From 9908b014f97462fdbb794589cbe319b192b43a88 Mon Sep 17 00:00:00 2001 From: Laura Whitaker Date: Tue, 28 Apr 2026 11:02:50 -0600 Subject: [PATCH 1/4] Upgrade gh actions --- .github/actions/setup-node/action.yml | 6 +++--- .github/workflows/chromatic.yml | 4 ++-- .github/workflows/claude.yml | 2 +- .github/workflows/danger.yml | 6 +++--- .github/workflows/design-feedback-notify.yml | 2 +- .github/workflows/lint-and-test.yml | 6 +++--- .github/workflows/playwright.yml | 10 +++++----- .github/workflows/release-draft.yml | 15 +++++++-------- .github/workflows/release-published.yml | 8 ++++---- .github/workflows/test.yml | 4 ++-- .github/workflows/trigger-downstream-updates.yml | 6 +++--- .github/workflows/version-bump.yml | 8 ++++---- 12 files changed, 38 insertions(+), 39 deletions(-) diff --git a/.github/actions/setup-node/action.yml b/.github/actions/setup-node/action.yml index e71dad4716..eac9e66a96 100644 --- a/.github/actions/setup-node/action.yml +++ b/.github/actions/setup-node/action.yml @@ -5,12 +5,12 @@ runs: using: 'composite' steps: - name: Setup pnpm - uses: pnpm/action-setup@v4.0.0 + uses: pnpm/action-setup@v5 with: run_install: false - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: 22 registry-url: 'https://registry.npmjs.org' @@ -22,7 +22,7 @@ runs: run: | echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - - uses: actions/cache@v3 + - uses: actions/cache@v5 name: Setup pnpm cache with: path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 57aa5898af..502839e4c2 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -17,13 +17,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Run Chromatic - uses: chromaui/action@latest + uses: chromaui/action@v1 with: projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} autoAcceptChanges: 'main' diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 7361a79521..02c6345ed0 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -31,7 +31,7 @@ jobs: actions: read # Required for Claude to read CI results on PRs steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index f9738e119f..aad804b8e2 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -16,7 +16,7 @@ jobs: danger: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 @@ -25,9 +25,9 @@ jobs: - name: Generate token for Danger id: generate_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} owner: temporalio repositories: ui diff --git a/.github/workflows/design-feedback-notify.yml b/.github/workflows/design-feedback-notify.yml index 717a86418b..d8d8366e7f 100644 --- a/.github/workflows/design-feedback-notify.yml +++ b/.github/workflows/design-feedback-notify.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Notify Slack - uses: slackapi/slack-github-action@v2 + uses: slackapi/slack-github-action@v3 env: PR_TITLE: ${{ github.event.pull_request.title }} PR_URL: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index bcc5eb516e..d77d1933dc 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -26,7 +26,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Lint @@ -34,7 +34,7 @@ jobs: check-types: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Check Types @@ -42,7 +42,7 @@ jobs: unit-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Run Unit Tests diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 2a675e1c45..852277c5b0 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -23,14 +23,14 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Install Playwright Browsers run: pnpm exec playwright install --with-deps - name: Run Integration tests run: pnpm test:integration - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 if: always() with: name: playwright-report-integration @@ -42,14 +42,14 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: true - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Build UI run: pnpm build:server - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v6 with: go-version-file: server/go.mod cache-dependency-path: server/go.sum @@ -62,7 +62,7 @@ jobs: run: pnpm exec playwright install --with-deps - name: Run E2E tests run: pnpm test:e2e - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 if: always() with: name: playwright-report-e2e diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index d86f37577f..9f0f2a183f 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -19,15 +19,15 @@ jobs: steps: - name: Prepare dispatch token id: dispatch_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} permission-contents: write repositories: ${{ vars.DOWNSTREAM_REPO }} - name: Trigger ui-server workflow - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ steps.dispatch_token.outputs.token }} repository: ${{ vars.DOWNSTREAM_ORG }}/${{ vars.DOWNSTREAM_REPO }} @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 fetch-tags: true @@ -67,14 +67,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Create release draft - uses: release-drafter/release-drafter@v6 + uses: release-drafter/release-drafter@v7 with: version: ${{ needs.check_version_change.outputs.current-version }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} skip_notification: needs: check_version_change diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index 99c2a57e4d..6332dec906 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -14,7 +14,7 @@ jobs: create_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Validate release version id: validate-release @@ -41,15 +41,15 @@ jobs: - name: Prepare dispatch token id: dispatch_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} permission-contents: write repositories: ${{ vars.DOWNSTREAM_REPO }} - name: Trigger ui-server workflow - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ steps.dispatch_token.outputs.token }} repository: ${{ vars.DOWNSTREAM_ORG }}/${{ vars.DOWNSTREAM_REPO }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e8e907cdf0..4e529e71b3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: true - name: Checkout and setup Node @@ -21,7 +21,7 @@ jobs: - name: Build UI run: pnpm build:server - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v6 with: go-version-file: server/go.mod cache-dependency-path: server/go.sum diff --git a/.github/workflows/trigger-downstream-updates.yml b/.github/workflows/trigger-downstream-updates.yml index a78984de12..154d42561a 100644 --- a/.github/workflows/trigger-downstream-updates.yml +++ b/.github/workflows/trigger-downstream-updates.yml @@ -24,13 +24,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Generate token for cross-repo access id: generate_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} owner: temporalio repositories: cloud-ui,ui,pack-dependency-actions diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 78fc79d165..55fff3ae51 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 @@ -140,9 +140,9 @@ jobs: - name: Generate token for cross-repo access id: generate_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} owner: temporalio repositories: ui @@ -150,7 +150,7 @@ jobs: - name: Create Pull Request if: inputs.mode != 'dry-run' && steps.calculate-version.outputs.version-changed == 'true' id: create-pr - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@v8 with: token: ${{ steps.generate_token.outputs.token }} branch: version-bump-${{ steps.calculate-version.outputs.new-version }} From 5d43dcc9eee336fde7cee6bdba68234631bb9c89 Mon Sep 17 00:00:00 2001 From: Laura Whitaker Date: Tue, 28 Apr 2026 11:03:22 -0600 Subject: [PATCH 2/4] Replace archived gh action --- .github/workflows/release-published.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index 6332dec906..fa4ea38b7a 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -30,14 +30,11 @@ jobs: uses: ./.github/actions/build-and-package - name: upload package artifact - uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ github.event.release.upload_url }} - asset_path: ${{ steps.build-package.outputs.package-path }} - asset_name: temporal-ui-package.tar.gz - asset_content_type: application/gzip + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release upload "${{ github.event.release.tag_name }}" \ + "${{ steps.build-package.outputs.package-path }}#temporal-ui-package.tar.gz" - name: Prepare dispatch token id: dispatch_token From c5776737c52a85c6a625d8b1894e6df1310c2a38 Mon Sep 17 00:00:00 2001 From: Laura Whitaker Date: Mon, 4 May 2026 17:18:47 -0700 Subject: [PATCH 3/4] SHA-pin all third-party gh actions --- .github/actions/setup-node/action.yml | 6 +++--- .github/workflows/chromatic.yml | 2 +- .github/workflows/claude.yml | 2 +- .github/workflows/design-feedback-notify.yml | 2 +- .github/workflows/release-draft.yml | 4 ++-- .github/workflows/release-published.yml | 2 +- .github/workflows/version-bump.yml | 8 ++++---- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/actions/setup-node/action.yml b/.github/actions/setup-node/action.yml index eac9e66a96..21cabd2365 100644 --- a/.github/actions/setup-node/action.yml +++ b/.github/actions/setup-node/action.yml @@ -5,12 +5,12 @@ runs: using: 'composite' steps: - name: Setup pnpm - uses: pnpm/action-setup@v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 with: run_install: false - name: Install Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@v6 # v6.4.0 with: node-version: 22 registry-url: 'https://registry.npmjs.org' @@ -22,7 +22,7 @@ runs: run: | echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - - uses: actions/cache@v5 + - uses: actions/cache@v5 # v5.0.5 name: Setup pnpm cache with: path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 502839e4c2..a3aa40a2fd 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -23,7 +23,7 @@ jobs: - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Run Chromatic - uses: chromaui/action@v1 + uses: chromaui/action@c93e0bc3a63aa176e14a75b61a31847cbfdd341c # v11.27.0 with: projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} autoAcceptChanges: 'main' diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 02c6345ed0..b514977659 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -37,7 +37,7 @@ jobs: - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@v1 + uses: anthropics/claude-code-action@2cc1ac1331eac7a6a96d716dd204dd2888d0fcd2 # v1.0.112 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} track_progress: true diff --git a/.github/workflows/design-feedback-notify.yml b/.github/workflows/design-feedback-notify.yml index d8d8366e7f..5e86a0fe76 100644 --- a/.github/workflows/design-feedback-notify.yml +++ b/.github/workflows/design-feedback-notify.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Notify Slack - uses: slackapi/slack-github-action@v3 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 env: PR_TITLE: ${{ github.event.pull_request.title }} PR_URL: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index 9f0f2a183f..c26ac620dc 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -27,7 +27,7 @@ jobs: repositories: ${{ vars.DOWNSTREAM_REPO }} - name: Trigger ui-server workflow - uses: peter-evans/repository-dispatch@v4 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ steps.dispatch_token.outputs.token }} repository: ${{ vars.DOWNSTREAM_ORG }}/${{ vars.DOWNSTREAM_REPO }} @@ -70,7 +70,7 @@ jobs: uses: actions/checkout@v6 - name: Create release draft - uses: release-drafter/release-drafter@v7 + uses: release-drafter/release-drafter@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7.2.1 with: version: ${{ needs.check_version_change.outputs.current-version }} token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index fa4ea38b7a..a43d9c9066 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -46,7 +46,7 @@ jobs: repositories: ${{ vars.DOWNSTREAM_REPO }} - name: Trigger ui-server workflow - uses: peter-evans/repository-dispatch@v4 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ steps.dispatch_token.outputs.token }} repository: ${{ vars.DOWNSTREAM_ORG }}/${{ vars.DOWNSTREAM_REPO }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 55fff3ae51..6caefbe4d1 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -68,7 +68,7 @@ jobs: - name: Analyze merged PRs since last version id: analyze-prs if: inputs.mode == 'auto' || inputs.mode == 'dry-run' - uses: temporalio/pack-dependency-actions/analyze-commits-for-bump@v1 + uses: temporalio/pack-dependency-actions/analyze-commits-for-bump@bf23e855ebebec9a0be45eff67c88a4189210c55 # v1.5.0 with: from-ref: ${{ steps.last-tag.outputs.last-tag }} to-ref: HEAD @@ -81,7 +81,7 @@ jobs: - name: Generate changelog id: generate-changelog if: steps.last-tag.outputs.last-tag != '' - uses: temporalio/pack-dependency-actions/generate-changelog@v1 + uses: temporalio/pack-dependency-actions/generate-changelog@bf23e855ebebec9a0be45eff67c88a4189210c55 # v1.5.0 with: repository: ${{ github.repository }} from-sha: ${{ steps.last-tag.outputs.last-tag }} @@ -90,7 +90,7 @@ jobs: - name: Calculate new version id: calculate-version - uses: temporalio/pack-dependency-actions/calculate-semantic-version@v1 + uses: temporalio/pack-dependency-actions/calculate-semantic-version@bf23e855ebebec9a0be45eff67c88a4189210c55 # v1.5.0 with: current-version: ${{ steps.validate-sync.outputs.current-version }} bump-type: ${{ inputs.mode == 'manual' && inputs.version_type || steps.analyze-prs.outputs.bump-type }} @@ -150,7 +150,7 @@ jobs: - name: Create Pull Request if: inputs.mode != 'dry-run' && steps.calculate-version.outputs.version-changed == 'true' id: create-pr - uses: peter-evans/create-pull-request@v8 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ steps.generate_token.outputs.token }} branch: version-bump-${{ steps.calculate-version.outputs.new-version }} From 212b5926bff77010dc967c76d5a9120e2ded9cfd Mon Sep 17 00:00:00 2001 From: Laura Whitaker Date: Mon, 4 May 2026 17:27:40 -0700 Subject: [PATCH 4/4] SHA-pin all gh actions --- .github/actions/setup-node/action.yml | 4 ++-- .github/workflows/chromatic.yml | 2 +- .github/workflows/claude.yml | 2 +- .github/workflows/danger.yml | 4 ++-- .github/workflows/lint-and-test.yml | 6 +++--- .github/workflows/playwright.yml | 10 +++++----- .github/workflows/release-draft.yml | 6 +++--- .github/workflows/release-published.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- .github/workflows/trigger-downstream-updates.yml | 4 ++-- .github/workflows/version-bump.yml | 4 ++-- 11 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/actions/setup-node/action.yml b/.github/actions/setup-node/action.yml index 21cabd2365..f3fa210124 100644 --- a/.github/actions/setup-node/action.yml +++ b/.github/actions/setup-node/action.yml @@ -10,7 +10,7 @@ runs: run_install: false - name: Install Node.js - uses: actions/setup-node@v6 # v6.4.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 registry-url: 'https://registry.npmjs.org' @@ -22,7 +22,7 @@ runs: run: | echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - - uses: actions/cache@v5 # v5.0.5 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 name: Setup pnpm cache with: path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index a3aa40a2fd..1aac27707a 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Checkout and Setup Node diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index b514977659..837e877bbb 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -31,7 +31,7 @@ jobs: actions: read # Required for Claude to read CI results on PRs steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 1 diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index aad804b8e2..3ab6563b53 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -16,7 +16,7 @@ jobs: danger: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -25,7 +25,7 @@ jobs: - name: Generate token for Danger id: generate_token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index d77d1933dc..589943f208 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -26,7 +26,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Lint @@ -34,7 +34,7 @@ jobs: check-types: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Check Types @@ -42,7 +42,7 @@ jobs: unit-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Run Unit Tests diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 852277c5b0..aea21cee89 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -23,14 +23,14 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Install Playwright Browsers run: pnpm exec playwright install --with-deps - name: Run Integration tests run: pnpm test:integration - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: playwright-report-integration @@ -42,14 +42,14 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: true - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Build UI run: pnpm build:server - - uses: actions/setup-go@v6 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: server/go.mod cache-dependency-path: server/go.sum @@ -62,7 +62,7 @@ jobs: run: pnpm exec playwright install --with-deps - name: Run E2E tests run: pnpm test:e2e - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: playwright-report-e2e diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index c26ac620dc..e23613abe0 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Prepare dispatch token id: dispatch_token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 fetch-tags: true @@ -67,7 +67,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create release draft uses: release-drafter/release-drafter@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7.2.1 diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index a43d9c9066..a9a0803fc3 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -14,7 +14,7 @@ jobs: create_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Validate release version id: validate-release @@ -38,7 +38,7 @@ jobs: - name: Prepare dispatch token id: dispatch_token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4e529e71b3..34b59bca9d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: true - name: Checkout and setup Node @@ -21,7 +21,7 @@ jobs: - name: Build UI run: pnpm build:server - - uses: actions/setup-go@v6 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: server/go.mod cache-dependency-path: server/go.sum diff --git a/.github/workflows/trigger-downstream-updates.yml b/.github/workflows/trigger-downstream-updates.yml index 154d42561a..6760539556 100644 --- a/.github/workflows/trigger-downstream-updates.yml +++ b/.github/workflows/trigger-downstream-updates.yml @@ -24,11 +24,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Generate token for cross-repo access id: generate_token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 6caefbe4d1..3b83fe0874 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -140,7 +140,7 @@ jobs: - name: Generate token for cross-repo access id: generate_token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}