From 99a60b622c2c727f48dcb71177a7a80e32f2a5bd Mon Sep 17 00:00:00 2001 From: Salman Muin Kayser Chishti <13schishti@gmail.com> Date: Thu, 26 Feb 2026 21:11:01 +0000 Subject: [PATCH] Upgrade GitHub Actions for Node 24 compatibility Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com> --- .github/workflows/agentics-maintenance.yml | 10 +- .github/workflows/bot-detection.md | 2 +- .github/workflows/ci.yml | 110 +++++++++--------- .github/workflows/codeql.yml | 4 +- .github/workflows/copilot-maintenance.yml | 2 +- .github/workflows/copilot-setup-steps.yml | 6 +- .github/workflows/copilot.yml | 4 +- .../workflows/daily-syntax-error-quality.md | 2 +- .github/workflows/docs.yml | 6 +- .github/workflows/firewall-escape.md | 2 +- .github/workflows/format-and-commit.yml | 6 +- .github/workflows/go-logger.md | 4 +- .github/workflows/go-pattern-detector.md | 2 +- .github/workflows/hourly-ci-cleaner.md | 6 +- .github/workflows/install.yml | 6 +- .github/workflows/integration-agentics.yml | 4 +- .github/workflows/issue-monster.md | 2 +- .github/workflows/license-check.yml | 6 +- .github/workflows/link-check.yml | 2 +- .github/workflows/release.md | 10 +- .github/workflows/security-scan.yml | 10 +- .github/workflows/slide-deck-maintainer.md | 2 +- .github/workflows/super-linter.md | 6 +- .github/workflows/technical-doc-writer.md | 2 +- .../test-copilot-github-integration.yml | 4 +- .github/workflows/tidy.md | 4 +- .github/workflows/unbloat-docs.md | 4 +- .github/workflows/vet.yml | 2 +- 28 files changed, 115 insertions(+), 115 deletions(-) diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index 900e2c6b0ed..e666b3c3b0e 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -96,13 +96,13 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -137,10 +137,10 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -167,7 +167,7 @@ jobs: persist-credentials: false - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: '22' diff --git a/.github/workflows/bot-detection.md b/.github/workflows/bot-detection.md index 9a81ac0aaf6..f6ca637937c 100644 --- a/.github/workflows/bot-detection.md +++ b/.github/workflows/bot-detection.md @@ -31,7 +31,7 @@ jobs: steps: - name: Precompute deterministic findings id: precompute - uses: actions/github-script@v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: github-token: ${{ secrets.GH_AW_BOT_DETECTION_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e0d70e534e..7cda6979979 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,11 +21,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -145,7 +145,7 @@ jobs: # Coverage reports for recent builds only - 7 days is sufficient for debugging recent changes - name: Upload coverage report - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: coverage-report path: coverage.html @@ -153,7 +153,7 @@ jobs: - name: Upload unit test results if: always() # Upload even if tests fail so canary_go can track coverage - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: test-result-unit path: test-result-unit.json @@ -246,11 +246,11 @@ jobs: name: "Integration: ${{ matrix.test-group.name }}" steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -378,7 +378,7 @@ jobs: - name: Upload integration test results if: always() # Upload even if tests fail so canary_go can track coverage - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: test-result-integration-${{ matrix.test-group.name }} path: test-result-integration-*.json @@ -392,7 +392,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: List all tests in codebase run: | @@ -402,7 +402,7 @@ jobs: echo "Found $(wc -l < all-tests.txt) tests in codebase" - name: Download all test result artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v8.0.0 with: path: test-results pattern: test-result-* @@ -429,7 +429,7 @@ jobs: - name: Upload test coverage report if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: test-coverage-analysis path: | @@ -446,11 +446,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -511,10 +511,10 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node.js id: setup-node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24" cache: npm @@ -528,7 +528,7 @@ jobs: fi - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -546,7 +546,7 @@ jobs: run: make build - name: Upload Linux binary - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: gh-aw-linux-amd64 path: gh-aw @@ -566,11 +566,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -643,7 +643,7 @@ jobs: run: make test-wasm-golden - name: Set up Node.js - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: '20' @@ -656,7 +656,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check for ANSI escape sequences in YAML files run: | @@ -801,10 +801,10 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node.js id: setup-node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24" cache: npm @@ -835,11 +835,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node.js id: setup-node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24" cache: npm @@ -886,11 +886,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -945,7 +945,7 @@ jobs: # Benchmark results for performance trend analysis - 14 days allows comparison across multiple runs - name: Save benchmark results - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: benchmark-results path: bench_results.txt @@ -961,13 +961,13 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Fetch all history for incremental linting - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1056,11 +1056,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node.js id: setup-node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24" cache: npm @@ -1093,11 +1093,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1170,7 +1170,7 @@ jobs: echo "- v0.x exposure: ${V0_PERCENT}%" >> $GITHUB_STEP_SUMMARY - name: Upload audit results - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: dependency-audit path: | @@ -1187,11 +1187,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1247,11 +1247,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1357,7 +1357,7 @@ jobs: done - name: Upload fuzz test results - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: fuzz-results path: fuzz-results/ @@ -1372,11 +1372,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1441,11 +1441,11 @@ jobs: name: "Security Scan: ${{ matrix.tool.name }}" steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1498,11 +1498,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1597,11 +1597,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1774,11 +1774,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -1896,11 +1896,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -2027,7 +2027,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Safe Outputs Conformance Checker id: conformance @@ -2066,7 +2066,7 @@ jobs: - name: Upload conformance report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: safe-outputs-conformance-report path: conformance-output.txt @@ -2082,11 +2082,11 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go id: setup-go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b5af31d7153..f3ea00363ff 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL uses: github/codeql-action/init@4248455a6f2335bc3b7a8a62932f000050ec8f13 # v3 @@ -32,7 +32,7 @@ jobs: - name: Set up Go if: matrix.language == 'go' - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/copilot-maintenance.yml b/.github/workflows/copilot-maintenance.yml index 91dfe292888..aea849cea29 100644 --- a/.github/workflows/copilot-maintenance.yml +++ b/.github/workflows/copilot-maintenance.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # v4.2.2 with: fetch-depth: 0 # Fetch all history for all branches diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 0cc0ade0822..257715f9ef6 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -16,15 +16,15 @@ jobs: - name: Install gh-aw extension run: curl -fsSL https://raw.githubusercontent.com/github/gh-aw/refs/heads/main/install-gh-aw.sh | bash - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: cache: npm cache-dependency-path: actions/setup/js/package-lock.json node-version: "24" - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: cache: true go-version-file: go.mod diff --git a/.github/workflows/copilot.yml b/.github/workflows/copilot.yml index 6625e1fa091..73eb3f1bf5e 100644 --- a/.github/workflows/copilot.yml +++ b/.github/workflows/copilot.yml @@ -12,7 +12,7 @@ jobs: pull-requests: read steps: - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: '22' - name: Install GitHub Copilot CLI @@ -63,7 +63,7 @@ jobs: done - name: Upload execution logs if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: copilot-logs path: /tmp/logs/ diff --git a/.github/workflows/daily-syntax-error-quality.md b/.github/workflows/daily-syntax-error-quality.md index 6b82a6cdbbb..6c85cf6be31 100644 --- a/.github/workflows/daily-syntax-error-quality.md +++ b/.github/workflows/daily-syntax-error-quality.md @@ -33,7 +33,7 @@ timeout-minutes: 20 strict: true steps: - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 7990434b0e9..249a5b5df49 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -48,17 +48,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: '24' cache: 'npm' cache-dependency-path: 'docs/package-lock.json' - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/firewall-escape.md b/.github/workflows/firewall-escape.md index 44875827c69..8e1b4a849ef 100644 --- a/.github/workflows/firewall-escape.md +++ b/.github/workflows/firewall-escape.md @@ -63,7 +63,7 @@ jobs: issues: write steps: - name: Create issue on test failure - uses: actions/github-script@v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | await github.rest.issues.create({ diff --git a/.github/workflows/format-and-commit.yml b/.github/workflows/format-and-commit.yml index 6c337a56791..8dd485a13ce 100644 --- a/.github/workflows/format-and-commit.yml +++ b/.github/workflows/format-and-commit.yml @@ -19,14 +19,14 @@ jobs: exit 78 - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true - name: Set up Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: cache: npm cache-dependency-path: pkg/workflow/js/package-lock.json diff --git a/.github/workflows/go-logger.md b/.github/workflows/go-logger.md index 91b98aa17fb..e8001548505 100644 --- a/.github/workflows/go-logger.md +++ b/.github/workflows/go-logger.md @@ -21,13 +21,13 @@ safe-outputs: steps: - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24" cache: npm cache-dependency-path: actions/setup/js/package-lock.json - name: Setup Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/go-pattern-detector.md b/.github/workflows/go-pattern-detector.md index dff90320d5c..841a3bac11e 100644 --- a/.github/workflows/go-pattern-detector.md +++ b/.github/workflows/go-pattern-detector.md @@ -17,7 +17,7 @@ jobs: found_patterns: ${{ steps.detect.outputs.found_patterns }} steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install ast-grep diff --git a/.github/workflows/hourly-ci-cleaner.md b/.github/workflows/hourly-ci-cleaner.md index 84f0b6323c0..005a2f60eb9 100644 --- a/.github/workflows/hourly-ci-cleaner.md +++ b/.github/workflows/hourly-ci-cleaner.md @@ -50,7 +50,7 @@ jobs: ci_run_id: ${{ steps.ci_check.outputs.ci_run_id }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Check last CI workflow run status on main branch @@ -90,12 +90,12 @@ steps: sudo apt-get update sudo apt-get install -y make - name: Setup Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24" cache: npm diff --git a/.github/workflows/install.yml b/.github/workflows/install.yml index a66b179097c..5d009a3bca6 100644 --- a/.github/workflows/install.yml +++ b/.github/workflows/install.yml @@ -30,7 +30,7 @@ jobs: - windows-latest steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Test install script detection logic shell: bash @@ -99,7 +99,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: install-test-${{ matrix.os }} path: install-output.log @@ -173,7 +173,7 @@ jobs: issues: write steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create issue on failure uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 diff --git a/.github/workflows/integration-agentics.yml b/.github/workflows/integration-agentics.yml index 67b13e5dcfe..479a2afb1d7 100644 --- a/.github/workflows/integration-agentics.yml +++ b/.github/workflows/integration-agentics.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/issue-monster.md b/.github/workflows/issue-monster.md index 9fa45cafad7..9fab0853794 100644 --- a/.github/workflows/issue-monster.md +++ b/.github/workflows/issue-monster.md @@ -42,7 +42,7 @@ jobs: steps: - name: Search for candidate issues id: search - uses: actions/github-script@v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | const { owner, repo } = context.repo; diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index 79d8192e3e2..459bef2dd0d 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -15,9 +15,9 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: 'go.mod' @@ -37,7 +37,7 @@ jobs: - name: Upload license report if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: license-report path: licenses.csv diff --git a/.github/workflows/link-check.yml b/.github/workflows/link-check.yml index 00c80326a38..f7d945b6879 100644 --- a/.github/workflows/link-check.yml +++ b/.github/workflows/link-check.yml @@ -29,7 +29,7 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check Markdown links in reports uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 diff --git a/.github/workflows/release.md b/.github/workflows/release.md index 3a44c4f3477..bebb33dd154 100644 --- a/.github/workflows/release.md +++ b/.github/workflows/release.md @@ -44,14 +44,14 @@ jobs: release_tag: ${{ steps.compute_config.outputs.release_tag }} steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: Compute release configuration id: compute_config - uses: actions/github-script@v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | const releaseType = context.payload.inputs.release_type; @@ -155,7 +155,7 @@ jobs: release_id: ${{ steps.get_release.outputs.release_id }} steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: true @@ -172,7 +172,7 @@ jobs: echo "✓ Tag created: $RELEASE_TAG" - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: false # Disabled for release security - prevent cache poisoning attacks @@ -246,7 +246,7 @@ jobs: echo "✓ No secrets detected in SBOM files" - name: Upload SBOM artifacts - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: sbom-artifacts path: | diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 1c5ecc0a479..0b7c152280d 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -16,10 +16,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -45,10 +45,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true @@ -71,7 +71,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Trivy filesystem scan uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 diff --git a/.github/workflows/slide-deck-maintainer.md b/.github/workflows/slide-deck-maintainer.md index d33fa24a3f9..69054d007da 100644 --- a/.github/workflows/slide-deck-maintainer.md +++ b/.github/workflows/slide-deck-maintainer.md @@ -50,7 +50,7 @@ network: - node steps: - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24" cache: npm diff --git a/.github/workflows/super-linter.md b/.github/workflows/super-linter.md index d0a99ac3584..4927e7dd794 100644 --- a/.github/workflows/super-linter.md +++ b/.github/workflows/super-linter.md @@ -29,7 +29,7 @@ jobs: statuses: write steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # super-linter needs the full git history to get the # list of files that changed across commits @@ -66,14 +66,14 @@ jobs: - name: Upload super-linter log if: always() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: super-linter-log path: super-linter.log retention-days: 7 steps: - name: Download super-linter log - uses: actions/download-artifact@v6 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v8.0.0 with: name: super-linter-log path: /tmp/gh-aw/ diff --git a/.github/workflows/technical-doc-writer.md b/.github/workflows/technical-doc-writer.md index bd9fb8fb9d7..a009368fed5 100644 --- a/.github/workflows/technical-doc-writer.md +++ b/.github/workflows/technical-doc-writer.md @@ -45,7 +45,7 @@ safe-outputs: steps: - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: '24' cache: 'npm' diff --git a/.github/workflows/test-copilot-github-integration.yml b/.github/workflows/test-copilot-github-integration.yml index f53902a9c2d..1bed0633e71 100644 --- a/.github/workflows/test-copilot-github-integration.yml +++ b/.github/workflows/test-copilot-github-integration.yml @@ -12,7 +12,7 @@ jobs: pull-requests: read steps: - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: '22' @@ -79,7 +79,7 @@ jobs: - name: Upload execution logs if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v7.0.0 with: name: agent-logs path: | diff --git a/.github/workflows/tidy.md b/.github/workflows/tidy.md index 5e5e16ca620..d965a335d35 100644 --- a/.github/workflows/tidy.md +++ b/.github/workflows/tidy.md @@ -48,13 +48,13 @@ safe-outputs: missing-tool: steps: - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24" cache: npm cache-dependency-path: actions/setup/js/package-lock.json - name: Setup Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/unbloat-docs.md b/.github/workflows/unbloat-docs.md index f89474d2d91..e776266bf0c 100644 --- a/.github/workflows/unbloat-docs.md +++ b/.github/workflows/unbloat-docs.md @@ -94,12 +94,12 @@ timeout-minutes: 30 # Build steps for documentation steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: '24' cache: 'npm' diff --git a/.github/workflows/vet.yml b/.github/workflows/vet.yml index d62efbf127f..074ef505d90 100644 --- a/.github/workflows/vet.yml +++ b/.github/workflows/vet.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run vet id: vet