From 0c72626916d67e72c80dc69ac5fb9579a2c5c71c Mon Sep 17 00:00:00 2001 From: Opeyemi Date: Wed, 6 Sep 2023 15:30:47 +0100 Subject: [PATCH] UPDATE: all workflows (#2743) --- .github/workflows/build.yml | 6 +++--- .github/workflows/crowdin-pull.yml | 4 ++-- .github/workflows/pr-labeler.yml | 2 +- .github/workflows/release.yml | 12 ++++++------ .github/workflows/stale-bot.yml | 2 +- .github/workflows/version-auto-bump.yml | 4 +--- .github/workflows/version-bump.yml | 21 +++++++++------------ .github/workflows/workflow-linter.yml | 2 +- 8 files changed, 24 insertions(+), 29 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cef8a7a2c..114b5346a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -525,7 +525,7 @@ jobs: submodules: 'true' - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.6 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -779,7 +779,7 @@ jobs: uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.6 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -845,7 +845,7 @@ jobs: fi - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.6 if: failure() with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index a2a297a19..74639f2b3 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -18,13 +18,13 @@ jobs: uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.6 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/get-keyvault-secrets@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67 with: keyvault: "bitwarden-ci" secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase" diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index 21d847303..7bb6f0d14 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -12,6 +12,6 @@ jobs: pull-requests: write runs-on: ubuntu-20.04 steps: - - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # v4.0.3 + - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 with: sync-labels: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 50f4128e9..f9182f7d5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,11 +38,11 @@ jobs: fi - name: Checkout repo - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Check Release Version id: version - uses: bitwarden/gh-actions/release-version-check@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/release-version-check@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67 with: release-type: ${{ github.event.inputs.release_type }} project-type: xamarin @@ -87,7 +87,7 @@ jobs: - name: Create release if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01 # v1.9.0 + uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0 with: artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab, ./com.x8bit.bitwarden.apk/com.x8bit.bitwarden.apk, @@ -126,7 +126,7 @@ jobs: if: inputs.fdroid_publish steps: - name: Checkout repo - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Download F-Droid .apk artifact if: ${{ github.event.inputs.release_type != 'Dry Run' }} @@ -147,9 +147,9 @@ jobs: name: com.x8bit.bitwarden-fdroid.apk - name: Set up Node - uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # v2.5.1 + uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 with: - node-version: '10.x' + node-version: '16.x' - name: Set up F-Droid server run: | diff --git a/.github/workflows/stale-bot.yml b/.github/workflows/stale-bot.yml index 5cd154cf2..5d605f0a0 100644 --- a/.github/workflows/stale-bot.yml +++ b/.github/workflows/stale-bot.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: 'Run stale action' - uses: actions/stale@3cc123766321e9f15a6676375c154ccffb12a358 # v5.0.0 + uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5.2.1 with: stale-issue-label: 'needs-reply' stale-pr-label: 'needs-changes' diff --git a/.github/workflows/version-auto-bump.yml b/.github/workflows/version-auto-bump.yml index c486d1535..89c3431a0 100644 --- a/.github/workflows/version-auto-bump.yml +++ b/.github/workflows/version-auto-bump.yml @@ -14,7 +14,7 @@ jobs: version_number: ${{ steps.version.outputs.new-version }} steps: - name: Checkout Branch - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Calculate bumped version id: version @@ -35,7 +35,5 @@ jobs: name: Bump version to ${{ needs.setup.outputs.version_number }} needs: setup uses: ./.github/workflows/version-bump.yml - secrets: - AZURE_PROD_KV_CREDENTIALS: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} with: version_number: ${{ needs.setup.outputs.version_number }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index bac7c2227..43cb6007e 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -12,9 +12,6 @@ on: version_number: required: true type: string - secrets: - AZURE_PROD_KV_CREDENTIALS: - required: true jobs: bump_version: @@ -22,22 +19,22 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout Branch - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/get-keyvault-secrets@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67 with: keyvault: "bitwarden-ci" secrets: "github-gpg-private-key, github-gpg-private-key-passphrase" - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 + uses: crazy-max/ghaction-import-gpg@d6f3f49f3345e29369fe57596a3ca8f94c4d2ca7 # v5.4.0 with: gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} @@ -48,31 +45,31 @@ jobs: run: git switch -c version_bump_${{ github.event.inputs.version_number }} - name: Bump Version - Android XML - uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/version-bump@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67 with: version: ${{ github.event.inputs.version_number }} file_path: "./src/Android/Properties/AndroidManifest.xml" - name: Bump Version - iOS.Autofill - uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/version-bump@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67 with: version: ${{ github.event.inputs.version_number }} file_path: "./src/iOS.Autofill/Info.plist" - name: Bump Version - iOS.Extension - uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/version-bump@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67 with: version: ${{ github.event.inputs.version_number }} file_path: "./src/iOS.Extension/Info.plist" - name: Bump Version - iOS.ShareExtension - uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/version-bump@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67 with: version: ${{ github.event.inputs.version_number }} file_path: "./src/iOS.ShareExtension/Info.plist" - name: Bump Version - iOS - uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/version-bump@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67 with: version: ${{ github.event.inputs.version_number }} file_path: "./src/iOS/Info.plist" diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index 9db5d644a..25e35348b 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -8,4 +8,4 @@ on: jobs: call-workflow: - uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@34ecb67b2a357795dc893549df0795e7383ff50f + uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@4a7ddc1b38ca5cb4e3e43578f4df5cabe4f55a67