chore(ci): add actionlint (VIV-000)

.github/workflows/_build.yml

@@ -6,7 +6,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 

.github/workflows/_check-metadata.yml

@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
       contents: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           token: ${{ secrets.VNG_VVD_PAT }} # Use PAT to allow the action commit to trigger CI workflow again
           ref: ${{ github.head_ref }}
@@ -42,9 +42,9 @@ jobs:
       - name: Check Components Metadata
         id: diff
         run: |
-          echo 'DIFF_CONTENT<<EOF' >> $GITHUB_OUTPUT
-          git --no-pager diff --exit-code ./libs/components/metadata.json >> $GITHUB_OUTPUT || true
-          echo 'EOF' >> $GITHUB_OUTPUT
+          echo 'DIFF_CONTENT<<EOF' >> "$GITHUB_OUTPUT"
+          git --no-pager diff --exit-code ./libs/components/metadata.json >> "$GITHUB_OUTPUT" || true
+          echo 'EOF' >> "$GITHUB_OUTPUT"
 
           git --no-pager diff --exit-code ./libs/components/metadata.json
         continue-on-error: true

.github/workflows/_deploy-deno.yml

@@ -11,7 +11,7 @@ jobs:
       contents: read # Needed to clone the repository
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 

.github/workflows/_lint.yml

@@ -6,10 +6,15 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
+      - name: Lint workflow files
+        uses: docker://rhysd/actionlint:1.7.9
+        with:
+          args: -color
+
       - name: Cache turbo build setup
         uses: actions/cache@v4
         with:

.github/workflows/_publish-flutter.yml

@@ -25,13 +25,15 @@ on:
         required: true
       VNG_VVD_PAT:
         required: true
+      RELEASE_PLEASE_PAT:
+        required: true
 
 jobs:
   publish-flutter:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.sha }}
 
@@ -68,9 +70,9 @@ jobs:
 
       - name: Commit and push changes
         run: |
-          git clone https://github.x-access-token:${GITHUB_TOKEN}@github.com/Vonage/vivid-flutter-design-tokens.git deploy
+          git clone "https://github.x-access-token:${GITHUB_TOKEN}@github.com/Vonage/vivid-flutter-design-tokens.git" deploy
           cd deploy
-          rm -rf *
+          rm -rf -- *
           cp -R ../${{ github.event.inputs.path }}* .
           git add .
           git commit -m "Release v${{ github.event.inputs.version }}"

.github/workflows/_publish.yml

@@ -30,7 +30,7 @@ jobs:
   npm-publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.sha }}
 
@@ -75,14 +75,14 @@ jobs:
 
       - name: Publish to npm registry
         if: steps.check.outputs.published == 'false'
-        run: pnpm publish --no-git-checks --tag ${{ inputs.tag }} ${{ inputs.path }} --//registry.npmjs.org/:_authToken=$AUTH_TOKEN
+        run: pnpm publish --no-git-checks --tag ${{ inputs.tag }} ${{ inputs.path }} "--//registry.npmjs.org/:_authToken=$AUTH_TOKEN"
         env:
           AUTH_TOKEN: ${{ secrets.NPM_VVD_VNG_AUTOMATION_TOKEN }}
 
   github-publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.sha }}
 
@@ -120,7 +120,7 @@ jobs:
         run: |
           NAME=$(npm view ${{ inputs.path }} name)
           VERSION=$(npm view ${{ inputs.path }} version)
-          if npm view "$NAME@$VERSION" --registry=https://npm.pkg.github.com --//npm.pkg.github.com/:_authToken=$AUTH_TOKEN; then
+          if npm view "$NAME@$VERSION" --registry=https://npm.pkg.github.com "--//npm.pkg.github.com/:_authToken=$AUTH_TOKEN"; then
           echo "published=true" >> "$GITHUB_OUTPUT"
           else
           echo "published=false" >> "$GITHUB_OUTPUT"
@@ -130,6 +130,6 @@ jobs:
 
       - name: Publish to GitHub registry
         if: steps.check.outputs.published == 'false'
-        run: pnpm publish --no-git-checks --tag ${{ inputs.tag }} ${{ inputs.path }} --registry=https://npm.pkg.github.com --//npm.pkg.github.com/:_authToken=$AUTH_TOKEN
+        run: pnpm publish --no-git-checks --tag ${{ inputs.tag }} ${{ inputs.path }} --registry=https://npm.pkg.github.com "--//npm.pkg.github.com/:_authToken=$AUTH_TOKEN"
         env:
           AUTH_TOKEN: ${{ secrets.VNG_VVD_PAT }}

.github/workflows/_unit-test.yml

@@ -8,7 +8,7 @@ jobs:
     name: 'Unit Tests'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -31,10 +31,11 @@ jobs:
         run: pnpm install
 
       - name: Test
+        id: test
         run: pnpm run test
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           directory: ./coverage/

.github/workflows/codeql-analysis.yml

@@ -44,13 +44,13 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -61,7 +61,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -75,4 +75,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/pre-release.yml

@@ -26,7 +26,7 @@ jobs:
     outputs:
       version: ${{ steps.get-vivid-version.outputs.version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -37,11 +37,12 @@ jobs:
           node-version: '20'
 
       - name: get-vivid-version
+        id: get-vivid-version
         working-directory: ./libs/components
         run: |
           npm version ${{ github.event.inputs.change_type }} --no-git-tag-version
           VERSION=$(node -p "require('./package.json').version")-preview.${{ github.event.inputs.preview_version }}
-          echo "::set-output name=version::${VERSION}"
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
 
   vivid-publish:
     needs: get-version

.github/workflows/release-please.yml

@@ -44,7 +44,7 @@ jobs:
       # Whenever the components are released, also create a tag for the vivid-vue library
       - name: Create Vivid Vue Tag
         if: ${{ steps.release.outputs['libs/components--release_created'] }}
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         env:
           VIVID_VERSION: ${{ steps.release.outputs['libs/components--version'] }}
           VIVID_SHA: ${{ steps.release.outputs['libs/components--sha'] }}
@@ -78,8 +78,8 @@ jobs:
     steps:
       - id: should-release
         run: |
-          echo "::set-output name=should_release::${{ needs.release-please.outputs.vivid_release_created == 'true' || needs.release-please.outputs.eslint_plugin_release_created == 'true' || github.event.inputs.force-release == 'true' }}"
-          echo "::set-output name=release_sha::${{ needs.release-please.outputs.vivid_release_sha || needs.release-please.outputs.eslint_plugin_release_sha || github.event.pull_request.head.sha }}"
+          echo "should_release=${{ needs.release-please.outputs.vivid_release_created == 'true' || needs.release-please.outputs.eslint_plugin_release_created == 'true' || github.event.inputs.force-release == 'true' }}" >> "$GITHUB_OUTPUT"
+          echo "release_sha=${{ needs.release-please.outputs.vivid_release_sha || needs.release-please.outputs.eslint_plugin_release_sha || github.event.pull_request.head.sha }}" >> "$GITHUB_OUTPUT"
 
   vivid-publish:
     needs: should-release
@@ -100,7 +100,7 @@ jobs:
     secrets: inherit
 
   vivid-design-tokens-flutter-publish:
-    needs: should-release
+    needs: [should-release, release-please]
     if: ${{ needs.should-release.outputs.should_release == 'true' }}
     uses: ./.github/workflows/_publish-flutter.yml
     with:

.github/workflows/stale.yml

@@ -10,7 +10,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@v4
+      - uses: actions/stale@v9
         with:
           days-before-issue-stale: 30
           days-before-issue-close: 14