diff --git a/.github/workflows/binary-validator.yml b/.github/workflows/binary-validator.yml index 35d2cfd42..e7ac28d2a 100644 --- a/.github/workflows/binary-validator.yml +++ b/.github/workflows/binary-validator.yml @@ -7,7 +7,7 @@ jobs: name: API check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: ./.github/actions/setup-android - name: API check run: ./gradlew apiCheck \ No newline at end of file diff --git a/.github/workflows/build-sample-apps.yml b/.github/workflows/build-sample-apps.yml index 646a8698c..724263d5e 100644 --- a/.github/workflows/build-sample-apps.yml +++ b/.github/workflows/build-sample-apps.yml @@ -21,7 +21,7 @@ jobs: comment-id: ${{ steps.create-comment.outputs.comment-id }} steps: - name: Find Comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 + uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0 id: existing-comment with: issue-number: ${{ github.event.pull_request.number }} @@ -29,7 +29,7 @@ jobs: body-includes: - name: Create or update comment - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 id: create-comment with: comment-id: ${{ steps.existing-comment.outputs.comment-id }} diff --git a/.github/workflows/deploy-sdk.yml b/.github/workflows/deploy-sdk.yml index 033478d38..7e82b44f8 100644 --- a/.github/workflows/deploy-sdk.yml +++ b/.github/workflows/deploy-sdk.yml @@ -19,10 +19,10 @@ jobs: new_release_published: ${{ steps.semantic-release.outputs.new_release_published }} new_release_version: ${{ steps.semantic-release.outputs.new_release_version }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 # If using sd on macos, "brew install" works great. for Linux, this is the recommended way. - name: Install sd CLI to use later in the workflow - uses: kenji-miyake/setup-sd@08c14e27d65a1c215342ef00c81583ae67f4c5ef # v2.0.0 + uses: kenji-miyake/setup-sd@f4181660873fa5814708e1c0a640d8e9975a4ae5 # v2.0.0 # Setup Android SDK as it's needed to generate the SDK size report. - name: Setup Android SDK @@ -54,7 +54,7 @@ jobs: # 2. Updates metadata files. Such as updating the version number in package.json and adding entries to CHANGELOG.md file. # 3. Create git tag and push it to github. - name: Deploy git tag via semantic-release - uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0 + uses: cycjimmy/semantic-release-action@b12c8f6015dc215fe37bc154d4ad456dd3833c90 # v6.0.0 id: semantic-release with: dry_run: false @@ -68,7 +68,7 @@ jobs: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} - name: Notify team of git tag being created - uses: slackapi/slack-github-action@71c4f79cb8ada5ed920ec668b73f8530444a133b # v2.0.0-rc.3 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.0.0-rc.3 if: steps.semantic-release.outputs.new_release_published == 'true' # only run if a git tag was made. with: webhook: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }} @@ -107,7 +107,7 @@ jobs: SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Notify team of failure - uses: slackapi/slack-github-action@71c4f79cb8ada5ed920ec668b73f8530444a133b # v2.0.0-rc.3 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.0.0-rc.3 if: ${{ failure() }} # only run this if any previous step failed with: webhook: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }} @@ -152,7 +152,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout git tag that got created in previous step - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ needs.deploy-git-tag.outputs.new_release_version }} - uses: ./.github/actions/setup-android @@ -167,7 +167,7 @@ jobs: SONATYPE_STAGING_PROFILE_ID: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }} - name: Notify team of successful deployment - uses: slackapi/slack-github-action@71c4f79cb8ada5ed920ec668b73f8530444a133b # v2.0.0-rc.3 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.0.0-rc.3 if: ${{ success() }} with: webhook: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }} @@ -206,7 +206,7 @@ jobs: SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Notify team of failure - uses: slackapi/slack-github-action@71c4f79cb8ada5ed920ec668b73f8530444a133b # v2.0.0-rc.3 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.0.0-rc.3 if: ${{ failure() }} # only run this if any previous step failed with: webhook: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b5c71542d..158683352 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,14 +10,14 @@ jobs: module: [core, datapipelines, messagingpush, messaginginapp, tracking-migration] # android modules name: Android Lint (${{ matrix.module }}) steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: ./.github/actions/setup-android - name: Run lint (${{ matrix.module }}) run: ./gradlew :${{ matrix.module }}:lintDebug - name: Parse lint results (${{ matrix.module }}) - uses: yutailang0119/action-android-lint@bd0b5a7d2cc453d16080b90e2a975d4af4aa9588 # v4.0.0 + uses: yutailang0119/action-android-lint@8345a8dece583030445b0b5f9611209431d601c4 # v5.0.0 with: report-path: ${{ matrix.module }}/build/reports/lint-results-debug.xml if: ${{ always() }} # if running tests fails, we still want to parse the test results @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest name: Kotlin Lint steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: ./.github/actions/setup-android - name: Install and run ktlint diff --git a/.github/workflows/manual-deployment.yml b/.github/workflows/manual-deployment.yml index f90d4bb68..cd3ab1b85 100644 --- a/.github/workflows/manual-deployment.yml +++ b/.github/workflows/manual-deployment.yml @@ -10,7 +10,7 @@ jobs: name: Deploy SDK to Maven Central runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: main fetch-depth: 0 # fetches all history for all tags and branches @@ -36,7 +36,7 @@ jobs: SONATYPE_STAGING_PROFILE_ID: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }} - name: Notify team of successful deployment - uses: slackapi/slack-github-action@71c4f79cb8ada5ed920ec668b73f8530444a133b # v2.0.0-rc.3 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.0.0-rc.3 if: ${{ success() }} with: payload: | @@ -69,7 +69,7 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Notify team of failure - uses: slackapi/slack-github-action@71c4f79cb8ada5ed920ec668b73f8530444a133b # v2.0.0-rc.3 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.0.0-rc.3 if: ${{ failure() }} with: payload: | diff --git a/.github/workflows/reusable_build_sample_apps.yml b/.github/workflows/reusable_build_sample_apps.yml index a9cf49bf0..bb87c6f2e 100644 --- a/.github/workflows/reusable_build_sample_apps.yml +++ b/.github/workflows/reusable_build_sample_apps.yml @@ -37,7 +37,7 @@ jobs: pull-requests: write # comment on pull request with build information steps: - name: Check out code with conditional fetch-depth - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Workaround for bug https://github.com/actions/checkout/issues/1471 @@ -80,10 +80,10 @@ jobs: # CLI to replace strings in files. The CLI recommends using `cargo install` which is slow. This Action is fast because it downloads pre-built binaries. # If using sd on macos, "brew install" works great. for Linux, this is the recommended way. - name: Install sd CLI to use later in the workflow - uses: kenji-miyake/setup-sd@08c14e27d65a1c215342ef00c81583ae67f4c5ef # v2.0.0 + uses: kenji-miyake/setup-sd@f4181660873fa5814708e1c0a640d8e9975a4ae5 # v2.0.0 - name: Install tools from Gemfile (ruby language) used for building our apps with - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1.229.0 + uses: ruby/setup-ruby@8aeb6ff8030dd539317f8e1769a044873b56ea71 # v1.268.0 with: ruby-version: '3.0' bundler-cache: true # cache tools to make builds faster in future @@ -178,7 +178,7 @@ jobs: - name: Update sample builds PR comment with build information if: ${{ github.event_name == 'pull_request' }} - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: comment-id: ${{ needs.update-pr-comment.outputs.comment-id }} issue-number: ${{ github.event.pull_request.number }} @@ -189,7 +189,7 @@ jobs: - name: Update sample builds PR comment with build failure message if: ${{ failure() }} - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: comment-id: ${{ needs.update-pr-comment.outputs.comment-id }} issue-number: ${{ github.event.pull_request.number }} diff --git a/.github/workflows/sdk-binary-size.yml b/.github/workflows/sdk-binary-size.yml index b84bdc37e..23cbddabe 100644 --- a/.github/workflows/sdk-binary-size.yml +++ b/.github/workflows/sdk-binary-size.yml @@ -7,13 +7,13 @@ jobs: name: Generate Comparison Report runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Android SDK uses: ./.github/actions/setup-android - name: Checkout base branch - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.base_ref }} @@ -26,16 +26,16 @@ jobs: IS_DEVELOPMENT: 'true' - name: Upload report for base branch - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: generated-report-base-sdk-binary-size.json path: build/sdk-binary-size.json - name: Checkout to head branch - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Download report for base branch - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v6 with: name: generated-report-base-sdk-binary-size.json path: gh-artifacts/base @@ -49,7 +49,7 @@ jobs: IS_DEVELOPMENT: 'true' - name: Find old comment to update comment for - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 + uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0 id: find-previous-comment with: issue-number: ${{ github.event.pull_request.number }} @@ -57,7 +57,7 @@ jobs: body-includes: SDK Binary Size Comparison - name: Add or Update PR Comment with SDK Size Comparison Report - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: comment-id: ${{ steps.find-previous-comment.outputs.comment-id }} issue-number: ${{ github.event.pull_request.number }} diff --git a/.github/workflows/snapshot-release.yml b/.github/workflows/snapshot-release.yml index f484b5bd9..7ce33b8bd 100644 --- a/.github/workflows/snapshot-release.yml +++ b/.github/workflows/snapshot-release.yml @@ -13,7 +13,7 @@ jobs: snapshot_version: ${{ steps.set-snapshot-version.outputs.VERSION }} steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - uses: ./.github/actions/setup-android # Using branch name for name of snapshot. Makes it easy to remember and can easily trigger new builds of Remote Habits. @@ -37,7 +37,7 @@ jobs: SNAPSHOT: true - name: Find old comment to update comment for - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 + uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0 id: find-previous-comment with: issue-number: ${{ github.event.pull_request.number }} @@ -45,7 +45,7 @@ jobs: body-includes: Build available to test - name: Inform pull request on build of SDK available to test - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: comment-id: ${{ steps.find-previous-comment.outputs.comment-id }} issue-number: ${{ github.event.pull_request.number }} @@ -100,14 +100,14 @@ jobs: gradle-version: "8.9" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 # If using sd on macos, "brew install" works great. for Linux, this is the recommended way. - name: Install sd CLI to use later in the workflow - uses: kenji-miyake/setup-sd@08c14e27d65a1c215342ef00c81583ae67f4c5ef # v2.0.0 + uses: kenji-miyake/setup-sd@f4181660873fa5814708e1c0a640d8e9975a4ae5 # v2.0.0 - name: Install tools from Gemfile (ruby language) used for building our apps with - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1.229.0 + uses: ruby/setup-ruby@8aeb6ff8030dd539317f8e1769a044873b56ea71 # v1.268.0 with: ruby-version: '3.0' bundler-cache: true @@ -128,7 +128,7 @@ jobs: --gradleVersion ${{ matrix.gradle-version }} - name: Install Java - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: "temurin" java-version: "17" @@ -147,10 +147,10 @@ jobs: ${{ runner.os }}-gradle-${{ matrix.gradle-version }}- - name: Verify gradle scripts are valid gradle scripts - uses: gradle/actions/wrapper-validation@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.3.1 + uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v4.3.1 - name: Set up Gradle Version ${{ matrix.gradle-version }} - uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.3.1 + uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v4.3.1 with: gradle-version: ${{ matrix.gradle-version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4aa6214b4..50f65ce8c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,12 +12,12 @@ jobs: module: [messagingpush, messaginginapp, base, datapipelines, core, tracking-migration] name: Unit tests (${{ matrix.module }}) steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: ./.github/actions/setup-android - name: Run unit tests (${{ matrix.module }}) run: ./gradlew :${{ matrix.module }}:runJacocoTestReport - name: Upload code coverage report - uses: codecov/codecov-action@e96185f4044c2f0cedf0f022454acf9811cf8057 # v5.4.0 + uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_UPLOAD_TOKEN }} with: @@ -25,7 +25,7 @@ jobs: verbose: true files: ./${{ matrix.module }}/build/reports/jacoco/test/jacocoTestReport.xml,./${{ matrix.module }}/build/reports/jacoco/runJacocoTestReport/runJacocoTestReport.xml - name: Publish test results (${{ matrix.module }}) - uses: mikepenz/action-junit-report@cf701569b05ccdd861a76b8607a66d76f6fd4857 # v5.5.1 + uses: mikepenz/action-junit-report@e08919a3b1fb83a78393dfb775a9c37f17d8eea6 # v6.0.1 with: report_paths: '**/build/test-results/test*/TEST-*.xml' fail_on_failure: true @@ -41,11 +41,11 @@ jobs: sample: [kotlin_compose, java_layout] api-level: [31] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: ./.github/actions/setup-android - name: Gradle cache - uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.3.1 + uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v4.3.1 continue-on-error: true timeout-minutes: 5 with: @@ -71,7 +71,7 @@ jobs: # Create AVD and generate snapshot for caching - name: Create AVD and generate snapshot if: steps.avd-cache.outputs.cache-hit != 'true' - uses: reactivecircus/android-emulator-runner@324029e2f414c084d8b15ba075288885e74aef9c # v2.34.0 + uses: reactivecircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # v2.34.0 with: api-level: ${{ matrix.api-level }} arch: x86_64 @@ -84,7 +84,7 @@ jobs: # Run the actual tests - name: Run instrumentation tests - uses: reactivecircus/android-emulator-runner@324029e2f414c084d8b15ba075288885e74aef9c # v2.34.0 + uses: reactivecircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # v2.34.0 with: api-level: ${{ matrix.api-level }} arch: x86_64 @@ -97,7 +97,7 @@ jobs: script: ./gradlew :samples:${{ matrix.sample }}:connectedDebugAndroidTest --no-daemon --stacktrace -PuseKsp=true - name: Publish test results - uses: mikepenz/action-junit-report@cf701569b05ccdd861a76b8607a66d76f6fd4857 # v5.5.1 + uses: mikepenz/action-junit-report@e08919a3b1fb83a78393dfb775a9c37f17d8eea6 # v6.0.1 if: always() with: report_paths: 'samples/${{ matrix.sample }}/build/outputs/androidTest-results/connected/TEST-*.xml' \ No newline at end of file