diff --git a/.github/actions/setup-node/action.yml b/.github/actions/setup-node/action.yml index e71dad4716..f3fa210124 100644 --- a/.github/actions/setup-node/action.yml +++ b/.github/actions/setup-node/action.yml @@ -5,12 +5,12 @@ runs: using: 'composite' steps: - name: Setup pnpm - uses: pnpm/action-setup@v4.0.0 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 with: run_install: false - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 registry-url: 'https://registry.npmjs.org' @@ -22,7 +22,7 @@ runs: run: | echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - - uses: actions/cache@v3 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 name: Setup pnpm cache with: path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 57aa5898af..1aac27707a 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -17,13 +17,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Run Chromatic - uses: chromaui/action@latest + uses: chromaui/action@c93e0bc3a63aa176e14a75b61a31847cbfdd341c # v11.27.0 with: projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} autoAcceptChanges: 'main' diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 7361a79521..837e877bbb 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -31,13 +31,13 @@ jobs: actions: read # Required for Claude to read CI results on PRs steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 1 - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@v1 + uses: anthropics/claude-code-action@2cc1ac1331eac7a6a96d716dd204dd2888d0fcd2 # v1.0.112 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} track_progress: true diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index f9738e119f..3ab6563b53 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -16,7 +16,7 @@ jobs: danger: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -25,9 +25,9 @@ jobs: - name: Generate token for Danger id: generate_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} owner: temporalio repositories: ui diff --git a/.github/workflows/design-feedback-notify.yml b/.github/workflows/design-feedback-notify.yml index 717a86418b..5e86a0fe76 100644 --- a/.github/workflows/design-feedback-notify.yml +++ b/.github/workflows/design-feedback-notify.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Notify Slack - uses: slackapi/slack-github-action@v2 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 env: PR_TITLE: ${{ github.event.pull_request.title }} PR_URL: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index bcc5eb516e..589943f208 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -26,7 +26,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Lint @@ -34,7 +34,7 @@ jobs: check-types: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Check Types @@ -42,7 +42,7 @@ jobs: unit-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Run Unit Tests diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 2a675e1c45..aea21cee89 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -23,14 +23,14 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Install Playwright Browsers run: pnpm exec playwright install --with-deps - name: Run Integration tests run: pnpm test:integration - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: playwright-report-integration @@ -42,14 +42,14 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: true - name: Checkout and Setup Node uses: ./.github/actions/setup-node - name: Build UI run: pnpm build:server - - uses: actions/setup-go@v3 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: server/go.mod cache-dependency-path: server/go.sum @@ -62,7 +62,7 @@ jobs: run: pnpm exec playwright install --with-deps - name: Run E2E tests run: pnpm test:e2e - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: playwright-report-e2e diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index d86f37577f..e23613abe0 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -19,15 +19,15 @@ jobs: steps: - name: Prepare dispatch token id: dispatch_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} permission-contents: write repositories: ${{ vars.DOWNSTREAM_REPO }} - name: Trigger ui-server workflow - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ steps.dispatch_token.outputs.token }} repository: ${{ vars.DOWNSTREAM_ORG }}/${{ vars.DOWNSTREAM_REPO }} @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 fetch-tags: true @@ -67,14 +67,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create release draft - uses: release-drafter/release-drafter@v6 + uses: release-drafter/release-drafter@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7.2.1 with: version: ${{ needs.check_version_change.outputs.current-version }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} skip_notification: needs: check_version_change diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index 99c2a57e4d..a9a0803fc3 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -14,7 +14,7 @@ jobs: create_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Validate release version id: validate-release @@ -30,26 +30,23 @@ jobs: uses: ./.github/actions/build-and-package - name: upload package artifact - uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ github.event.release.upload_url }} - asset_path: ${{ steps.build-package.outputs.package-path }} - asset_name: temporal-ui-package.tar.gz - asset_content_type: application/gzip + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release upload "${{ github.event.release.tag_name }}" \ + "${{ steps.build-package.outputs.package-path }}#temporal-ui-package.tar.gz" - name: Prepare dispatch token id: dispatch_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} permission-contents: write repositories: ${{ vars.DOWNSTREAM_REPO }} - name: Trigger ui-server workflow - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ steps.dispatch_token.outputs.token }} repository: ${{ vars.DOWNSTREAM_ORG }}/${{ vars.DOWNSTREAM_REPO }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e8e907cdf0..34b59bca9d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: true - name: Checkout and setup Node @@ -21,7 +21,7 @@ jobs: - name: Build UI run: pnpm build:server - - uses: actions/setup-go@v3 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: server/go.mod cache-dependency-path: server/go.sum diff --git a/.github/workflows/trigger-downstream-updates.yml b/.github/workflows/trigger-downstream-updates.yml index a78984de12..6760539556 100644 --- a/.github/workflows/trigger-downstream-updates.yml +++ b/.github/workflows/trigger-downstream-updates.yml @@ -24,13 +24,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Generate token for cross-repo access id: generate_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} owner: temporalio repositories: cloud-ui,ui,pack-dependency-actions diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 78fc79d165..3b83fe0874 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -68,7 +68,7 @@ jobs: - name: Analyze merged PRs since last version id: analyze-prs if: inputs.mode == 'auto' || inputs.mode == 'dry-run' - uses: temporalio/pack-dependency-actions/analyze-commits-for-bump@v1 + uses: temporalio/pack-dependency-actions/analyze-commits-for-bump@bf23e855ebebec9a0be45eff67c88a4189210c55 # v1.5.0 with: from-ref: ${{ steps.last-tag.outputs.last-tag }} to-ref: HEAD @@ -81,7 +81,7 @@ jobs: - name: Generate changelog id: generate-changelog if: steps.last-tag.outputs.last-tag != '' - uses: temporalio/pack-dependency-actions/generate-changelog@v1 + uses: temporalio/pack-dependency-actions/generate-changelog@bf23e855ebebec9a0be45eff67c88a4189210c55 # v1.5.0 with: repository: ${{ github.repository }} from-sha: ${{ steps.last-tag.outputs.last-tag }} @@ -90,7 +90,7 @@ jobs: - name: Calculate new version id: calculate-version - uses: temporalio/pack-dependency-actions/calculate-semantic-version@v1 + uses: temporalio/pack-dependency-actions/calculate-semantic-version@bf23e855ebebec9a0be45eff67c88a4189210c55 # v1.5.0 with: current-version: ${{ steps.validate-sync.outputs.current-version }} bump-type: ${{ inputs.mode == 'manual' && inputs.version_type || steps.analyze-prs.outputs.bump-type }} @@ -140,9 +140,9 @@ jobs: - name: Generate token for cross-repo access id: generate_token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} + client-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} owner: temporalio repositories: ui @@ -150,7 +150,7 @@ jobs: - name: Create Pull Request if: inputs.mode != 'dry-run' && steps.calculate-version.outputs.version-changed == 'true' id: create-pr - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ steps.generate_token.outputs.token }} branch: version-bump-${{ steps.calculate-version.outputs.new-version }}