From aaf89efbf33fed446583961d177c01453dc3dc9a Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Wed, 14 Jun 2023 00:02:02 -0700 Subject: [PATCH 1/9] build(deps): bump actions/checkout to 3 When run, `actions/checkout` causes several warnings in our workflows: ``` The `save-state` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v2.5.0 replaced the use of `save-state` and v3.0.0 moved to node16. Within the project, several releases are in use: ``` actions/checkout@master actions/checkout@v1 actions/checkout@v2 actions/checkout@v2-beta actions/checkout@v3 ``` Adopt `v3` for all - addressing the warnings and making usage consistent. --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/lint.yml | 4 ++-- .github/workflows/semgrep.yml | 2 +- .github/workflows/sentry-release.yml | 2 +- .github/workflows/tests.yml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0565370bb2..e6e19df248 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b4c8511f56..5de2057ecf 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2-beta + - uses: actions/checkout@v3 - uses: actions/setup-python@v2 with: @@ -113,7 +113,7 @@ jobs: # in version 3.9, but someday we hope to simplify this again. runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2-beta + - uses: actions/checkout@v3 - uses: actions/setup-python@v2 with: diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index d60e837b6a..e1806e2669 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -5,7 +5,7 @@ jobs: runs-on: ubuntu-latest name: Check steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 with: ref: main - name: Semgrep diff --git a/.github/workflows/sentry-release.yml b/.github/workflows/sentry-release.yml index ff1f66629c..2743aabec0 100644 --- a/.github/workflows/sentry-release.yml +++ b/.github/workflows/sentry-release.yml @@ -9,7 +9,7 @@ jobs: createSentryRelease: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master + - uses: actions/checkout@v3 - name: Create a Sentry.io release uses: getsentry/action-release@v1.2.1 env: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 54f95ac7cf..c08387714e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -22,7 +22,7 @@ jobs: tag_flags: ["--exclude-tag selenium", "--tag selenium"] steps: - name: Check out solr - uses: actions/checkout@v2-beta + uses: actions/checkout@v3 with: repository: freelawproject/courtlistener-solr-server ref: main @@ -39,7 +39,7 @@ jobs: sudo find data -type f -exec chmod 664 {} \; sudo find solr -type f -exec chmod 664 {} \; - name: Check out CourtListener - uses: actions/checkout@v2-beta + uses: actions/checkout@v3 with: path: courtlistener From b45968a382ab3735dba113fa1c896584ae7b5e36 Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Thu, 15 Jun 2023 00:23:04 -0700 Subject: [PATCH 2/9] build(deps): bump actions/cache from 2 to 3 When run, `actions/cache` causes a warning in our workflows: ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v3.0.0 moved to node16; adopt the v3 release. --- .github/workflows/lint.yml | 2 +- .github/workflows/tests.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5de2057ecf..798af09e1f 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -32,7 +32,7 @@ jobs: - name: Load cached venv id: cached-poetry-dependencies - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: .venv key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('**/poetry.lock')}}-v20210414 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c08387714e..3f6ce67ffe 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -62,14 +62,14 @@ jobs: with: driver-opts: network=host - name: Cache Docker layers - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx- - name: Cache Docker celery layers - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: /tmp/.buildx-cache-celery key: ${{ runner.os }}-buildx-celery-${{ github.sha }} From d752487534fc7516f302fe21120e9c264c898c5e Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Wed, 14 Jun 2023 16:25:23 -0700 Subject: [PATCH 3/9] build(deps): bump actions/setup-python from 2 to 4 When run, `actions/setup-python` causes a warning in our `lint` workflow: ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v3.0.0 moved to node16; adopt the v3 release. --- .github/workflows/lint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 798af09e1f..4fcded2abe 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: # Once codebase is updated, this can easily be changed to any specific version. python-version: "3.11" @@ -115,7 +115,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: "3.9" From 209b1ce9dd937114d947fc035acf192018bff8d6 Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Wed, 14 Jun 2023 00:02:02 -0700 Subject: [PATCH 4/9] build(deps): bump isort/isort-action from 0.1.0 to 1 When run, `isort-action` causes a warning in our `lint` workflow: ``` The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` Release v1.1.0 replaced the use of `save-state`. Adopt v1 and drop minor version qualifier now transitioned out of initial development. --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4fcded2abe..6589638c94 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -120,4 +120,4 @@ jobs: python-version: "3.9" - name: isort Import Sorter - uses: isort/isort-action@v0.1.0 + uses: isort/isort-action@v1 From 4c709b5ea409684d84b3abfd30bf93b28a6c7ee0 Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Wed, 14 Jun 2023 19:33:01 -0700 Subject: [PATCH 5/9] build(deps): bump docker/build-push-action from 2 to 4 When run, `docker/build-push-action` causes several warnings in our `tests` workflow: ``` The `save-state` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v3.0.0 moved to node16 and v3.2.0 replaced the use of `set-state`. Adopt the latest release, v4 (v3 would be sufficient, but there's no added verification cost to advancing further). NOTE: v4 enabled "support for a minimal SLSA Provenance attestation" which "may introduce issues with registry and runtime support". --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3f6ce67ffe..3f899280b4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -76,7 +76,7 @@ jobs: restore-keys: | ${{ runner.os }}-buildx-celery- - name: Build latest docker django image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v4 with: file: docker/django/Dockerfile push: true @@ -87,7 +87,7 @@ jobs: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Build latest docker celery image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v4 with: file: docker/django/Dockerfile push: true From 86f5952559eb21c8f01134517d89b78fdf92d62e Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Wed, 14 Jun 2023 21:43:16 -0700 Subject: [PATCH 6/9] build(deps): bump docker/setup-buildx-action from 1 to 2 When run, `docker/setup-buildx-action` causes several warnings in our `tests` workflow: ``` The `save-state` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v2.0.2 moved to node16 and v2.1.0 replaced the use of `set-state`; adopt the v2 release. --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3f899280b4..f1c71bbc95 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -58,7 +58,7 @@ jobs: # Build and cache docker images so tests are always run on the latest # dependencies - name: Set up docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 with: driver-opts: network=host - name: Cache Docker layers From 55a09d7e47bf04fc6d0b8b9803badb619750da27 Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Thu, 15 Jun 2023 00:23:04 -0700 Subject: [PATCH 7/9] build(deps): bump aws-actions/configure-aws-credentials from 1 to 2 When run, `aws-actions/configure-aws-credentials` causes a warning in out aws-`docker-compose` workflow: ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v2.0.0 moved to node16; adopt the v2 release. --- .github/workflows/docker-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index b2662ba2b5..f1867b6957 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -32,7 +32,7 @@ jobs: id: vars run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 5e3493e6731b819c2c1276d388c78443b9c80477 Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Thu, 15 Jun 2023 12:03:37 -0700 Subject: [PATCH 8/9] feat(deps): configure Dependabot for Github actions In theory, this will make updates easier keep up with. Given aggressiveness of deprecation in Github actions - that would break CI/CD - keeping up to date has more than passing importance. --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b918569536..bdf2670d48 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,3 +17,9 @@ updates: # Ignore all patch updates. - dependency-name: '*' update-types: ["version-update:semver-patch"] + +- package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every week + interval: "monthly" From c1007dd93a08dd084aed3f22fccf0545e5063b72 Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Thu, 22 Jun 2023 17:22:00 -0700 Subject: [PATCH 9/9] fixup! feat(deps): configure Dependabot for Github actions --- .github/dependabot.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bdf2670d48..e630c36215 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,5 +21,4 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - # Check for updates to GitHub Actions every week - interval: "monthly" + interval: monthly