm install --frozen-lockfile @@ -41,7 +41,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - run: pnpm install --frozen-lockfile diff --git a/.github/workflows/post-approval-changes.yml b/.github/workflows/post-approval-changes.yml index 761550eab..358091f27 100644 --- a/.github/workflows/post-approval-changes.yml +++ b/.github/workflows/post-approval-changes.yml @@ -9,7 +9,7 @@ jobs: post_approval_changes: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/post-approval-changes with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index fb8ec1747..cfe1b2ae3 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -22,7 +22,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote @@ -48,7 +48,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote diff --git a/.github/workflows/publish-snapshots.yml b/.github/workflows/publish-snapshots.yml index bbd4fe9aa..b81e717e1 100644 --- a/.github/workflows/publish-snapshots.yml +++ b/.github/workflows/publish-snapshots.yml @@ -19,7 +19,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: fetch-depth: 1 - uses: ./github-actions/npm/checkout-and-setup-node diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0de0c92ba..2747da21d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -23,7 +23,7 @@ jobs: id-token: write steps: - name: 'Checkout code' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: persist-credentials: false @@ -45,6 +45,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: sarif_file: results.sarif diff --git a/github-actions/npm/checkout-and-setup-node/action.yml b/github-actions/npm/checkout-and-setup-node/action.yml index 6cdb9fc33..8b5e43ab4 100644 --- a/github-actions/npm/checkout-and-setup-node/action.yml +++ b/github-actions/npm/checkout-and-setup-node/action.yml @@ -38,7 +38,7 @@ runs: git config --global core.eol lf shell: bash - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: filter: blob:none persist-credentials: false