Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the github-actions group with 10 updates #13626

Merged
merged 1 commit into from
May 1, 2024
Merged

Bump the github-actions group with 10 updates #13626

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions .github/workflows/build-and-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ jobs:
github.event.pull_request.user.login != 'dependabot[bot]'
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
disable-file-monitoring: true
egress-policy: block
Expand All @@ -101,7 +101,7 @@ jobs:
54.185.253.63:443

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
Expand All @@ -110,7 +110,7 @@ jobs:
cache: npm

- name: Bundle size check
uses: preactjs/compressed-size-action@8119d3d31b6e57b167e09c81dfa877eada3bcb35
uses: preactjs/compressed-size-action@f780fd104362cfce9e118f9198df2ee37d12946c
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
pattern: '{assets/js/*.js,assets/css/*.css}'
Expand All @@ -129,12 +129,12 @@ jobs:
github.event.pull_request.user.login != 'dependabot[bot]'
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
Expand All @@ -160,7 +160,7 @@ jobs:
composer-options: '--prefer-dist --no-progress --no-interaction'

- name: Setup Bun
uses: oven-sh/setup-bun@d3603274aca5625baad52ec06108517a089cdd00
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest

Expand Down Expand Up @@ -202,7 +202,7 @@ jobs:

- name: Check if a comment was already made
id: find-comment
uses: peter-evans/find-comment@d5fe37641ad8451bdd80312415672ba26c86575e
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: googleforcreators-bot
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cleanup-pr-assets.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
github.event.pull_request.user.login != 'dependabot[bot]'
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
disable-file-monitoring: true
disable-sudo: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Initialize CodeQL
uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/deploy-storybook.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
Expand All @@ -50,7 +50,7 @@ jobs:
run: npm run storybook:build

- name: Checkout gh-pages
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
with:
ref: gh-pages
token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/lint-css-js-md.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ jobs:
timeout-minutes: 20
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
disable-sudo: true
disable-file-monitoring: true
Expand All @@ -74,7 +74,7 @@ jobs:
54.185.253.63:443

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
Expand All @@ -88,7 +88,7 @@ jobs:
PUPPETEER_SKIP_DOWNLOAD: true

- name: Setup Bun
uses: oven-sh/setup-bun@d3603274aca5625baad52ec06108517a089cdd00
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest

Expand Down Expand Up @@ -125,7 +125,7 @@ jobs:
github.event.pull_request.user.login != 'dependabot[bot]'

- name: Annotate JS Lint Results
uses: ataylorme/eslint-annotate-action@2.2.0
uses: ataylorme/eslint-annotate-action@3.0.0
with:
repo-token: '${{ secrets.GITHUB_TOKEN }}'
report-json: 'build/lint-js-report.json'
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/lint-i18n.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,12 @@ jobs:
timeout-minutes: 10
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Setup PHP
uses: shivammathur/setup-php@v2
Expand Down Expand Up @@ -84,7 +84,7 @@ jobs:
composer-options: '--prefer-dist --no-progress --no-interaction'

- name: Setup Bun
uses: oven-sh/setup-bun@d3603274aca5625baad52ec06108517a089cdd00
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/lint-php.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
timeout-minutes: 5
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
disable-file-monitoring: true
egress-policy: block
Expand All @@ -55,7 +55,7 @@ jobs:
dl.cloudsmith.io:443

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Setup PHP
uses: shivammathur/setup-php@e6f75134d35752277f093989e72e140eaa222f35
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/npm-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
environment: Production
steps:
- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
Expand All @@ -48,7 +48,7 @@ jobs:
PUPPETEER_SKIP_DOWNLOAD: true

- name: Setup Bun
uses: oven-sh/setup-bun@d3603274aca5625baad52ec06108517a089cdd00
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest

Expand Down Expand Up @@ -102,12 +102,12 @@ jobs:
needs: [dry-run]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
with:
token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }}

Expand All @@ -126,7 +126,7 @@ jobs:
PUPPETEER_SKIP_DOWNLOAD: true

- name: Setup Bun
uses: oven-sh/setup-bun@d3603274aca5625baad52ec06108517a089cdd00
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest

Expand Down
38 changes: 19 additions & 19 deletions .github/workflows/plugin-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,12 @@ jobs:
environment: Production
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Verify semver compatibility
run: |
Expand Down Expand Up @@ -104,7 +104,7 @@ jobs:
needs: [checks]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -127,7 +127,7 @@ jobs:

# Grab current assets version from `web-stories.php` and pass on to next steps.
# - name: Checkout
# uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
# with:
# ref:

Expand All @@ -143,7 +143,7 @@ jobs:
# ASSETS_VERSION_REGEX: "https://wp.stories.google/static/([^']+)"

- name: Checkout wp.stories.google
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
with:
repository: GoogleForCreators/wp.stories.google
lfs: true
Expand Down Expand Up @@ -222,7 +222,7 @@ jobs:
echo "" > assets_version/assets_version.txt

- name: Upload assets version
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
name: assets-version
path: public/static/assets_version
Expand All @@ -245,18 +245,18 @@ jobs:
release_name: ${{ steps.release_branch.outputs.release_name }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
with:
fetch-depth: 0 # 0 indicates all history for all branches and tags.
token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }}

- name: Download assets version
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
name: assets-version
continue-on-error: true
Expand Down Expand Up @@ -293,7 +293,7 @@ jobs:
composer-options: '--prefer-dist --no-progress --no-interaction'

- name: Setup Bun
uses: oven-sh/setup-bun@d3603274aca5625baad52ec06108517a089cdd00
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest

Expand Down Expand Up @@ -396,7 +396,7 @@ jobs:
mv build/*.zip build/release-assets/

- name: Upload artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
name: release-assets
path: build/release-assets
Expand All @@ -408,15 +408,15 @@ jobs:
needs: [build]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b

- name: Download release artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
name: release-assets
path: build
Expand Down Expand Up @@ -444,12 +444,12 @@ jobs:
if: ${{ ! startsWith(github.ref, 'refs/heads/release/') && ! contains(github.event.inputs.version, 'rc') }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
with:
ref: main
token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }}
Expand All @@ -466,7 +466,7 @@ jobs:
PUPPETEER_SKIP_DOWNLOAD: true

- name: Setup Bun
uses: oven-sh/setup-bun@d3603274aca5625baad52ec06108517a089cdd00
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest

Expand Down Expand Up @@ -500,12 +500,12 @@ jobs:
SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Download release artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
name: release-assets
path: release-assets
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/scorecards.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: 'Checkout code'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
with:
persist-credentials: false

Expand All @@ -48,7 +48,7 @@ jobs:

# Upload the results as artifacts (optional).
- name: 'Upload artifact'
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
name: SARIF file
path: results.sarif
Expand Down
Loading
Loading