chore: kickoff release

.github/composite_actions/download_test_configuration/action.yml

@@ -23,7 +23,7 @@ runs:
   using: "composite"
   steps:
     - name: Configure AWS credentials for {{ inputs.resource_subfolder }}
-      uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
           role-to-assume: ${{ inputs.aws_role_to_assume }}
           aws-region: ${{ inputs.aws_region }}

.github/workflows/build_amplify_swift.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: macos-13
     steps:
       - name: Checkout repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           persist-credentials: false
 

.github/workflows/canary.yml

@@ -27,7 +27,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout Code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           persist-credentials: false
 

.github/workflows/codeql.yml

@@ -39,7 +39,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/dependency-review.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           persist-credentials: false
 

.github/workflows/deploy_package.yml

@@ -43,7 +43,7 @@ jobs:
       GITHUB_USER: aws-amplify-ops
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
           role-session-name: ${{ format('{0}.release', github.run_id) }}
@@ -60,7 +60,7 @@ jobs:
           echo "token=$PAT" >> $GITHUB_OUTPUT
 
       - name: Checkout repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           fetch-depth: 100
           token: ${{steps.retrieve-token.outputs.token}}

.github/workflows/deploy_release.yml

@@ -39,7 +39,7 @@ jobs:
       GITHUB_USER: aws-amplify-ops
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
           role-session-name: ${{ format('{0}.release', github.run_id) }}
@@ -56,7 +56,7 @@ jobs:
           echo "token=$PAT" >> $GITHUB_OUTPUT
 
       - name: Checkout repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           fetch-depth: 100
           token: ${{steps.retrieve-token.outputs.token}}

.github/workflows/deploy_unstable.yml

@@ -39,7 +39,7 @@ jobs:
       GITHUB_USER: aws-amplify-ops
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
           role-session-name: ${{ format('{0}.release', github.run_id) }}
@@ -56,7 +56,7 @@ jobs:
           echo "token=$PAT" >> $GITHUB_OUTPUT
 
       - name: Checkout repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           fetch-depth: 100
           token: ${{steps.retrieve-token.outputs.token}}

.github/workflows/fortify_scan.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: macos-latest
     environment: Fortify
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           persist-credentials: false
 
@@ -35,7 +35,7 @@ jobs:
           cp -r Amplify source
           cp -r AmplifyPlugins source
       - name: Configure AWS credentials for fetching fortify resources
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
           aws-region: ${{ secrets.AWS_REGION }}

.github/workflows/integ_test_push_notifications.yml

@@ -39,7 +39,7 @@ jobs:
           - platform: ${{ github.event.inputs.watchos == 'false' && 'watchOS' || 'None' }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 
@@ -63,7 +63,7 @@ jobs:
           destination: ~/.aws-amplify/amplify-ios/testconfiguration/
 
       - name: Set up node
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
           node-version: 16.x
 

.github/workflows/issue_closed.yml

@@ -0,0 +1,34 @@
+name: Issue Closed
+
+on:
+  issues:
+    types: [closed]
+
+permissions:
+  issues: write
+
+jobs:
+  cleanup-labels:
+    runs-on: ubuntu-latest
+    if: ${{ (contains(github.event.issue.labels.*.name, 'pending-response') || contains(github.event.issue.labels.*.name, 'closing soon') || contains(github.event.issue.labels.*.name, 'pending-release')) }}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+      - name: remove unnecessary labels after closing
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
+        run: |
+          gh issue edit $ISSUE_NUMBER --remove-label "closing soon" --remove-label "pending-response" --remove-label "pending-release"
+
+  comment-visibility-warning:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: aws-actions/closed-issue-message@v1
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          message: |
+                    ### ⚠️COMMENT VISIBILITY WARNING⚠️
+                    Comments on closed issues are hard for our team to see.
+                    If you need more assistance, please either tag a team member or open a new issue that references this one.
+                    If you wish to keep having a conversation with other community members under this issue feel free to do so.

.github/workflows/issue_comment.yml

@@ -0,0 +1,35 @@
+name: Issue Comment
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    permissions: {}
+    if: ${{ !github.event.issue.pull_request && !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.comment.author_association) }}
+    steps:
+      - name: Run webhook curl command
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_COMMENT_WEBHOOK_URL }}
+          COMMENT: ${{toJson(github.event.comment.body)}}
+          USER: ${{github.event.comment.user.login}}
+          COMMENT_URL: ${{github.event.comment.html_url}}
+        shell: bash
+        run: echo $COMMENT | sed "s/\\\n/. /g; s/\\\r//g; s/[^a-zA-Z0-9 &().,:]//g" | xargs -I {} curl -s POST "$WEBHOOK_URL" -H "Content-Type:application/json" --data '{"comment":"{}", "commentUrl":"'$COMMENT_URL'", "user":"'$USER'"}'
+
+  remove-pending-response-label:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    if: ${{ !github.event.issue.pull_request && contains(github.event.issue.labels.*.name, 'pending-response') }}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+      - name: remove unnecessary labels after closing
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
+        run: |
+          gh issue edit $ISSUE_NUMBER --remove-label "pending-response"

.github/workflows/issue_opened.yml

@@ -0,0 +1,33 @@
+name: Issue Opened
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    permissions: {}
+    if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.issue.author_association) }}
+    steps:
+      - name: Run webhook curl command
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_ISSUE_WEBHOOK_URL }}
+          ISSUE: ${{toJson(github.event.issue.title)}}
+          ISSUE_URL: ${{github.event.issue.html_url}}
+          USER: ${{github.event.issue.user.login}}
+        shell: bash
+        run: echo $ISSUE | sed 's/[^a-zA-Z0-9 &().,:]//g' | xargs -I {} curl -s POST "$WEBHOOK_URL" -H "Content-Type:application/json" --data '{"issue":"{}", "issueUrl":"'$ISSUE_URL'", "user":"'$USER'"}'
+
+  maintainer-opened:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), github.event.issue.author_association) }}
+    steps:
+      - name: Post comment if maintainer opened.
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
+        run: |
+          gh issue comment $ISSUE_NUMBER --repo aws-amplify/amplify-swift -b "This issue was opened by a maintainer of this repository; updates will be posted here. If you are also experiencing this issue, please comment here with any relevant information so that we're aware and can prioritize accordingly."

.github/workflows/release_block_manual_pr.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:      
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
 
       - name: Close PR
         shell: bash

.github/workflows/release_doc.yml

@@ -14,7 +14,7 @@ jobs:
     environment: Release
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
           role-session-name: ${{ format('{0}.release-doc', github.run_id) }}
@@ -31,7 +31,7 @@ jobs:
           echo "token=$PAT" >> $GITHUB_OUTPUT
 
       - name: Checkout repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           token: ${{steps.retrieve-token.outputs.token}}
 

.github/workflows/release_kickoff.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: macos-12
 
     steps:
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
 
       - name: Create PR to push main to release branch
         env:

.github/workflows/run_integration_tests.yml

@@ -39,7 +39,7 @@ jobs:
     environment: IntegrationTest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
           persist-credentials: false