chore: update GitHub Actions versions across all workflows

.github/workflows/build_docker_image_and_push_to_ecr.yaml

@@ -109,13 +109,13 @@ jobs:
     steps:
       - name: Send notification to slack
         if: inputs.slackChannelId != ''
-        uses: slackapi/slack-github-action@v1.26.0
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.slackToken }}
+        uses: slackapi/slack-github-action@v3.0.1
         with:
-          channel-id: ${{ inputs.slackChannelId }}
+          method: chat.postMessage
+          token: ${{ secrets.slackToken }}
           payload: |
             {
+              "channel": "${{ inputs.slackChannelId }}",
               "text": ":large_blue_circle: *${{ github.repository }} build started*",
               "attachments": [
                 {
@@ -171,12 +171,12 @@ jobs:
       #   uses: docker/setup-qemu-action@v2
 
       - name: setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       # First assume GithubOIDCRole role, the trust relationship between GitHub and AWS is defined in IAM GithubOIDCRole in the organization account. This role has permissions to assume Deployer roles only.
       - name: assume GithubOIDCRole
         if: inputs.useOIDC == true
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-region: ${{ inputs.awsRegion }}
           role-to-assume: ${{ inputs.githubOIDCRoleArn }}
@@ -189,7 +189,7 @@ jobs:
       # Then assume Deployer role, which can be assumed by GithubOIDCRole and has all the permissions needed to deploy cloudformation stacks.
       - name: assume Deployer role
         if: inputs.useOIDC == true
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-region: ${{ inputs.awsRegion }}
           role-to-assume: ${{ inputs.awsRoleArn }}
@@ -204,15 +204,15 @@ jobs:
 
       - name: login to AWS ECR
         if: inputs.useOIDC == false
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ${{ inputs.registry }}
           username: ${{ secrets.AWS_ACCESS_KEY_ID }}
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
       - name: build and push
         id: build_and_push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v7
         with:
           context: ${{ inputs.dockerContext }}
           file: ${{ inputs.dockerFilePath }}
@@ -238,13 +238,13 @@ jobs:
 
       - name: send result to slack
         if: always() && inputs.slackChannelId != ''
-        uses: slackapi/slack-github-action@v1.26.0
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.slackToken }}
+        uses: slackapi/slack-github-action@v3.0.1
         with:
-          channel-id: ${{ inputs.slackChannelId }}
+          method: chat.postMessage
+          token: ${{ secrets.slackToken }}
           payload: |
             {
+              "channel": "${{ inputs.slackChannelId }}",
               "text": ":${{ steps.helper.outputs.emoji }}: *${{ github.repository }} build result: ${{ job.status }}*",
               "attachments": [
                 {

.github/workflows/check-execute-workflow-dist.yaml

@@ -36,7 +36,7 @@ jobs:
         run: npm run build
 
       - name: Commit and push if changed
-        uses: EndBug/add-and-commit@v9
+        uses: EndBug/add-and-commit@v10
         with:
           author_name: github-actions[bot]
           author_email: 41898282+github-actions[bot]@users.noreply.github.com

.github/workflows/claude-md-maintenance.yml

@@ -23,9 +23,9 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: "20"
+          node-version: "24"
 
       - name: Install Claude Code CLI
         run: npm install -g @anthropic-ai/claude-code

.github/workflows/create_changelog.yaml

@@ -62,7 +62,7 @@ jobs:
     steps:
       - name: get changelog
         id: changelog
-        uses: apify/release-pr-action@v3.5.1
+        uses: apify/release-pr-action@v3.5.3
         with:
           slack-token: ${{ secrets.slackToken }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -77,13 +77,13 @@ jobs:
 
       - name: report failure to slack
         if: failure() && inputs.slackChannelIdForFailureMsg != ''
-        uses: slackapi/slack-github-action@v1.26.0
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.slackToken }}
+        uses: slackapi/slack-github-action@v3.0.1
         with:
-          channel-id: ${{ inputs.slackChannelIdForFailureMsg }}
+          method: chat.postMessage
+          token: ${{ secrets.slackToken }}
           payload: |
             {
+              "channel": "${{ inputs.slackChannelIdForFailureMsg }}",
               "text": ":red_circle: *${{ github.repository }} automated release action: ${{ job.status }}*",
               "attachments": [
                 {

.github/workflows/deploy_cloudformation.yaml

@@ -100,13 +100,13 @@ jobs:
     steps:
       - name: send notification to slack
         if: inputs.slackChannelId != ''
-        uses: slackapi/slack-github-action@v1.26.0
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.slackToken }}
+        uses: slackapi/slack-github-action@v3.0.1
         with:
-          channel-id: ${{ inputs.slackChannelId }}
+          method: chat.postMessage
+          token: ${{ secrets.slackToken }}
           payload: |
             {
+              "channel": "${{ inputs.slackChannelId }}",
               "text": ":large_blue_circle: *${{ github.repository }} deploy of cloudformation stack ${{ inputs.stackName }} started*",
               "attachments": [
                 {
@@ -143,7 +143,7 @@ jobs:
 
       - name: assume IAM role
         if: inputs.useOIDC == false
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-access-key-id: ${{ secrets.awsAccessKeyId }}
           aws-secret-access-key: ${{ secrets.awsSecretAccessKey }}
@@ -158,7 +158,7 @@ jobs:
       # First assume GithubOIDCRole role, the trust relationship between GitHub and AWS is defined in IAM GithubOIDCRole in the organization account. This role has permissions to assume Deployer roles only.
       - name: assume GithubOIDCRole
         if: inputs.useOIDC == true
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-region: ${{ inputs.awsRegion }}
           role-to-assume: ${{ inputs.githubOIDCRoleArn }}
@@ -171,7 +171,7 @@ jobs:
       # Then assume Deployer role, which can be assumed by GithubOIDCRole and has all the permissions needed to deploy cloudformation stacks.
       - name: assume Deployer role
         if: inputs.useOIDC == true
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-region: ${{ inputs.awsRegion }}
           role-to-assume: ${{ inputs.awsRoleArn }}
@@ -257,13 +257,13 @@ jobs:
 
       - name: send result to slack
         if: always() && inputs.slackChannelId != ''
-        uses: slackapi/slack-github-action@v1.26.0
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.slackToken }}
+        uses: slackapi/slack-github-action@v3.0.1
         with:
-          channel-id: ${{ inputs.slackChannelId }}
+          method: chat.postMessage
+          token: ${{ secrets.slackToken }}
           payload: |
             {
+              "channel": "${{ inputs.slackChannelId }}",
               "text": ":${{ steps.helper.outputs.emoji }}: *${{ github.repository }} deploy of cloudformation stack ${{ inputs.stackName }} result: ${{ job.status }}*",
               "attachments": [
                 {

.github/workflows/deploy_helmfile.yaml

@@ -122,13 +122,13 @@ jobs:
 
       - name: Send notification to slack
         if: inputs.slackChannelId != ''
-        uses: slackapi/slack-github-action@v1.26.0
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.slackToken }}
+        uses: slackapi/slack-github-action@v3.0.1
         with:
-          channel-id: ${{ inputs.slackChannelId }}
+          method: chat.postMessage
+          token: ${{ secrets.slackToken }}
           payload: |
             {
+              "channel": "${{ inputs.slackChannelId }}",
               "text": ":large_blue_circle: *${{ github.repository }} deploy of helmfile started*",
               "attachments": [
                 {
@@ -197,7 +197,7 @@ jobs:
 
       - name: assume IAM role
         if: inputs.useOIDC == false
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-access-key-id: ${{ secrets.awsAccessKeyId }}
           aws-secret-access-key: ${{ secrets.awsSecretAccessKey }}
@@ -212,7 +212,7 @@ jobs:
       # First assume GithubOIDCRole role, the trust relationship between GitHub and AWS is defined in IAM GithubOIDCRole in the organization account. This role has permissions to assume Deployer roles only.
       - name: assume GithubOIDCRole
         if: inputs.useOIDC == true
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-region: ${{ inputs.awsRegion }}
           role-to-assume: ${{ inputs.githubOIDCRoleArn }}
@@ -225,7 +225,7 @@ jobs:
       # Then assume Deployer role, which can be assumed by GithubOIDCRole and has all the permissions needed to deploy cloudformation stacks.
       - name: assume Deployer role
         if: inputs.useOIDC == true
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-region: ${{ inputs.awsRegion }}
           role-to-assume: ${{ inputs.awsRoleArn }}
@@ -237,7 +237,7 @@ jobs:
         run: aws eks update-kubeconfig --name ${{ inputs.eksClusterName }} $OPTIONAL_PARAMS
 
       - name: Tailscale VPN
-        uses: tailscale/github-action@v2
+        uses: tailscale/github-action@v4
         if: inputs.enableVpn == 'true'
         with:
           oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
@@ -289,13 +289,13 @@ jobs:
 
       - name: send result to slack
         if: always() && inputs.slackChannelId != ''
-        uses: slackapi/slack-github-action@v1.26.0
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.slackToken }}
+        uses: slackapi/slack-github-action@v3.0.1
         with:
-          channel-id: ${{ inputs.slackChannelId }}
+          method: chat.postMessage
+          token: ${{ secrets.slackToken }}
           payload: |
             {
+              "channel": "${{ inputs.slackChannelId }}",
               "text": ":${{ steps.helper.outputs.emoji }}: *${{ github.repository }} deploy of helmfile result: ${{ job.status }}*",
               "attachments": [
                 {

.github/workflows/get_values.yaml

@@ -62,7 +62,7 @@ jobs:
           echo "clean_branch_name_with_suffix=${CLEAN_BRANCH_NAME_WITH_SUFFIX}" >> $GITHUB_OUTPUT
 
       - name: get last commit author
-        uses: actions/github-script@v7
+        uses: actions/github-script@v9
         id: get_commit_author
         with:
           result-encoding: string

.github/workflows/invalidate_cloudfront.yaml

@@ -66,7 +66,7 @@ jobs:
     steps:
       - name: assume IAM role
         if: inputs.useOIDC == false
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-access-key-id: ${{ secrets.awsAccessKeyId }}
           aws-secret-access-key: ${{ secrets.awsSecretAccessKey }}
@@ -81,7 +81,7 @@ jobs:
       # First assume GithubOIDCRole role, the trust relationship between GitHub and AWS is defined in IAM GithubOIDCRole in the organization account. This role has permissions to assume Deployer roles only.
       - name: assume GithubOIDCRole
         if: inputs.useOIDC == true
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-region: ${{ inputs.awsRegion }}
           role-to-assume: ${{ inputs.githubOIDCRoleArn }}
@@ -94,7 +94,7 @@ jobs:
       # Then assume Deployer role, which can be assumed by GithubOIDCRole and has all the permissions needed.
       - name: assume Deployer role
         if: inputs.useOIDC == true
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-region: ${{ inputs.awsRegion }}
           role-to-assume: ${{ inputs.awsRoleArn }}

.github/workflows/open_pull_request.yaml

@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-22.04-arm64
     steps:
       - name: open release pull-request
-        uses: apify/release-pr-action@v3.5.1
+        uses: apify/release-pr-action@v3.5.3
         with:
           github-token: ${{ secrets.githubToken }}
           changelog-scopes: ${{ inputs.changelogScopes }}

.github/workflows/python_bump_and_update_changelog.yaml

@@ -41,7 +41,7 @@ jobs:
           python-version: ${{ inputs.python_version }}
 
       - name: Set up uv package manager
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v8.0.0
         with:
           python-version: ${{ inputs.python_version }}
 
@@ -53,15 +53,15 @@ jobs:
           uv version "${new_version}"
 
       - name: Update CHANGELOG.md
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@v1.3
         with:
           path: CHANGELOG.md
           write-mode: overwrite
           contents: ${{ inputs.changelog }}
 
       - name: Commit changes
         id: commit
-        uses: EndBug/add-and-commit@v9
+        uses: EndBug/add-and-commit@v10
         with:
           author_name: github-actions[bot]
           author_email: 41898282+github-actions[bot]@users.noreply.github.com

.github/workflows/python_docs_check.yaml

@@ -16,7 +16,7 @@ on:
         description: Node.js version to use for building docs.
         required: false
         type: string
-        default: "20"
+        default: "24"
       install_command:
         description: Command to install Python dependencies.
         required: false
@@ -53,7 +53,7 @@ jobs:
           python-version: ${{ inputs.python_version }}
 
       - name: Set up uv package manager
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v8.0.0
         with:
           python-version: ${{ inputs.python_version }}
 

.github/workflows/python_integration_tests.yaml

@@ -86,7 +86,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
 
       - name: Set up uv package manager
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v8.0.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -110,7 +110,7 @@ jobs:
             matrix.python-version == inputs.python_version_for_codecov &&
             env.CODECOV_TOKEN != ''
           }}
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         with:
           token: ${{ env.CODECOV_TOKEN }}
           files: coverage-integration.xml

.github/workflows/python_lint_check.yaml

@@ -36,7 +36,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
 
       - name: Set up uv package manager
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v8.0.0
         with:
           python-version: ${{ matrix.python-version }}
 

.github/workflows/python_type_check.yaml

@@ -36,7 +36,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
 
       - name: Set up uv package manager
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v8.0.0
         with:
           python-version: ${{ matrix.python-version }}