From b0dcf6e54a1b388c9971f11f4c19f1c937dc6b97 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 15:38:48 +1000 Subject: [PATCH 01/14] chore: upgrade Node.js 20 actions to Node.js 24-compatible versions Replaces actions/checkout@v4->@v6, azure/login@v2->@v3, docker/login-action@v3->@v4 across all shared workflows and composite actions. Required before June 2 2026 forced Node 24 migration. Resolves UID2-6742. --- .github/workflows/shared-build-and-test.yaml | 4 ++-- .../shared-check-stable-dependency.yaml | 2 +- .github/workflows/shared-promote-auto-pr.yaml | 2 +- ...hared-publish-java-to-docker-versioned.yaml | 6 +++--- .../shared-publish-to-ios-version.yaml | 2 +- .../shared-publish-to-maven-versioned.yaml | 4 ++-- .../shared-publish-to-nuget-versioned.yaml | 2 +- .../shared-publish-to-pypi-versioned.yaml | 2 +- .github/workflows/shared-run-e2e-tests.yaml | 18 +++++++++--------- .github/workflows/shared-validate-image.yaml | 4 ++-- ...ared-vulnerability-scan-failure-notify.yaml | 4 ++-- actions/prepare_gcp_metadata/action.yaml | 2 +- actions/shared_publish_setup/action.yaml | 4 ++-- actions/shared_publish_to_docker/action.yaml | 2 +- actions/start_aks_cluster/action.yaml | 2 +- actions/start_aks_private_operator/action.yaml | 2 +- .../start_azure_private_operator/action.yaml | 2 +- actions/stop_aks_private_operator/action.yaml | 2 +- .../stop_azure_private_operator/action.yaml | 2 +- actions/stop_gcp_private_operator/action.yaml | 2 +- actions/vulnerability_scan/action.yaml | 2 +- 21 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/shared-build-and-test.yaml b/.github/workflows/shared-build-and-test.yaml index 1878ee2c..c2140281 100644 --- a/.github/workflows/shared-build-and-test.yaml +++ b/.github/workflows/shared-build-and-test.yaml @@ -31,10 +31,10 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout uid2-shared-actions repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: v3 repository: IABTechLab/uid2-shared-actions diff --git a/.github/workflows/shared-check-stable-dependency.yaml b/.github/workflows/shared-check-stable-dependency.yaml index 4c028d4d..876635a6 100644 --- a/.github/workflows/shared-check-stable-dependency.yaml +++ b/.github/workflows/shared-check-stable-dependency.yaml @@ -8,7 +8,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Resolve dependencies run: mvn -B dependency:resolve diff --git a/.github/workflows/shared-promote-auto-pr.yaml b/.github/workflows/shared-promote-auto-pr.yaml index 6118fe66..4dc1cb8a 100644 --- a/.github/workflows/shared-promote-auto-pr.yaml +++ b/.github/workflows/shared-promote-auto-pr.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Create Pull Request run: | echo "branch ${{ github.ref }} was pushed to" diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index 36bad1ec..20bcad08 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -93,14 +93,14 @@ jobs: java-version: ${{ inputs.java_version }} - name: Checkout full history on Main - uses: actions/checkout@v4 + uses: actions/checkout@v6 if: ${{ inputs.version_number_input == ''}} with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 - name: Checkout full history at tag v${{ inputs.version_number_input }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 if: ${{ inputs.version_number_input != ''}} with: ref: v${{ inputs.version_number_input }} @@ -161,7 +161,7 @@ jobs: github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }} - name: Log in to the Docker container registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} diff --git a/.github/workflows/shared-publish-to-ios-version.yaml b/.github/workflows/shared-publish-to-ios-version.yaml index e56bce26..c581f9e6 100644 --- a/.github/workflows/shared-publish-to-ios-version.yaml +++ b/.github/workflows/shared-publish-to-ios-version.yaml @@ -44,7 +44,7 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/shared-publish-to-maven-versioned.yaml b/.github/workflows/shared-publish-to-maven-versioned.yaml index 1fe1b952..b4577e46 100644 --- a/.github/workflows/shared-publish-to-maven-versioned.yaml +++ b/.github/workflows/shared-publish-to-maven-versioned.yaml @@ -64,12 +64,12 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: v3 repository: IABTechLab/uid2-shared-actions diff --git a/.github/workflows/shared-publish-to-nuget-versioned.yaml b/.github/workflows/shared-publish-to-nuget-versioned.yaml index 19061075..ee244dc7 100644 --- a/.github/workflows/shared-publish-to-nuget-versioned.yaml +++ b/.github/workflows/shared-publish-to-nuget-versioned.yaml @@ -54,7 +54,7 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/shared-publish-to-pypi-versioned.yaml b/.github/workflows/shared-publish-to-pypi-versioned.yaml index d0a76467..c019faf8 100644 --- a/.github/workflows/shared-publish-to-pypi-versioned.yaml +++ b/.github/workflows/shared-publish-to-pypi-versioned.yaml @@ -51,7 +51,7 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 41b64e2c..8ac2390c 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -111,52 +111,52 @@ jobs: aws_stack_name: ${{ steps.start_aws_private_operator.outputs.aws_stack_name }} steps: - name: Log in to the Docker container registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Checkout full history - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Checkout uid2-operator repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.operator_branch }} repository: IABTechLab/uid2-operator path: uid2-operator - name: Checkout uid2-core repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.core_branch }} repository: IABTechLab/uid2-core path: uid2-core - name: Checkout uid2-optout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.optout_branch }} repository: IABTechLab/uid2-optout path: uid2-optout - name: Checkout uid2-admin repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.admin_branch }} repository: IABTechLab/uid2-admin path: uid2-admin - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: v3 repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Checkout uid2-e2e repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: IABTechLab/uid2-e2e path: uid2-e2e @@ -375,7 +375,7 @@ jobs: id-token: write steps: - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: v3 repository: IABTechLab/uid2-shared-actions diff --git a/.github/workflows/shared-validate-image.yaml b/.github/workflows/shared-validate-image.yaml index 4a3f3044..9c7c677c 100644 --- a/.github/workflows/shared-validate-image.yaml +++ b/.github/workflows/shared-validate-image.yaml @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout full history - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 @@ -71,7 +71,7 @@ jobs: echo "git_commit=$(git show --format="%h" --no-patch)" >> $GITHUB_OUTPUT - name: Log in to the Docker container registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} diff --git a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml index cf2fde11..d8687a17 100644 --- a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml @@ -40,10 +40,10 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: v3 repository: IABTechLab/uid2-shared-actions diff --git a/actions/prepare_gcp_metadata/action.yaml b/actions/prepare_gcp_metadata/action.yaml index 2639a249..69bf296c 100644 --- a/actions/prepare_gcp_metadata/action.yaml +++ b/actions/prepare_gcp_metadata/action.yaml @@ -43,7 +43,7 @@ runs: uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2 - name: Log in to the GCP Registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ inputs.gcp_registry }} username: oauth2accesstoken diff --git a/actions/shared_publish_setup/action.yaml b/actions/shared_publish_setup/action.yaml index 0c3dcf81..3b580987 100644 --- a/actions/shared_publish_setup/action.yaml +++ b/actions/shared_publish_setup/action.yaml @@ -52,14 +52,14 @@ runs: java-version: ${{ inputs.java_version }} - name: Checkout full history on the commit that triggered the workflow - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ inputs.git_tag_or_hash == ''}} with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 - name: Checkout full history at tag ${{ inputs.git_tag_or_hash }} - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ inputs.git_tag_or_hash != ''}} with: ref: ${{ inputs.git_tag_or_hash }} diff --git a/actions/shared_publish_to_docker/action.yaml b/actions/shared_publish_to_docker/action.yaml index 295ee6d9..4308a3c7 100644 --- a/actions/shared_publish_to_docker/action.yaml +++ b/actions/shared_publish_to_docker/action.yaml @@ -46,7 +46,7 @@ runs: uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Log in to the Docker container registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ inputs.docker_registry }} username: ${{ github.actor }} diff --git a/actions/start_aks_cluster/action.yaml b/actions/start_aks_cluster/action.yaml index 5dbdd608..e084321f 100644 --- a/actions/start_aks_cluster/action.yaml +++ b/actions/start_aks_cluster/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/start_aks_private_operator/action.yaml b/actions/start_aks_private_operator/action.yaml index b25cf6aa..bd35014e 100644 --- a/actions/start_aks_private_operator/action.yaml +++ b/actions/start_aks_private_operator/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/start_azure_private_operator/action.yaml b/actions/start_azure_private_operator/action.yaml index 985a958d..c48caac9 100644 --- a/actions/start_azure_private_operator/action.yaml +++ b/actions/start_azure_private_operator/action.yaml @@ -34,7 +34,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/stop_aks_private_operator/action.yaml b/actions/stop_aks_private_operator/action.yaml index 069f71ff..583a924d 100644 --- a/actions/stop_aks_private_operator/action.yaml +++ b/actions/stop_aks_private_operator/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/stop_azure_private_operator/action.yaml b/actions/stop_azure_private_operator/action.yaml index faa2db48..82c97dd4 100644 --- a/actions/stop_azure_private_operator/action.yaml +++ b/actions/stop_azure_private_operator/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/stop_gcp_private_operator/action.yaml b/actions/stop_gcp_private_operator/action.yaml index 7d14ab74..3003c407 100644 --- a/actions/stop_gcp_private_operator/action.yaml +++ b/actions/stop_gcp_private_operator/action.yaml @@ -35,7 +35,7 @@ runs: uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2 - name: Log in to the GCP Registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ inputs.gcp_registry }} username: oauth2accesstoken diff --git a/actions/vulnerability_scan/action.yaml b/actions/vulnerability_scan/action.yaml index 0b83bbb8..2514168f 100644 --- a/actions/vulnerability_scan/action.yaml +++ b/actions/vulnerability_scan/action.yaml @@ -26,7 +26,7 @@ runs: using: "composite" steps: - name: Checkout repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: IABTechLab/uid2-shared-actions ref: v3 From 6fa4f7986e1646f2ea828b401ac05309437152e8 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 16:38:46 +1000 Subject: [PATCH 02/14] chore(UID2-6742): upgrade additional Node.js 20 actions to Node.js 24-compatible versions - actions/github-script: v7 (f28e40c7) -> v9.0.0 (3a2844b7) - EndBug/add-and-commit: v9 (a94899bc) -> v10.0.0 (290ea2c4) - actions/cache + cache/save: v4 (0057852b) -> v5.0.5 (27d5ce7f) - oras-project/setup-oras: v1 (22ce207d) -> v2.0.0 (38de303a) - github/codeql-action/upload-sarif: v3 (5c8a8a64) -> v4.35.3 (e46ed2cb) - aquasecurity/trivy-action: v0.35.0 (57a97c7e) -> v0.36.0 (ed142fd0) Co-Authored-By: Claude Sonnet 4.6 --- .../workflows/shared-increase-version-number.yaml | 2 +- actions/check_branch_and_release_type/action.yaml | 4 ++-- actions/commit_pr_and_merge/action.yaml | 10 +++++----- actions/delete_draft_releases/action.yaml | 2 +- actions/update-major-version-tag/action.yaml | 2 +- actions/vulnerability_scan/action.yaml | 14 +++++++------- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/shared-increase-version-number.yaml b/.github/workflows/shared-increase-version-number.yaml index e412cf27..04889427 100644 --- a/.github/workflows/shared-increase-version-number.yaml +++ b/.github/workflows/shared-increase-version-number.yaml @@ -91,7 +91,7 @@ jobs: github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }} - name: Print outputs - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | console.log('Result', '${{ steps.commit-and-tag.outcome }}'); diff --git a/actions/check_branch_and_release_type/action.yaml b/actions/check_branch_and_release_type/action.yaml index f0f31ff6..59851c45 100644 --- a/actions/check_branch_and_release_type/action.yaml +++ b/actions/check_branch_and_release_type/action.yaml @@ -41,14 +41,14 @@ runs: - name: Fail if Pre-release on Default branch if: ${{ inputs.release_type == 'Snapshot' && github.event.repository.default_branch == github.ref_name }} - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('Snapshot packages can not be created on the default branch. Release Type: ${{ inputs.release_type }}, Branch: ${{ github.ref_name }}') - name: Fail if Release and not on Default branch or release-yyyy-q branch if: ${{ inputs.release_type != 'Snapshot' && github.event.repository.default_branch != github.ref_name && !startsWith(github.ref_name, 'release')}} - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('Releases can only be created on a Default or release-yyyy-q branch. Release Type: ${{ inputs.release_type }}, Branch: ${{ github.ref_name }}') diff --git a/actions/commit_pr_and_merge/action.yaml b/actions/commit_pr_and_merge/action.yaml index ffdc8780..36941b27 100644 --- a/actions/commit_pr_and_merge/action.yaml +++ b/actions/commit_pr_and_merge/action.yaml @@ -53,7 +53,7 @@ runs: run: echo "name=ci-${{ github.sha }}-${RANDOM}" >> $GITHUB_OUTPUT - name: Commit to new branch - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 + uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0 if: steps.changes.outputs.changes_exist == 'true' id: create-branch-and-commit with: @@ -64,7 +64,7 @@ runs: add: ${{ inputs.add }} - name: Create PR - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: steps.changes.outputs.changes_exist == 'true' id: create-pr with: @@ -100,7 +100,7 @@ runs: "repos/${{ github.repository }}/git/refs/heads/$BRANCH" || true - name: Tag commit - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: tag-commit if: ${{ inputs.tag != '' && steps.changes.outputs.changes_exist == 'true' }} with: @@ -120,7 +120,7 @@ runs: core.setOutput('commit_tag', '${{ inputs.tag }}'); - name: Get commit SHA - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: get-commit-sha if: steps.changes.outputs.changes_exist == 'true' with: @@ -134,7 +134,7 @@ runs: core.setOutput('commit_sha', pr.merge_commit_sha); - name: Print outputs - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: ${{ inputs.tag != '' && steps.changes.outputs.changes_exist == 'true' }} with: script: | diff --git a/actions/delete_draft_releases/action.yaml b/actions/delete_draft_releases/action.yaml index 7ed426c2..16489f0e 100644 --- a/actions/delete_draft_releases/action.yaml +++ b/actions/delete_draft_releases/action.yaml @@ -6,7 +6,7 @@ runs: steps: - name: Delete draft releases - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: delete-release with: result-encoding: string diff --git a/actions/update-major-version-tag/action.yaml b/actions/update-major-version-tag/action.yaml index 2bef6b9c..188f453e 100644 --- a/actions/update-major-version-tag/action.yaml +++ b/actions/update-major-version-tag/action.yaml @@ -16,7 +16,7 @@ runs: steps: - name: Update major version tag id: updateTag - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const inputVersion = `${{ inputs.version }}`; diff --git a/actions/vulnerability_scan/action.yaml b/actions/vulnerability_scan/action.yaml index 2514168f..9d1eea4d 100644 --- a/actions/vulnerability_scan/action.yaml +++ b/actions/vulnerability_scan/action.yaml @@ -39,7 +39,7 @@ runs: rm -rf tmp-vulnerability-scan - name: Setup oras - uses: oras-project/setup-oras@22ce207df3b08e061f537244349aac6ae1d214f6 # v1 + uses: oras-project/setup-oras@38de303aac69abb66f3e6255b7198bff35f323e3 # v2.0.0 - name: Get current date id: date @@ -48,7 +48,7 @@ runs: - name: Check Cache for Databases id: cache-check - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ${{ github.workspace }}/.cache/trivy key: cache-trivy-${{ steps.date.outputs.date }} @@ -72,14 +72,14 @@ runs: rm javadb.tar.gz - name: Cache DBs - uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 if: ${{ !steps.cache-check.outputs.cache-hit }} with: path: ${{ github.workspace }}/.cache/trivy key: cache-trivy-${{ steps.date.outputs.date }} - name: Generate Trivy vulnerability scan report - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 if: inputs.publish_vulnerabilities == 'true' with: image-ref: ${{ inputs.image_ref }} @@ -96,14 +96,14 @@ runs: TRIVY_SKIP_JAVA_DB_UPDATE: true - name: Upload Trivy scan report to GitHub Security tab - uses: github/codeql-action/upload-sarif@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3 + uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 if: inputs.publish_vulnerabilities == 'true' with: sarif_file: 'trivy-results.sarif' - name: Local vulnerability scanner for MEDIUM,HIGH,CRITICAL for reporting if: ${{ inputs.full_report == 'true' }} - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 with: image-ref: ${{ inputs.image_ref }} scan-type: ${{ inputs.scan_type }} @@ -119,7 +119,7 @@ runs: TRIVY_DEPENDENCY_TREE: true - name: Test with Trivy vulnerability scanner - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 with: image-ref: ${{ inputs.image_ref }} scan-type: ${{ inputs.scan_type }} From 4a618cfabdd800cdeafbed079fa054c6eedbfa42 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 16:52:08 +1000 Subject: [PATCH 03/14] chore(UID2-6742): upgrade remaining Node.js 20 actions to Node.js 24-compatible versions - actions/setup-java: v4 -> v5.2.0 (be666c2f) - docker/build-push-action: v5 (ca052bb5) -> v7.1.0 (bcafcacb) - docker/metadata-action: v5 (c299e40c) -> v6.0.0 (030e8812) - google-github-actions/auth: v2 (c200f369) -> v3.0.0 (7c6bc770) - actions/upload-artifact: v4 -> v7.0.1 (043fb46d) Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/shared-build-and-test.yaml | 4 ++-- .../shared-publish-java-to-docker-versioned.yaml | 8 ++++---- .github/workflows/shared-publish-to-maven-versioned.yaml | 2 +- .github/workflows/shared-validate-image.yaml | 6 +++--- .../shared-vulnerability-scan-failure-notify.yaml | 4 ++-- actions/prepare_gcp_metadata/action.yaml | 2 +- actions/shared_publish_setup/action.yaml | 2 +- actions/shared_publish_to_docker/action.yaml | 6 +++--- actions/stop_gcp_private_operator/action.yaml | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/shared-build-and-test.yaml b/.github/workflows/shared-build-and-test.yaml index c2140281..feb1fd10 100644 --- a/.github/workflows/shared-build-and-test.yaml +++ b/.github/workflows/shared-build-and-test.yaml @@ -42,7 +42,7 @@ jobs: - name: Set up JDK if: ${{ inputs.vulnerability_scan_only == 'false' }} - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} @@ -66,7 +66,7 @@ jobs: - name: Archive code coverage results if: ${{ inputs.vulnerability_scan_only == 'false' }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: code-coverage-report path: ${{ inputs.working_dir }}/target/site/jacoco/* diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index 20bcad08..ef3cff4c 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -87,7 +87,7 @@ jobs: IS_RELEASE: ${{ steps.checkRelease.outputs.is_release }} - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} @@ -169,7 +169,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ inputs.append_image_name }} tags: | @@ -183,7 +183,7 @@ jobs: echo "firstTag=$FIRST_TAG" >> $GITHUB_OUTPUT - name: Build and export to Docker - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{inputs.working_dir}} load: true @@ -203,7 +203,7 @@ jobs: scan_type: image - name: Push to Docker - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{inputs.working_dir}} push: true diff --git a/.github/workflows/shared-publish-to-maven-versioned.yaml b/.github/workflows/shared-publish-to-maven-versioned.yaml index b4577e46..932a6cea 100644 --- a/.github/workflows/shared-publish-to-maven-versioned.yaml +++ b/.github/workflows/shared-publish-to-maven-versioned.yaml @@ -76,7 +76,7 @@ jobs: path: uid2-shared-actions - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} diff --git a/.github/workflows/shared-validate-image.yaml b/.github/workflows/shared-validate-image.yaml index 9c7c677c..e06ab998 100644 --- a/.github/workflows/shared-validate-image.yaml +++ b/.github/workflows/shared-validate-image.yaml @@ -53,7 +53,7 @@ jobs: uses: thetradedesk/git-restore-mtime-action@a6059d100648f8027eb1af5e6e6fd6e1328083af # v1.3 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} @@ -79,14 +79,14 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=sha,prefix=${{ steps.package.outputs.jar_version }}-,suffix=-${{ inputs.cloud_provider }},format=short - name: Build Docker image - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: . load: true diff --git a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml index d8687a17..938a1f0f 100644 --- a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml @@ -51,7 +51,7 @@ jobs: - name: Set up JDK if: inputs.scan_type == 'image' - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} @@ -77,7 +77,7 @@ jobs: - name: Build Docker image if: inputs.scan_type == 'image' - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{inputs.working_dir}} load: true diff --git a/actions/prepare_gcp_metadata/action.yaml b/actions/prepare_gcp_metadata/action.yaml index 69bf296c..9b527f7f 100644 --- a/actions/prepare_gcp_metadata/action.yaml +++ b/actions/prepare_gcp_metadata/action.yaml @@ -32,7 +32,7 @@ runs: steps: - name: Authenticate with Google Cloud id: gcp_auth - uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: token_format: access_token workload_identity_provider: ${{ inputs.gcp_workload_identity_provider_id }} diff --git a/actions/shared_publish_setup/action.yaml b/actions/shared_publish_setup/action.yaml index 3b580987..aad6df3c 100644 --- a/actions/shared_publish_setup/action.yaml +++ b/actions/shared_publish_setup/action.yaml @@ -45,7 +45,7 @@ runs: IS_RELEASE: ${{ steps.checkRelease.outputs.IS_RELEASE }} - name: Set up JDK - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 if: ${{ inputs.java_version != '' }} with: distribution: 'temurin' diff --git a/actions/shared_publish_to_docker/action.yaml b/actions/shared_publish_to_docker/action.yaml index 4308a3c7..a26e4ebf 100644 --- a/actions/shared_publish_to_docker/action.yaml +++ b/actions/shared_publish_to_docker/action.yaml @@ -54,7 +54,7 @@ runs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ inputs.docker_registry }}/${{ inputs.docker_image_name }} tags: | @@ -69,7 +69,7 @@ runs: echo "firstTag=$FIRST_TAG" >> $GITHUB_OUTPUT - name: Build and export to Docker - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{ inputs.docker_context }} file: ${{ inputs.docker_file }} @@ -90,7 +90,7 @@ runs: scan_type: ${{ inputs.scan_type }} - name: Push to Docker - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: ${{ inputs.docker_context }} file: ${{ inputs.docker_file }} diff --git a/actions/stop_gcp_private_operator/action.yaml b/actions/stop_gcp_private_operator/action.yaml index 3003c407..b53fb234 100644 --- a/actions/stop_gcp_private_operator/action.yaml +++ b/actions/stop_gcp_private_operator/action.yaml @@ -24,7 +24,7 @@ runs: steps: - name: Authenticate with Google Cloud id: gcp_auth - uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: token_format: access_token workload_identity_provider: ${{ inputs.gcp_workload_identity_provider_id }} From f65d2eccd0f8fb73a5b1266dc8d0eddcdefd338a Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 17:12:26 +1000 Subject: [PATCH 04/14] test(UID2-6742): redirect internal vulnerability_scan@v3 refs to test branch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Temporary: internal cross-refs to vulnerability_scan@v3 and the shared-build-and-test ref: v3 now point to the test branch so CI validates the updated action. Revert to @v3 / ref: v3 before merging (or drop this commit — after v3.82 release the floating tag auto-advances). Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/shared-build-and-test.yaml | 2 +- .github/workflows/shared-publish-java-to-docker-versioned.yaml | 2 +- .github/workflows/shared-publish-to-maven-versioned.yaml | 2 +- .github/workflows/shared-publish-to-nuget-versioned.yaml | 2 +- .github/workflows/shared-publish-to-pypi-versioned.yaml | 2 +- .github/workflows/shared-validate-image.yaml | 2 +- .github/workflows/shared-vulnerability-scan-failure-notify.yaml | 2 +- actions/shared_publish_to_docker/action.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/shared-build-and-test.yaml b/.github/workflows/shared-build-and-test.yaml index feb1fd10..9499c2be 100644 --- a/.github/workflows/shared-build-and-test.yaml +++ b/.github/workflows/shared-build-and-test.yaml @@ -36,7 +36,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index ef3cff4c..7311e2c6 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -194,7 +194,7 @@ jobs: IMAGE_VERSION=${{ steps.version.outputs.new_version }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_severity }} diff --git a/.github/workflows/shared-publish-to-maven-versioned.yaml b/.github/workflows/shared-publish-to-maven-versioned.yaml index 932a6cea..a90a3d96 100644 --- a/.github/workflows/shared-publish-to-maven-versioned.yaml +++ b/.github/workflows/shared-publish-to-maven-versioned.yaml @@ -87,7 +87,7 @@ jobs: key: ${{ secrets.GPG_KEY }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_failure_severity }} diff --git a/.github/workflows/shared-publish-to-nuget-versioned.yaml b/.github/workflows/shared-publish-to-nuget-versioned.yaml index ee244dc7..c981e82a 100644 --- a/.github/workflows/shared-publish-to-nuget-versioned.yaml +++ b/.github/workflows/shared-publish-to-nuget-versioned.yaml @@ -86,7 +86,7 @@ jobs: - name: Vulnerability Scan id: vulnerability-scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: ${{ inputs.vulnerability_severity }} failure_severity: ${{ inputs.vulnerability_severity }} diff --git a/.github/workflows/shared-publish-to-pypi-versioned.yaml b/.github/workflows/shared-publish-to-pypi-versioned.yaml index c019faf8..b063029e 100644 --- a/.github/workflows/shared-publish-to-pypi-versioned.yaml +++ b/.github/workflows/shared-publish-to-pypi-versioned.yaml @@ -56,7 +56,7 @@ jobs: fetch-depth: 0 - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_failure_severity }} diff --git a/.github/workflows/shared-validate-image.yaml b/.github/workflows/shared-validate-image.yaml index e06ab998..d62c0c94 100644 --- a/.github/workflows/shared-validate-image.yaml +++ b/.github/workflows/shared-validate-image.yaml @@ -97,7 +97,7 @@ jobs: IMAGE_VERSION=${{ steps.package.outputs.jar_version }}-${{ steps.package.outputs.git_commit }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.failure_severity }} diff --git a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml index 938a1f0f..4e2ef434 100644 --- a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml @@ -88,7 +88,7 @@ jobs: - name: Vulnerability Scan id: vulnerability-scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: ${{ inputs.vulnerability_severity }} failure_severity: ${{ inputs.vulnerability_severity }} diff --git a/actions/shared_publish_to_docker/action.yaml b/actions/shared_publish_to_docker/action.yaml index a26e4ebf..48f070c7 100644 --- a/actions/shared_publish_to_docker/action.yaml +++ b/actions/shared_publish_to_docker/action.yaml @@ -81,7 +81,7 @@ runs: IMAGE_VERSION=${{ inputs.new_version }} - name: Vulnerability scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: publish_vulnerabilities: ${{ inputs.publish_vulnerabilities }} failure_severity: CRITICAL From 1e98d8c2e553a6631decb533433f31e918c1c7f5 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 17:59:33 +1000 Subject: [PATCH 05/14] =?UTF-8?q?chore(UID2-6742):=20upgrade=20google-gith?= =?UTF-8?q?ub-actions/setup-gcloud=20v2=E2=86=92v3.0.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes Node.js 20 deprecation warning in GCP private operator E2E flows. Co-Authored-By: Claude Sonnet 4.6 --- actions/prepare_gcp_metadata/action.yaml | 2 +- actions/stop_gcp_private_operator/action.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/prepare_gcp_metadata/action.yaml b/actions/prepare_gcp_metadata/action.yaml index 9b527f7f..a30f7637 100644 --- a/actions/prepare_gcp_metadata/action.yaml +++ b/actions/prepare_gcp_metadata/action.yaml @@ -40,7 +40,7 @@ runs: access_token_lifetime: 1200s - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Log in to the GCP Registry uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 diff --git a/actions/stop_gcp_private_operator/action.yaml b/actions/stop_gcp_private_operator/action.yaml index b53fb234..529922b7 100644 --- a/actions/stop_gcp_private_operator/action.yaml +++ b/actions/stop_gcp_private_operator/action.yaml @@ -32,7 +32,7 @@ runs: access_token_lifetime: 1200s - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Log in to the GCP Registry uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 From 7690968969ae711826733a2c81348b401a5dca54 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 17:59:44 +1000 Subject: [PATCH 06/14] test(UID2-6742): redirect shared-run-e2e-tests composite refs to branch for CI validation Points all 14 internal @v3/@v2 composite action refs to branch so E2E CI picks up updated azure/login@v3, docker/login-action@v4, gcloud@v3 versions. DROP THIS COMMIT BEFORE MERGING. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/shared-run-e2e-tests.yaml | 28 ++++++++++----------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 8ac2390c..6ed81596 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -180,7 +180,7 @@ jobs: - name: Prepare GCP metadata id: prepare_gcp_metadata if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_gcp_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_gcp_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -190,7 +190,7 @@ jobs: - name: Prepare Azure metadata id: prepare_azure_metadata if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_azure_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_azure_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -198,7 +198,7 @@ jobs: - name: Prepare AWS metadata id: prepare_aws_metadata if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aws_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_aws_metadata@sch-UID2-6742-update-node20-actions with: identity_scope: ${{ inputs.identity_scope }} target_environment: ${{ inputs.target_environment }} @@ -207,7 +207,7 @@ jobs: - name: Start AKS cluster id: start_aks_cluster if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} @@ -226,7 +226,7 @@ jobs: - name: Prepare AKS metadata id: prepare_aks_metadata if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -254,7 +254,7 @@ jobs: - name: Start GCP private operator id: start_gcp_private_operator if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/start_gcp_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_gcp_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -266,7 +266,7 @@ jobs: - name: Start Azure private operator id: start_azure_private_operator if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/start_azure_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_azure_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -278,7 +278,7 @@ jobs: - name: Start AWS private operator id: start_aws_private_operator if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aws_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aws_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -292,7 +292,7 @@ jobs: - name: Start AKS private operator id: start_aks_private_operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@sch-UID2-6742-update-node20-actions with: template_file: ${{ steps.prepare_aks_metadata.outputs.template_file }} azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} @@ -316,7 +316,7 @@ jobs: - name: Run E2E tests id: e2e - uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v3 + uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@sch-UID2-6742-update-node20-actions with: e2e_network: ${{ steps.decide_env_var.outputs.e2e_network }} e2e_image_version: ${{ inputs.e2e_image_version }} @@ -383,7 +383,7 @@ jobs: - name: Stop GCP private operator if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@sch-UID2-6742-update-node20-actions with: gcp_project: ${{ inputs.gcp_project }} gcp_service_account: ${{ inputs.gcp_service_account }} @@ -392,21 +392,21 @@ jobs: - name: Stop Azure private operator if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }} - name: Stop AWS private operator if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@sch-UID2-6742-update-node20-actions with: aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }} aws_region: ${{ inputs.aws_region }} - name: Stop AKS private operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} From 61017b8431bfc04663e682cc6f707167b199b3d4 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 18:07:19 +1000 Subject: [PATCH 07/14] test(UID2-6742): redirect shared-publish-java-to-docker-versioned composite refs to branch Redirects check_branch_and_release_type@v3, version_number@v2, commit_pr_and_merge@v3 (x2), delete_draft_releases@v3 to branch so CI loads updated github-script@v9/add-and-commit@v10 instead of deprecated v7/v9 from the tag. DROP THIS COMMIT BEFORE MERGING. Co-Authored-By: Claude Sonnet 4.6 --- .../shared-publish-java-to-docker-versioned.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index 7311e2c6..2927a0a3 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -72,7 +72,7 @@ jobs: steps: - name: Check branch and release type id: checkRelease - uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v3 + uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@sch-UID2-6742-update-node20-actions with: release_type: ${{ inputs.release_type }} force_release: ${{ inputs.force_release }} @@ -112,7 +112,7 @@ jobs: - name: Set version number id: version - uses: IABTechLab/uid2-shared-actions/actions/version_number@v2 + uses: IABTechLab/uid2-shared-actions/actions/version_number@sch-UID2-6742-update-node20-actions with: type: ${{ inputs.release_type }} version_number: ${{ inputs.version_number_input }} @@ -145,7 +145,7 @@ jobs: - name: Commit pom.xml and version.json if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release != 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{inputs.working_dir}}/pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -153,7 +153,7 @@ jobs: - name: Commit pom.xml, version.json and set tag if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{inputs.working_dir}}/pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -229,7 +229,7 @@ jobs: - name: Delete Draft Releases if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@v3 + uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@sch-UID2-6742-update-node20-actions - name: Create Release if: ${{ steps.checkRelease.outputs.is_release == 'true' }} From c879f1540ca4036d1f48b57a6e55dd4c2189a042 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 19:56:48 +1000 Subject: [PATCH 08/14] =?UTF-8?q?chore(UID2-6742):=20upgrade=20setup-pytho?= =?UTF-8?q?n=20v5=E2=86=92v6.2.0=20and=20configure-aws-credentials=20v4?= =?UTF-8?q?=E2=86=92v6.1.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Both v6 releases use node24. Fixes Node.js 20 deprecation warnings in AWS private operator start/stop E2E flows. py-actions/py-dependency-install@v4.1.0 is blocked on upstream — no node24 release exists yet. Co-Authored-By: Claude Sonnet 4.6 --- actions/start_aws_private_operator/action.yaml | 4 ++-- actions/stop_aws_private_operator/action.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/actions/start_aws_private_operator/action.yaml b/actions/start_aws_private_operator/action.yaml index f7530c5c..b74e9559 100644 --- a/actions/start_aws_private_operator/action.yaml +++ b/actions/start_aws_private_operator/action.yaml @@ -40,7 +40,7 @@ runs: steps: - name: Setup Python 3 - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.x @@ -50,7 +50,7 @@ runs: path: ./uid2-shared-actions/scripts/aws/requirements.txt - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ff717079ee2060e4bcee96c4779b553acc87447c # v4 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: us-east-2 role-to-assume: arn:aws:iam::072245134533:role/github-runner-for-uid2-operator diff --git a/actions/stop_aws_private_operator/action.yaml b/actions/stop_aws_private_operator/action.yaml index 7ddb7d1b..23428f24 100644 --- a/actions/stop_aws_private_operator/action.yaml +++ b/actions/stop_aws_private_operator/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ff717079ee2060e4bcee96c4779b553acc87447c # v4 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: us-east-2 role-to-assume: arn:aws:iam::072245134533:role/github-runner-for-uid2-operator From fd58b2110268727a8cb032b22c653a37fdf3d2de Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 5 May 2026 11:41:18 +1000 Subject: [PATCH 09/14] chore(UID2-6742): upgrade setup-node@v4 and setup-dotnet@v4 to Node.js 24-compatible versions --- .github/workflows/shared-increase-version-number.yaml | 2 +- .github/workflows/shared-publish-to-nuget-versioned.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shared-increase-version-number.yaml b/.github/workflows/shared-increase-version-number.yaml index 04889427..0ea3bf4e 100644 --- a/.github/workflows/shared-increase-version-number.yaml +++ b/.github/workflows/shared-increase-version-number.yaml @@ -44,7 +44,7 @@ jobs: with: release_type: ${{ inputs.release_type }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 20 diff --git a/.github/workflows/shared-publish-to-nuget-versioned.yaml b/.github/workflows/shared-publish-to-nuget-versioned.yaml index c981e82a..0893e4f4 100644 --- a/.github/workflows/shared-publish-to-nuget-versioned.yaml +++ b/.github/workflows/shared-publish-to-nuget-versioned.yaml @@ -59,7 +59,7 @@ jobs: fetch-depth: 0 - name: Setup dotnet ${{ inputs.dotnet_version }} - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 with: dotnet-version: ${{ inputs.dotnet_version }} From ddabdf4d677de2b0e19442496785160874667e2b Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 5 May 2026 14:31:04 +1000 Subject: [PATCH 10/14] chore(UID2-6742): SHA-pin bare action tag references --- .../shared-check-stable-dependency.yaml | 2 +- .../shared-increase-version-number.yaml | 2 +- .github/workflows/shared-promote-auto-pr.yaml | 2 +- .../shared-publish-java-to-docker-versioned.yaml | 6 +++--- .../workflows/shared-publish-to-ios-version.yaml | 2 +- .../shared-publish-to-maven-versioned.yaml | 6 +++--- .../shared-publish-to-nuget-versioned.yaml | 2 +- .../shared-publish-to-pypi-versioned.yaml | 2 +- .github/workflows/shared-run-e2e-tests.yaml | 16 ++++++++-------- .github/workflows/shared-validate-image.yaml | 4 ++-- ...shared-vulnerability-scan-failure-notify.yaml | 6 +++--- 11 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/shared-check-stable-dependency.yaml b/.github/workflows/shared-check-stable-dependency.yaml index 876635a6..f515e13b 100644 --- a/.github/workflows/shared-check-stable-dependency.yaml +++ b/.github/workflows/shared-check-stable-dependency.yaml @@ -8,7 +8,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Resolve dependencies run: mvn -B dependency:resolve diff --git a/.github/workflows/shared-increase-version-number.yaml b/.github/workflows/shared-increase-version-number.yaml index 0ea3bf4e..a98f8242 100644 --- a/.github/workflows/shared-increase-version-number.yaml +++ b/.github/workflows/shared-increase-version-number.yaml @@ -91,7 +91,7 @@ jobs: github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }} - name: Print outputs - uses: actions/github-script@v9 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | console.log('Result', '${{ steps.commit-and-tag.outcome }}'); diff --git a/.github/workflows/shared-promote-auto-pr.yaml b/.github/workflows/shared-promote-auto-pr.yaml index 4dc1cb8a..b0cab44c 100644 --- a/.github/workflows/shared-promote-auto-pr.yaml +++ b/.github/workflows/shared-promote-auto-pr.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create Pull Request run: | echo "branch ${{ github.ref }} was pushed to" diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index 2927a0a3..484088c9 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -87,20 +87,20 @@ jobs: IS_RELEASE: ${{ steps.checkRelease.outputs.is_release }} - name: Set up JDK - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} - name: Checkout full history on Main - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ inputs.version_number_input == ''}} with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 - name: Checkout full history at tag v${{ inputs.version_number_input }} - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ inputs.version_number_input != ''}} with: ref: v${{ inputs.version_number_input }} diff --git a/.github/workflows/shared-publish-to-ios-version.yaml b/.github/workflows/shared-publish-to-ios-version.yaml index c581f9e6..3d1b85fa 100644 --- a/.github/workflows/shared-publish-to-ios-version.yaml +++ b/.github/workflows/shared-publish-to-ios-version.yaml @@ -44,7 +44,7 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/shared-publish-to-maven-versioned.yaml b/.github/workflows/shared-publish-to-maven-versioned.yaml index a90a3d96..765f4754 100644 --- a/.github/workflows/shared-publish-to-maven-versioned.yaml +++ b/.github/workflows/shared-publish-to-maven-versioned.yaml @@ -64,19 +64,19 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: v3 repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Set up JDK - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} diff --git a/.github/workflows/shared-publish-to-nuget-versioned.yaml b/.github/workflows/shared-publish-to-nuget-versioned.yaml index 0893e4f4..26a08d7a 100644 --- a/.github/workflows/shared-publish-to-nuget-versioned.yaml +++ b/.github/workflows/shared-publish-to-nuget-versioned.yaml @@ -54,7 +54,7 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/shared-publish-to-pypi-versioned.yaml b/.github/workflows/shared-publish-to-pypi-versioned.yaml index b063029e..178648d9 100644 --- a/.github/workflows/shared-publish-to-pypi-versioned.yaml +++ b/.github/workflows/shared-publish-to-pypi-versioned.yaml @@ -51,7 +51,7 @@ jobs: release_type: ${{ inputs.release_type }} - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 6ed81596..f3ad0c5a 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -118,45 +118,45 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Checkout full history - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout uid2-operator repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.operator_branch }} repository: IABTechLab/uid2-operator path: uid2-operator - name: Checkout uid2-core repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.core_branch }} repository: IABTechLab/uid2-core path: uid2-core - name: Checkout uid2-optout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.optout_branch }} repository: IABTechLab/uid2-optout path: uid2-optout - name: Checkout uid2-admin repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.admin_branch }} repository: IABTechLab/uid2-admin path: uid2-admin - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: v3 repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Checkout uid2-e2e repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: IABTechLab/uid2-e2e path: uid2-e2e @@ -375,7 +375,7 @@ jobs: id-token: write steps: - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: v3 repository: IABTechLab/uid2-shared-actions diff --git a/.github/workflows/shared-validate-image.yaml b/.github/workflows/shared-validate-image.yaml index d62c0c94..d6ec33b5 100644 --- a/.github/workflows/shared-validate-image.yaml +++ b/.github/workflows/shared-validate-image.yaml @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout full history - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 @@ -53,7 +53,7 @@ jobs: uses: thetradedesk/git-restore-mtime-action@a6059d100648f8027eb1af5e6e6fd6e1328083af # v1.3 - name: Set up JDK - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} diff --git a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml index 4e2ef434..90867acd 100644 --- a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml @@ -40,10 +40,10 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: v3 repository: IABTechLab/uid2-shared-actions @@ -51,7 +51,7 @@ jobs: - name: Set up JDK if: inputs.scan_type == 'image' - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: ${{ inputs.java_version }} From f8cd20c9f517ec32516ccc83081d8298c0f14614 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 5 May 2026 16:57:20 +1000 Subject: [PATCH 11/14] chore(UID2-6742): fix outdated softprops/action-gh-release SHA pin (v2 tag moved) --- .github/workflows/shared-publish-java-to-docker-versioned.yaml | 2 +- .github/workflows/shared-publish-to-ios-version.yaml | 2 +- .github/workflows/shared-publish-to-maven-versioned.yaml | 2 +- .github/workflows/shared-publish-to-nuget-versioned.yaml | 2 +- .github/workflows/shared-publish-to-pypi-versioned.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index 484088c9..06778ae8 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -233,7 +233,7 @@ jobs: - name: Create Release if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-publish-to-ios-version.yaml b/.github/workflows/shared-publish-to-ios-version.yaml index 3d1b85fa..b234f655 100644 --- a/.github/workflows/shared-publish-to-ios-version.yaml +++ b/.github/workflows/shared-publish-to-ios-version.yaml @@ -112,7 +112,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Create Release - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-publish-to-maven-versioned.yaml b/.github/workflows/shared-publish-to-maven-versioned.yaml index 765f4754..beee47c5 100644 --- a/.github/workflows/shared-publish-to-maven-versioned.yaml +++ b/.github/workflows/shared-publish-to-maven-versioned.yaml @@ -175,7 +175,7 @@ jobs: - name: Create Release if: ${{ env.IS_RELEASE == 'true' }} - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-publish-to-nuget-versioned.yaml b/.github/workflows/shared-publish-to-nuget-versioned.yaml index 26a08d7a..84c80cf1 100644 --- a/.github/workflows/shared-publish-to-nuget-versioned.yaml +++ b/.github/workflows/shared-publish-to-nuget-versioned.yaml @@ -123,7 +123,7 @@ jobs: - name: Create Release if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} diff --git a/.github/workflows/shared-publish-to-pypi-versioned.yaml b/.github/workflows/shared-publish-to-pypi-versioned.yaml index 178648d9..c3cf9c80 100644 --- a/.github/workflows/shared-publish-to-pypi-versioned.yaml +++ b/.github/workflows/shared-publish-to-pypi-versioned.yaml @@ -111,7 +111,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Create Release - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 with: name: v${{ steps.version.outputs.new_version }} body: ${{ steps.github_release.outputs.changelog }} From f46c0b6ae148efa1c1812ac851db0d3d0bf0a06b Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 5 May 2026 17:17:38 +1000 Subject: [PATCH 12/14] fix(UID2-6742): correct SHA pins for 6 actions (tag SHA vs commit SHA) EndBug/add-and-commit@v10, actions/github-script@v9, aquasecurity/trivy-action@v0.36.0, azure/login@v3, github/codeql-action/upload-sarif@v4.35.3, rtCamp/action-slack-notify@v2 were pinned to wrong SHAs obtained via gh api (commit SHAs). Fixed using git ls-remote --tags | grep -v '^{}' to get the correct tag object SHAs. --- .github/workflows/shared-increase-version-number.yaml | 2 +- .github/workflows/shared-test-slack-webhook.yaml | 2 +- .../shared-vulnerability-scan-failure-notify.yaml | 2 +- actions/check_branch_and_release_type/action.yaml | 4 ++-- actions/commit_pr_and_merge/action.yaml | 10 +++++----- actions/delete_draft_releases/action.yaml | 2 +- actions/start_aks_cluster/action.yaml | 2 +- actions/start_aks_private_operator/action.yaml | 2 +- actions/start_azure_private_operator/action.yaml | 2 +- actions/stop_aks_private_operator/action.yaml | 2 +- actions/stop_azure_private_operator/action.yaml | 2 +- actions/update-major-version-tag/action.yaml | 2 +- actions/vulnerability_scan/action.yaml | 8 ++++---- 13 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/shared-increase-version-number.yaml b/.github/workflows/shared-increase-version-number.yaml index a98f8242..b30edc9e 100644 --- a/.github/workflows/shared-increase-version-number.yaml +++ b/.github/workflows/shared-increase-version-number.yaml @@ -91,7 +91,7 @@ jobs: github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }} - name: Print outputs - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 with: script: | console.log('Result', '${{ steps.commit-and-tag.outcome }}'); diff --git a/.github/workflows/shared-test-slack-webhook.yaml b/.github/workflows/shared-test-slack-webhook.yaml index e371f2eb..df7be41f 100644 --- a/.github/workflows/shared-test-slack-webhook.yaml +++ b/.github/workflows/shared-test-slack-webhook.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Send Slack test message - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2 + uses: rtCamp/action-slack-notify@cdf0a2130cbcdfd82ba5fcac8e076370bf381b36 # v2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_TITLE: Slack Webhook Test diff --git a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml index 90867acd..e9237d1c 100644 --- a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml @@ -104,7 +104,7 @@ jobs: SLACK_MESSAGE: ':x: Vulnerability scan failed. Please review details: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}. Check past alerts before acting and log new actions to avoid duplicate efforts.' SLACK_TITLE: Vulnerability Scan Failure SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2 + uses: rtCamp/action-slack-notify@cdf0a2130cbcdfd82ba5fcac8e076370bf381b36 # v2 - name: Fail Workflow if Vulnerability Scan step Fails if: ${{ steps.vulnerability-scan.outcome == 'failure' }} diff --git a/actions/check_branch_and_release_type/action.yaml b/actions/check_branch_and_release_type/action.yaml index 59851c45..8effc0ba 100644 --- a/actions/check_branch_and_release_type/action.yaml +++ b/actions/check_branch_and_release_type/action.yaml @@ -41,14 +41,14 @@ runs: - name: Fail if Pre-release on Default branch if: ${{ inputs.release_type == 'Snapshot' && github.event.repository.default_branch == github.ref_name }} - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 with: script: | core.setFailed('Snapshot packages can not be created on the default branch. Release Type: ${{ inputs.release_type }}, Branch: ${{ github.ref_name }}') - name: Fail if Release and not on Default branch or release-yyyy-q branch if: ${{ inputs.release_type != 'Snapshot' && github.event.repository.default_branch != github.ref_name && !startsWith(github.ref_name, 'release')}} - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 with: script: | core.setFailed('Releases can only be created on a Default or release-yyyy-q branch. Release Type: ${{ inputs.release_type }}, Branch: ${{ github.ref_name }}') diff --git a/actions/commit_pr_and_merge/action.yaml b/actions/commit_pr_and_merge/action.yaml index 36941b27..c7ee2a8f 100644 --- a/actions/commit_pr_and_merge/action.yaml +++ b/actions/commit_pr_and_merge/action.yaml @@ -53,7 +53,7 @@ runs: run: echo "name=ci-${{ github.sha }}-${RANDOM}" >> $GITHUB_OUTPUT - name: Commit to new branch - uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0 + uses: EndBug/add-and-commit@0a145b91207725ab63102736ff2ddcf18f90cdb5 # v10.0.0 if: steps.changes.outputs.changes_exist == 'true' id: create-branch-and-commit with: @@ -64,7 +64,7 @@ runs: add: ${{ inputs.add }} - name: Create PR - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 if: steps.changes.outputs.changes_exist == 'true' id: create-pr with: @@ -100,7 +100,7 @@ runs: "repos/${{ github.repository }}/git/refs/heads/$BRANCH" || true - name: Tag commit - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 id: tag-commit if: ${{ inputs.tag != '' && steps.changes.outputs.changes_exist == 'true' }} with: @@ -120,7 +120,7 @@ runs: core.setOutput('commit_tag', '${{ inputs.tag }}'); - name: Get commit SHA - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 id: get-commit-sha if: steps.changes.outputs.changes_exist == 'true' with: @@ -134,7 +134,7 @@ runs: core.setOutput('commit_sha', pr.merge_commit_sha); - name: Print outputs - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 if: ${{ inputs.tag != '' && steps.changes.outputs.changes_exist == 'true' }} with: script: | diff --git a/actions/delete_draft_releases/action.yaml b/actions/delete_draft_releases/action.yaml index 16489f0e..0659d958 100644 --- a/actions/delete_draft_releases/action.yaml +++ b/actions/delete_draft_releases/action.yaml @@ -6,7 +6,7 @@ runs: steps: - name: Delete draft releases - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 id: delete-release with: result-encoding: string diff --git a/actions/start_aks_cluster/action.yaml b/actions/start_aks_cluster/action.yaml index e084321f..3a7f416e 100644 --- a/actions/start_aks_cluster/action.yaml +++ b/actions/start_aks_cluster/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/start_aks_private_operator/action.yaml b/actions/start_aks_private_operator/action.yaml index bd35014e..37bef153 100644 --- a/actions/start_aks_private_operator/action.yaml +++ b/actions/start_aks_private_operator/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/start_azure_private_operator/action.yaml b/actions/start_azure_private_operator/action.yaml index c48caac9..32e428d8 100644 --- a/actions/start_azure_private_operator/action.yaml +++ b/actions/start_azure_private_operator/action.yaml @@ -34,7 +34,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/stop_aks_private_operator/action.yaml b/actions/stop_aks_private_operator/action.yaml index 583a924d..bbbe2ec1 100644 --- a/actions/stop_aks_private_operator/action.yaml +++ b/actions/stop_aks_private_operator/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/stop_azure_private_operator/action.yaml b/actions/stop_azure_private_operator/action.yaml index 82c97dd4..1091e0e4 100644 --- a/actions/stop_azure_private_operator/action.yaml +++ b/actions/stop_azure_private_operator/action.yaml @@ -14,7 +14,7 @@ runs: steps: - name: Log in to Azure - uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 + uses: azure/login@93381592711f247e165c389ebb30b596c84cdc48 # v3.0.0 with: creds: ${{ inputs.azure_credentials }} enable-AzPSSession: true diff --git a/actions/update-major-version-tag/action.yaml b/actions/update-major-version-tag/action.yaml index 188f453e..ce2e276c 100644 --- a/actions/update-major-version-tag/action.yaml +++ b/actions/update-major-version-tag/action.yaml @@ -16,7 +16,7 @@ runs: steps: - name: Update major version tag id: updateTag - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 with: script: | const inputVersion = `${{ inputs.version }}`; diff --git a/actions/vulnerability_scan/action.yaml b/actions/vulnerability_scan/action.yaml index 9d1eea4d..d874cc2b 100644 --- a/actions/vulnerability_scan/action.yaml +++ b/actions/vulnerability_scan/action.yaml @@ -79,7 +79,7 @@ runs: key: cache-trivy-${{ steps.date.outputs.date }} - name: Generate Trivy vulnerability scan report - uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 + uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0 if: inputs.publish_vulnerabilities == 'true' with: image-ref: ${{ inputs.image_ref }} @@ -96,14 +96,14 @@ runs: TRIVY_SKIP_JAVA_DB_UPDATE: true - name: Upload Trivy scan report to GitHub Security tab - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/upload-sarif@c3f298df8c1fea2fefe20c785e6aa00f32df8260 # v4.35.3 if: inputs.publish_vulnerabilities == 'true' with: sarif_file: 'trivy-results.sarif' - name: Local vulnerability scanner for MEDIUM,HIGH,CRITICAL for reporting if: ${{ inputs.full_report == 'true' }} - uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 + uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0 with: image-ref: ${{ inputs.image_ref }} scan-type: ${{ inputs.scan_type }} @@ -119,7 +119,7 @@ runs: TRIVY_DEPENDENCY_TREE: true - name: Test with Trivy vulnerability scanner - uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 + uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0 with: image-ref: ${{ inputs.image_ref }} scan-type: ${{ inputs.scan_type }} From b6b66ee819a6cd584a791cf22ac0acd5c2b4bb32 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Wed, 6 May 2026 11:30:00 +1000 Subject: [PATCH 13/14] revert(UID2-6742): restore @v3 refs for internal shared-actions calls (drop test redirects) --- .github/workflows/shared-build-and-test.yaml | 2 +- ...ared-publish-java-to-docker-versioned.yaml | 12 ++++---- .../shared-publish-to-maven-versioned.yaml | 2 +- .../shared-publish-to-nuget-versioned.yaml | 2 +- .../shared-publish-to-pypi-versioned.yaml | 2 +- .github/workflows/shared-run-e2e-tests.yaml | 28 +++++++++---------- .github/workflows/shared-validate-image.yaml | 2 +- ...red-vulnerability-scan-failure-notify.yaml | 2 +- actions/shared_publish_to_docker/action.yaml | 2 +- 9 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/shared-build-and-test.yaml b/.github/workflows/shared-build-and-test.yaml index 9499c2be..feb1fd10 100644 --- a/.github/workflows/shared-build-and-test.yaml +++ b/.github/workflows/shared-build-and-test.yaml @@ -36,7 +36,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: sch-UID2-6742-update-node20-actions + ref: v3 repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index 06778ae8..5997be92 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -72,7 +72,7 @@ jobs: steps: - name: Check branch and release type id: checkRelease - uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v3 with: release_type: ${{ inputs.release_type }} force_release: ${{ inputs.force_release }} @@ -112,7 +112,7 @@ jobs: - name: Set version number id: version - uses: IABTechLab/uid2-shared-actions/actions/version_number@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/version_number@v3 with: type: ${{ inputs.release_type }} version_number: ${{ inputs.version_number_input }} @@ -145,7 +145,7 @@ jobs: - name: Commit pom.xml and version.json if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release != 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 with: add: '${{inputs.working_dir}}/pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -153,7 +153,7 @@ jobs: - name: Commit pom.xml, version.json and set tag if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 with: add: '${{inputs.working_dir}}/pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -194,7 +194,7 @@ jobs: IMAGE_VERSION=${{ steps.version.outputs.new_version }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_severity }} @@ -229,7 +229,7 @@ jobs: - name: Delete Draft Releases if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@v3 - name: Create Release if: ${{ steps.checkRelease.outputs.is_release == 'true' }} diff --git a/.github/workflows/shared-publish-to-maven-versioned.yaml b/.github/workflows/shared-publish-to-maven-versioned.yaml index beee47c5..7d9429c8 100644 --- a/.github/workflows/shared-publish-to-maven-versioned.yaml +++ b/.github/workflows/shared-publish-to-maven-versioned.yaml @@ -87,7 +87,7 @@ jobs: key: ${{ secrets.GPG_KEY }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_failure_severity }} diff --git a/.github/workflows/shared-publish-to-nuget-versioned.yaml b/.github/workflows/shared-publish-to-nuget-versioned.yaml index 84c80cf1..bea5822b 100644 --- a/.github/workflows/shared-publish-to-nuget-versioned.yaml +++ b/.github/workflows/shared-publish-to-nuget-versioned.yaml @@ -86,7 +86,7 @@ jobs: - name: Vulnerability Scan id: vulnerability-scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 with: scan_severity: ${{ inputs.vulnerability_severity }} failure_severity: ${{ inputs.vulnerability_severity }} diff --git a/.github/workflows/shared-publish-to-pypi-versioned.yaml b/.github/workflows/shared-publish-to-pypi-versioned.yaml index c3cf9c80..46c5835a 100644 --- a/.github/workflows/shared-publish-to-pypi-versioned.yaml +++ b/.github/workflows/shared-publish-to-pypi-versioned.yaml @@ -56,7 +56,7 @@ jobs: fetch-depth: 0 - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_failure_severity }} diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index f3ad0c5a..710ef40f 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -180,7 +180,7 @@ jobs: - name: Prepare GCP metadata id: prepare_gcp_metadata if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_gcp_metadata@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/prepare_gcp_metadata@v3 with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -190,7 +190,7 @@ jobs: - name: Prepare Azure metadata id: prepare_azure_metadata if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_azure_metadata@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/prepare_azure_metadata@v3 with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -198,7 +198,7 @@ jobs: - name: Prepare AWS metadata id: prepare_aws_metadata if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aws_metadata@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/prepare_aws_metadata@v3 with: identity_scope: ${{ inputs.identity_scope }} target_environment: ${{ inputs.target_environment }} @@ -207,7 +207,7 @@ jobs: - name: Start AKS cluster id: start_aks_cluster if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@v3 with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} @@ -226,7 +226,7 @@ jobs: - name: Prepare AKS metadata id: prepare_aks_metadata if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@v3 with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -254,7 +254,7 @@ jobs: - name: Start GCP private operator id: start_gcp_private_operator if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/start_gcp_private_operator@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/start_gcp_private_operator@v3 with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -266,7 +266,7 @@ jobs: - name: Start Azure private operator id: start_azure_private_operator if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/start_azure_private_operator@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/start_azure_private_operator@v3 with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -278,7 +278,7 @@ jobs: - name: Start AWS private operator id: start_aws_private_operator if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aws_private_operator@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/start_aws_private_operator@v3 with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -292,7 +292,7 @@ jobs: - name: Start AKS private operator id: start_aks_private_operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@v3 with: template_file: ${{ steps.prepare_aks_metadata.outputs.template_file }} azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} @@ -316,7 +316,7 @@ jobs: - name: Run E2E tests id: e2e - uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v3 with: e2e_network: ${{ steps.decide_env_var.outputs.e2e_network }} e2e_image_version: ${{ inputs.e2e_image_version }} @@ -383,7 +383,7 @@ jobs: - name: Stop GCP private operator if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3 with: gcp_project: ${{ inputs.gcp_project }} gcp_service_account: ${{ inputs.gcp_service_account }} @@ -392,21 +392,21 @@ jobs: - name: Stop Azure private operator if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3 with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }} - name: Stop AWS private operator if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3 with: aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }} aws_region: ${{ inputs.aws_region }} - name: Stop AKS private operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@v3 with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} diff --git a/.github/workflows/shared-validate-image.yaml b/.github/workflows/shared-validate-image.yaml index d6ec33b5..2d9e435b 100644 --- a/.github/workflows/shared-validate-image.yaml +++ b/.github/workflows/shared-validate-image.yaml @@ -97,7 +97,7 @@ jobs: IMAGE_VERSION=${{ steps.package.outputs.jar_version }}-${{ steps.package.outputs.git_commit }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.failure_severity }} diff --git a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml index e9237d1c..c29af898 100644 --- a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml @@ -88,7 +88,7 @@ jobs: - name: Vulnerability Scan id: vulnerability-scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 with: scan_severity: ${{ inputs.vulnerability_severity }} failure_severity: ${{ inputs.vulnerability_severity }} diff --git a/actions/shared_publish_to_docker/action.yaml b/actions/shared_publish_to_docker/action.yaml index 48f070c7..a26e4ebf 100644 --- a/actions/shared_publish_to_docker/action.yaml +++ b/actions/shared_publish_to_docker/action.yaml @@ -81,7 +81,7 @@ runs: IMAGE_VERSION=${{ inputs.new_version }} - name: Vulnerability scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 with: publish_vulnerabilities: ${{ inputs.publish_vulnerabilities }} failure_severity: CRITICAL From aecda3b53ae20961590eb61136fb5cf1728d269d Mon Sep 17 00:00:00 2001 From: sophia chen Date: Wed, 6 May 2026 11:45:46 +1000 Subject: [PATCH 14/14] test(UID2-6742): redirect uid2-shared-actions refs to branch for CI validation --- .github/workflows/build-and-test.yaml | 2 +- .github/workflows/shared-build-and-test.yaml | 2 +- .../shared-increase-version-number.yaml | 4 +-- ...ared-publish-java-to-docker-versioned.yaml | 12 +++---- .../shared-publish-to-docker-versioned.yaml | 2 +- .../shared-publish-to-ios-version.yaml | 2 +- .../shared-publish-to-maven-versioned.yaml | 8 ++--- .../shared-publish-to-nuget-versioned.yaml | 4 +-- .../shared-publish-to-pypi-versioned.yaml | 4 +-- .github/workflows/shared-run-e2e-tests.yaml | 32 +++++++++---------- .github/workflows/shared-validate-image.yaml | 2 +- ...red-vulnerability-scan-failure-notify.yaml | 4 +-- .../vulnerability-scan-failure-notify.yaml | 2 +- actions/shared_publish_to_docker/action.yaml | 2 +- 14 files changed, 41 insertions(+), 41 deletions(-) diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml index 4d932b13..7715f64a 100644 --- a/.github/workflows/build-and-test.yaml +++ b/.github/workflows/build-and-test.yaml @@ -3,7 +3,7 @@ on: [pull_request, push] jobs: build: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v3 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@sch-UID2-6742-update-node20-actions secrets: inherit with: vulnerability_scan_only: true \ No newline at end of file diff --git a/.github/workflows/shared-build-and-test.yaml b/.github/workflows/shared-build-and-test.yaml index feb1fd10..9499c2be 100644 --- a/.github/workflows/shared-build-and-test.yaml +++ b/.github/workflows/shared-build-and-test.yaml @@ -36,7 +36,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions diff --git a/.github/workflows/shared-increase-version-number.yaml b/.github/workflows/shared-increase-version-number.yaml index b30edc9e..fe898c91 100644 --- a/.github/workflows/shared-increase-version-number.yaml +++ b/.github/workflows/shared-increase-version-number.yaml @@ -74,7 +74,7 @@ jobs: - name: Commit ${{ inputs.working_dir }}/package.json, ${{ inputs.working_dir }}/package-lock.json and ${{ inputs.working_dir }}/version.json if: ${{ inputs.version_number_input == '' && steps.setup.outputs.IS_RELEASE != 'true' }} id: commit-without-tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/package.json ${{ inputs.working_dir }}/package-lock.json ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -83,7 +83,7 @@ jobs: - name: Commit ${{ inputs.working_dir }}/package.json, ${{ inputs.working_dir }}/package-lock.json, ${{ inputs.working_dir }}/version.json and set tag if: ${{ inputs.version_number_input == '' && steps.setup.outputs.IS_RELEASE == 'true' }} id: commit-and-tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/package.json ${{ inputs.working_dir }}/package-lock.json ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' diff --git a/.github/workflows/shared-publish-java-to-docker-versioned.yaml b/.github/workflows/shared-publish-java-to-docker-versioned.yaml index 5997be92..06778ae8 100644 --- a/.github/workflows/shared-publish-java-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-java-to-docker-versioned.yaml @@ -72,7 +72,7 @@ jobs: steps: - name: Check branch and release type id: checkRelease - uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v3 + uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@sch-UID2-6742-update-node20-actions with: release_type: ${{ inputs.release_type }} force_release: ${{ inputs.force_release }} @@ -112,7 +112,7 @@ jobs: - name: Set version number id: version - uses: IABTechLab/uid2-shared-actions/actions/version_number@v3 + uses: IABTechLab/uid2-shared-actions/actions/version_number@sch-UID2-6742-update-node20-actions with: type: ${{ inputs.release_type }} version_number: ${{ inputs.version_number_input }} @@ -145,7 +145,7 @@ jobs: - name: Commit pom.xml and version.json if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release != 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{inputs.working_dir}}/pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -153,7 +153,7 @@ jobs: - name: Commit pom.xml, version.json and set tag if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{inputs.working_dir}}/pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -194,7 +194,7 @@ jobs: IMAGE_VERSION=${{ steps.version.outputs.new_version }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_severity }} @@ -229,7 +229,7 @@ jobs: - name: Delete Draft Releases if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@v3 + uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@sch-UID2-6742-update-node20-actions - name: Create Release if: ${{ steps.checkRelease.outputs.is_release == 'true' }} diff --git a/.github/workflows/shared-publish-to-docker-versioned.yaml b/.github/workflows/shared-publish-to-docker-versioned.yaml index 942b4953..dd4946f9 100644 --- a/.github/workflows/shared-publish-to-docker-versioned.yaml +++ b/.github/workflows/shared-publish-to-docker-versioned.yaml @@ -62,7 +62,7 @@ jobs: - name: Publish to Docker id: publishToDocker - uses: IABTechLab/uid2-shared-actions/actions/shared_publish_to_docker@v3 + uses: IABTechLab/uid2-shared-actions/actions/shared_publish_to_docker@sch-UID2-6742-update-node20-actions with: new_version: ${{ inputs.new_version }} image_tag: ${{ inputs.image_tag }} diff --git a/.github/workflows/shared-publish-to-ios-version.yaml b/.github/workflows/shared-publish-to-ios-version.yaml index b234f655..367273f6 100644 --- a/.github/workflows/shared-publish-to-ios-version.yaml +++ b/.github/workflows/shared-publish-to-ios-version.yaml @@ -91,7 +91,7 @@ jobs: xcodebuild test -scheme UID2Prebid -destination "OS=26.2,name=iPhone 17" - name: Commit SDK properties, podspecs, version.json and set tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/Sources/UID2/Properties/UID2SDKProperties.swift ${{ inputs.working_dir }}/UID2.podspec.json ${{ inputs.working_dir }}/UID2Prebid.podspec.json ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' diff --git a/.github/workflows/shared-publish-to-maven-versioned.yaml b/.github/workflows/shared-publish-to-maven-versioned.yaml index 7d9429c8..b4aa98d3 100644 --- a/.github/workflows/shared-publish-to-maven-versioned.yaml +++ b/.github/workflows/shared-publish-to-maven-versioned.yaml @@ -71,7 +71,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions @@ -87,7 +87,7 @@ jobs: key: ${{ secrets.GPG_KEY }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_failure_severity }} @@ -144,7 +144,7 @@ jobs: - name: Commit pom.xml and version.json if: ${{ steps.checkRelease.outputs.is_release != 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/pom.xml ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' @@ -152,7 +152,7 @@ jobs: - name: Commit pom.xml, version.json and set tag if: ${{ steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/pom.xml ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' diff --git a/.github/workflows/shared-publish-to-nuget-versioned.yaml b/.github/workflows/shared-publish-to-nuget-versioned.yaml index bea5822b..096a3362 100644 --- a/.github/workflows/shared-publish-to-nuget-versioned.yaml +++ b/.github/workflows/shared-publish-to-nuget-versioned.yaml @@ -86,7 +86,7 @@ jobs: - name: Vulnerability Scan id: vulnerability-scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: ${{ inputs.vulnerability_severity }} failure_severity: ${{ inputs.vulnerability_severity }} @@ -100,7 +100,7 @@ jobs: dotnet nuget push ./src/UID2.Client/bin/Release/UID2.Client.${{ steps.version.outputs.new_version }}.nupkg -k ${{ secrets.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json - name: Commit UID2.Client.nuspec, version.json and set tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/UID2.Client.nuspec ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' diff --git a/.github/workflows/shared-publish-to-pypi-versioned.yaml b/.github/workflows/shared-publish-to-pypi-versioned.yaml index 46c5835a..e1c911a9 100644 --- a/.github/workflows/shared-publish-to-pypi-versioned.yaml +++ b/.github/workflows/shared-publish-to-pypi-versioned.yaml @@ -56,7 +56,7 @@ jobs: fetch-depth: 0 - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.vulnerability_failure_severity }} @@ -90,7 +90,7 @@ jobs: python3 -m twine upload dist/* -u __token__ -p "${{ secrets.PYPI_API_KEY }}" - name: Commit pyproject.toml, version.json and set tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions with: add: '${{ inputs.working_dir }}/pyproject.toml ${{ inputs.working_dir }}/version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 710ef40f..637f103d 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -151,7 +151,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions @@ -180,7 +180,7 @@ jobs: - name: Prepare GCP metadata id: prepare_gcp_metadata if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_gcp_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_gcp_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -190,7 +190,7 @@ jobs: - name: Prepare Azure metadata id: prepare_azure_metadata if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_azure_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_azure_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -198,7 +198,7 @@ jobs: - name: Prepare AWS metadata id: prepare_aws_metadata if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aws_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_aws_metadata@sch-UID2-6742-update-node20-actions with: identity_scope: ${{ inputs.identity_scope }} target_environment: ${{ inputs.target_environment }} @@ -207,7 +207,7 @@ jobs: - name: Start AKS cluster id: start_aks_cluster if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} @@ -226,7 +226,7 @@ jobs: - name: Prepare AKS metadata id: prepare_aks_metadata if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@sch-UID2-6742-update-node20-actions with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -254,7 +254,7 @@ jobs: - name: Start GCP private operator id: start_gcp_private_operator if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/start_gcp_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_gcp_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -266,7 +266,7 @@ jobs: - name: Start Azure private operator id: start_azure_private_operator if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/start_azure_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_azure_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -278,7 +278,7 @@ jobs: - name: Start AWS private operator id: start_aws_private_operator if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aws_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aws_private_operator@sch-UID2-6742-update-node20-actions with: bore_url_core: ${{ steps.bore.outputs.bore_url_core }} bore_url_optout: ${{ steps.bore.outputs.bore_url_optout }} @@ -292,7 +292,7 @@ jobs: - name: Start AKS private operator id: start_aks_private_operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@sch-UID2-6742-update-node20-actions with: template_file: ${{ steps.prepare_aks_metadata.outputs.template_file }} azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} @@ -316,7 +316,7 @@ jobs: - name: Run E2E tests id: e2e - uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v3 + uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@sch-UID2-6742-update-node20-actions with: e2e_network: ${{ steps.decide_env_var.outputs.e2e_network }} e2e_image_version: ${{ inputs.e2e_image_version }} @@ -377,13 +377,13 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions - name: Stop GCP private operator if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@sch-UID2-6742-update-node20-actions with: gcp_project: ${{ inputs.gcp_project }} gcp_service_account: ${{ inputs.gcp_service_account }} @@ -392,21 +392,21 @@ jobs: - name: Stop Azure private operator if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }} - name: Stop AWS private operator if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@sch-UID2-6742-update-node20-actions with: aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }} aws_region: ${{ inputs.aws_region }} - name: Stop AKS private operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@sch-UID2-6742-update-node20-actions with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} diff --git a/.github/workflows/shared-validate-image.yaml b/.github/workflows/shared-validate-image.yaml index 2d9e435b..d6ec33b5 100644 --- a/.github/workflows/shared-validate-image.yaml +++ b/.github/workflows/shared-validate-image.yaml @@ -97,7 +97,7 @@ jobs: IMAGE_VERSION=${{ steps.package.outputs.jar_version }}-${{ steps.package.outputs.git_commit }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: HIGH,CRITICAL failure_severity: ${{ inputs.failure_severity }} diff --git a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml index c29af898..2592ec24 100644 --- a/.github/workflows/shared-vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/shared-vulnerability-scan-failure-notify.yaml @@ -45,7 +45,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: v3 + ref: sch-UID2-6742-update-node20-actions repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions @@ -88,7 +88,7 @@ jobs: - name: Vulnerability Scan id: vulnerability-scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_severity: ${{ inputs.vulnerability_severity }} failure_severity: ${{ inputs.vulnerability_severity }} diff --git a/.github/workflows/vulnerability-scan-failure-notify.yaml b/.github/workflows/vulnerability-scan-failure-notify.yaml index 6704b919..dec38c01 100644 --- a/.github/workflows/vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/vulnerability-scan-failure-notify.yaml @@ -16,7 +16,7 @@ on: jobs: vulnerability-scan-failure-notify: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@v3 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@sch-UID2-6742-update-node20-actions secrets: SLACK_WEBHOOK : ${{ secrets.SLACK_WEBHOOK }} with: diff --git a/actions/shared_publish_to_docker/action.yaml b/actions/shared_publish_to_docker/action.yaml index a26e4ebf..48f070c7 100644 --- a/actions/shared_publish_to_docker/action.yaml +++ b/actions/shared_publish_to_docker/action.yaml @@ -81,7 +81,7 @@ runs: IMAGE_VERSION=${{ inputs.new_version }} - name: Vulnerability scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: publish_vulnerabilities: ${{ inputs.publish_vulnerabilities }} failure_severity: CRITICAL