From fe49d3d21aa1b17d96fe32db81d4e9b4b792cf72 Mon Sep 17 00:00:00 2001 From: Alex Gomez Date: Fri, 12 Dec 2025 12:35:40 +0100 Subject: [PATCH] chore(ci): update github actions and pin to commit hashes - Update actions/checkout to v6.0.1 - Update actions/setup-node to v6.0.0 - Update actions/github-script to v8.0.0 - Update ncipollo/release-action to v1.20.0 - Update crowdin/github-action to v2.12.0 - Pin all actions to commit SHAs for security --- .github/actions/build/action.yml | 2 +- .github/actions/cypress/action.yml | 2 +- .github/workflows/build-fork.yml | 2 +- .github/workflows/build-test-deploy-dev.yml | 12 ++++++------ .github/workflows/build-test-deploy.yml | 14 +++++++------- .github/workflows/crowdin-download.yml | 6 +++--- .github/workflows/crowdin-upload.yml | 6 +++--- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/i18n-check.yml | 2 +- .github/workflows/test-deploy-fork.yml | 18 +++++++++--------- .github/workflows/update-prod-staging.yml | 4 ++-- 11 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 6edad750e1..700c8f9390 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -45,7 +45,7 @@ inputs: runs: using: 'composite' steps: - - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # v3.4.1 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version-file: '.nvmrc' cache: 'yarn' diff --git a/.github/actions/cypress/action.yml b/.github/actions/cypress/action.yml index 31e5838e81..a435f4936a 100644 --- a/.github/actions/cypress/action.yml +++ b/.github/actions/cypress/action.yml @@ -16,7 +16,7 @@ inputs: runs: using: 'composite' steps: - - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # v3.4.1 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version-file: '.nvmrc' cache: 'yarn' diff --git a/.github/workflows/build-fork.yml b/.github/workflows/build-fork.yml index 0f8ee0b92b..359a27a289 100644 --- a/.github/workflows/build-fork.yml +++ b/.github/workflows/build-fork.yml @@ -14,7 +14,7 @@ jobs: if: | # check if PR opened from fork github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name || contains(github.head_ref, 'dependabot') steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/build-test-deploy-dev.yml b/.github/workflows/build-test-deploy-dev.yml index 321d24b560..30a51d98b8 100644 --- a/.github/workflows/build-test-deploy-dev.yml +++ b/.github/workflows/build-test-deploy-dev.yml @@ -23,7 +23,7 @@ jobs: - name: 'out_cypress' cypress_enabled: 'true' steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: - gnosis - bnb steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: download build uses: actions/download-artifact@v4 @@ -92,7 +92,7 @@ jobs: needs: - build steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: download build uses: actions/download-artifact@v4 @@ -134,7 +134,7 @@ jobs: - ethereum - base steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress @@ -159,7 +159,7 @@ jobs: - widgets - general steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml index ff0738a709..e7c84ced8d 100644 --- a/.github/workflows/build-test-deploy.yml +++ b/.github/workflows/build-test-deploy.yml @@ -23,7 +23,7 @@ jobs: - name: 'out_cypress' cypress_enabled: 'true' steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -49,7 +49,7 @@ jobs: if: | github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -81,7 +81,7 @@ jobs: - gnosis - bnb steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress @@ -95,7 +95,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: download build uses: actions/download-artifact@v4 @@ -118,7 +118,7 @@ jobs: outputs: pinata_hash: '${{ steps.pinata.outputs.hash }}' steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: download build uses: actions/download-artifact@v4 @@ -151,7 +151,7 @@ jobs: - ethereum - base steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress @@ -176,7 +176,7 @@ jobs: - widgets - general steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress diff --git a/.github/workflows/crowdin-download.yml b/.github/workflows/crowdin-download.yml index dd42b77687..072bf63ef4 100644 --- a/.github/workflows/crowdin-download.yml +++ b/.github/workflows/crowdin-download.yml @@ -17,17 +17,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_TOKEN }} - - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # v3.4.1 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version-file: '.nvmrc' cache: 'yarn' - name: crowdin action - uses: crowdin/github-action@97aa99cbebfe99b964e3521e6421c1518146d4b9 # v1.4.12 + uses: crowdin/github-action@60debf382ee245b21794321190ad0501db89d8c1 # v2.13.0 with: project_id: 502668 token: ${{ secrets.CROWDIN_TOKEN }} diff --git a/.github/workflows/crowdin-upload.yml b/.github/workflows/crowdin-upload.yml index 5ebbd717a3..aa23096a95 100644 --- a/.github/workflows/crowdin-upload.yml +++ b/.github/workflows/crowdin-upload.yml @@ -13,15 +13,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # v3.4.1 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version-file: '.nvmrc' cache: 'yarn' - name: Synchronize - uses: crowdin/github-action@97aa99cbebfe99b964e3521e6421c1518146d4b9 # v1.4.12 + uses: crowdin/github-action@60debf382ee245b21794321190ad0501db89d8c1 # v2.13.0 with: upload_sources: true download_translations: false diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 078574c42b..b6fa411fd3 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 with: comment-summary-in-pr: on-failure fail-on-severity: moderate diff --git a/.github/workflows/i18n-check.yml b/.github/workflows/i18n-check.yml index 01e55df016..5290276eec 100644 --- a/.github/workflows/i18n-check.yml +++ b/.github/workflows/i18n-check.yml @@ -14,7 +14,7 @@ jobs: i18n-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: i18n compile uses: ./.github/actions/build diff --git a/.github/workflows/test-deploy-fork.yml b/.github/workflows/test-deploy-fork.yml index f6a26304a8..7a5639b2df 100644 --- a/.github/workflows/test-deploy-fork.yml +++ b/.github/workflows/test-deploy-fork.yml @@ -34,7 +34,7 @@ jobs: echo "::set-output name=pr_number::$(cat NUM | tr -dc '[:digit:]')" - name: Link this CI run to PR - uses: actions/github-script@100527700e8b29ca817ac0e0dfbfc5e8ff38edda # v6.1.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: PR_NUMBER: ${{ steps.get_pr_number.outputs.pr_number }} with: @@ -52,7 +52,7 @@ jobs: env: PR_NUMBER: ${{ needs.prepare_jobs.outputs.pr_number }} steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -75,7 +75,7 @@ jobs: - gnosis - bnb steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress @@ -93,7 +93,7 @@ jobs: env: PR_NUMBER: ${{ needs.prepare_jobs.outputs.pr_number }} steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -126,7 +126,7 @@ jobs: infuraProjectSecret: ${{ secrets.INFURA_PROJECT_SECRET }} - name: 'Comment on PR' - uses: actions/github-script@100527700e8b29ca817ac0e0dfbfc5e8ff38edda # v6.1.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | await github.rest.issues.createComment({ @@ -148,7 +148,7 @@ jobs: - ethereum - base steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress @@ -169,7 +169,7 @@ jobs: - governance-stake - widgets steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run tests uses: ./.github/actions/cypress @@ -190,7 +190,7 @@ jobs: env: PR_NUMBER: ${{ needs.prepare_jobs.outputs.pr_number }} steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Comment uses: ./.github/actions/fork-result-comment @@ -219,7 +219,7 @@ jobs: env: PR_NUMBER: ${{ needs.prepare_jobs.outputs.pr_number }} steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Comment uses: ./.github/actions/fork-result-comment diff --git a/.github/workflows/update-prod-staging.yml b/.github/workflows/update-prod-staging.yml index b31c66178d..a9048eb769 100644 --- a/.github/workflows/update-prod-staging.yml +++ b/.github/workflows/update-prod-staging.yml @@ -19,7 +19,7 @@ jobs: name: ${{ matrix.environment.name }} url: https://${{ matrix.environment.domain }} steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: download build uses: actions/download-artifact@v4 @@ -43,7 +43,7 @@ jobs: echo "TAG=release-$(date '+%Y-%m-%d_%H-%M')" >> ${GITHUB_ENV} - name: Create GH release - uses: ncipollo/release-action@4c75f0f2e4ae5f3c807cf0904605408e319dcaac # v1.10.0 + uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: name: Production release artifacts: app.tar.gz