diff --git a/.github/workflows/build-sample-apps.yml b/.github/workflows/build-sample-apps.yml index 01197c7cb..bcc820e98 100644 --- a/.github/workflows/build-sample-apps.yml +++ b/.github/workflows/build-sample-apps.yml @@ -27,7 +27,7 @@ jobs: comment-id: ${{ steps.create-comment.outputs.comment-id }} steps: - name: Find existing PR comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 + uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0 id: existing-comment with: issue-number: ${{ github.event.pull_request.number }} @@ -35,7 +35,7 @@ jobs: body-includes: - name: Create or update comment - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 id: create-comment with: comment-id: ${{ steps.existing-comment.outputs.comment-id }} @@ -74,7 +74,7 @@ jobs: permissions: pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: ./.github/actions/generate-sdk-size-report id: generate-sdk-size-report @@ -83,7 +83,7 @@ jobs: - name: Find existing "SDK size reports" comment if: github.event_name == 'pull_request' - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 + uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0 id: find-sdk-size-report-comment with: issue-number: ${{ github.event.pull_request.number }} @@ -92,7 +92,7 @@ jobs: - name: Send SDK size reports to the PR if: github.event_name == 'pull_request' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: comment-id: ${{ steps.find-sdk-size-report-comment.outputs.comment-id }} issue-number: ${{ github.event.pull_request.number }} diff --git a/.github/workflows/check-api-breaking-changes.yml b/.github/workflows/check-api-breaking-changes.yml index 1db3b89a5..5494fc22e 100644 --- a/.github/workflows/check-api-breaking-changes.yml +++ b/.github/workflows/check-api-breaking-changes.yml @@ -10,7 +10,7 @@ jobs: check-api-breaking-changes: runs-on: macos-14 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: customerio/mobile-ci-tools/github-actions/ios/setup-ios/v1@main @@ -18,7 +18,7 @@ jobs: run: brew install sourcekitten - name: Setup Ruby - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1.229.0 + uses: ruby/setup-ruby@ab177d40ee5483edb974554986f56b33477e21d0 # v1.265.0 with: ruby-version: '3.2' bundler-cache: false # we don't need bundler for this workflow diff --git a/.github/workflows/deploy-sdk.yml b/.github/workflows/deploy-sdk.yml index 53fb9b9b2..dd4a1c5ec 100644 --- a/.github/workflows/deploy-sdk.yml +++ b/.github/workflows/deploy-sdk.yml @@ -26,7 +26,7 @@ jobs: sdk-size-report: ${{ steps.generate-sdk-size-report.outputs.sdk-size-report }} sdk-size-including-dependencies-report: ${{ steps.generate-sdk-size-report.outputs.sdk-size-including-dependencies-report }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: ./.github/actions/generate-sdk-size-report id: generate-sdk-size-report @@ -42,7 +42,7 @@ jobs: new_release_published: ${{ steps.semantic-release.outputs.new_release_published }} new_release_version: ${{ steps.semantic-release.outputs.new_release_version }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # CLI to replace strings in files. The CLI recommends using `cargo install` which is slow. This Action is fast because it downloads pre-built binaries. # If using sd on macos, "brew install" works great. for Linux, this is the recommended way. @@ -82,7 +82,7 @@ jobs: # 2. Updates metadata files. Such as updating the version number in package.json and adding entries to CHANGELOG.md file. # 3. Create git tag and push it to github. - name: Deploy git tag via semantic-release - uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0 + uses: cycjimmy/semantic-release-action@ba330626c4750c19d8299de843f05c7aa5574f62 # v5.0.2 id: semantic-release with: # version numbers below can be in many forms: M, M.m, M.m.p @@ -98,7 +98,7 @@ jobs: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} - name: Notify team of git tag being created - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 if: steps.semantic-release.outputs.new_release_published == 'true' # only run if a git tag was made. with: # Use block kit for format of the JSON payloads: https://app.slack.com/block-kit-builder @@ -135,7 +135,7 @@ jobs: SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Notify team of failure - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 if: ${{ failure() }} # only run this if any previous step failed with: # Use block kit for format of the JSON payloads: https://app.slack.com/block-kit-builder @@ -181,13 +181,13 @@ jobs: runs-on: macos-14 steps: - name: Checkout git tag that got created in previous step - uses: actions/checkout@v4 + uses: actions/checkout@v5 if: ${{ needs.deploy-git-tag.outputs.new_release_published == 'true' }} with: ref: ${{ needs.deploy-git-tag.outputs.new_release_git_head }} - name: Checkout git tag that was previously created - uses: actions/checkout@v4 + uses: actions/checkout@v5 if: ${{ github.event_name == 'workflow_dispatch' }} with: ref: ${{ inputs.existing-git-tag }} @@ -225,7 +225,7 @@ jobs: run: ./scripts/push-cocoapod.sh CustomerIO.podspec - name: Notify team of successful deployment - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 if: ${{ success() }} with: # Use block kit for format of the JSON payloads: https://app.slack.com/block-kit-builder @@ -262,7 +262,7 @@ jobs: SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Notify team of failure - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 if: ${{ failure() }} # only run this if any previous step failed with: # Use block kit for format of the JSON payloads: https://app.slack.com/block-kit-builder diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml index d6bfb0585..48f29fc6d 100644 --- a/.github/workflows/pr-review.yml +++ b/.github/workflows/pr-review.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest name: Danger steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run danger run: npx danger@11 ci --dangerfile dangerfile.js env: diff --git a/.github/workflows/reusable_build_sample_apps.yml b/.github/workflows/reusable_build_sample_apps.yml index 73312d572..59df88a33 100644 --- a/.github/workflows/reusable_build_sample_apps.yml +++ b/.github/workflows/reusable_build_sample_apps.yml @@ -66,7 +66,7 @@ jobs: steps: - name: Check out code (with full history for tags) - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0