From 31baac71260d62fba17d4aab4ace7d560616b244 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 15:44:28 +1000 Subject: [PATCH 01/11] chore(UID2-6742): upgrade Node.js 20 actions to Node.js 24-compatible versions --- .github/workflows/node.js.yaml | 2 +- .github/workflows/publish-cstg-example.yml | 2 +- .github/workflows/publish-js-sdk-example.yml | 2 +- .github/workflows/publish-package-to-cdn.yml | 8 ++--- .../workflows/publish-package-to-npmjs.yml | 8 ++--- .../publish-secure-signal-examples.yml | 6 ++-- .github/workflows/secureSignal-cd.yaml | 6 ++-- .github/workflows/secureSignal-to-cdn.yaml | 8 ++--- examples/cstg/Dockerfile | 2 +- examples/cstg/nginx/default.conf.template | 2 ++ examples/cstg/nginx/http.conf | 3 ++ examples/cstg/nginx/nginx.conf | 33 ------------------- 12 files changed, 27 insertions(+), 55 deletions(-) create mode 100644 examples/cstg/nginx/http.conf delete mode 100644 examples/cstg/nginx/nginx.conf diff --git a/.github/workflows/node.js.yaml b/.github/workflows/node.js.yaml index f992106e..4a30c6ab 100644 --- a/.github/workflows/node.js.yaml +++ b/.github/workflows/node.js.yaml @@ -18,7 +18,7 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: diff --git a/.github/workflows/publish-cstg-example.yml b/.github/workflows/publish-cstg-example.yml index 6228f960..a774f271 100644 --- a/.github/workflows/publish-cstg-example.yml +++ b/.github/workflows/publish-cstg-example.yml @@ -15,7 +15,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/publish-js-sdk-example.yml b/.github/workflows/publish-js-sdk-example.yml index ad2fb90b..c0be6d33 100644 --- a/.github/workflows/publish-js-sdk-example.yml +++ b/.github/workflows/publish-js-sdk-example.yml @@ -15,7 +15,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/publish-package-to-cdn.yml b/.github/workflows/publish-package-to-cdn.yml index 8ced0ab2..476cbb71 100644 --- a/.github/workflows/publish-package-to-cdn.yml +++ b/.github/workflows/publish-package-to-cdn.yml @@ -42,7 +42,7 @@ jobs: node-version: [20.x] target: [development, production] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - name: Use Node.js ${{ matrix.node-version }} @@ -95,7 +95,7 @@ jobs: needs: [build, incrementVersionNumber] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: actions/setup-node@v4 @@ -130,7 +130,7 @@ jobs: id-token: write environment: uid2-test steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws @@ -178,7 +178,7 @@ jobs: build_type: production environment: ${{ matrix.github_env }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/publish-package-to-npmjs.yml b/.github/workflows/publish-package-to-npmjs.yml index e3703048..3792f259 100644 --- a/.github/workflows/publish-package-to-npmjs.yml +++ b/.github/workflows/publish-package-to-npmjs.yml @@ -41,7 +41,7 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ target: [development, production] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - name: Use Node.js ${{ matrix.node-version }} @@ -92,7 +92,7 @@ jobs: needs: [build, incrementVersionNumber] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: actions/setup-node@v4 @@ -128,7 +128,7 @@ jobs: environment: [integ, production] environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws @@ -150,7 +150,7 @@ jobs: environment: [integ, production] environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/publish-secure-signal-examples.yml b/.github/workflows/publish-secure-signal-examples.yml index 3a42bbaf..ec8ea281 100644 --- a/.github/workflows/publish-secure-signal-examples.yml +++ b/.github/workflows/publish-secure-signal-examples.yml @@ -14,7 +14,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: @@ -43,7 +43,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: @@ -71,7 +71,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/secureSignal-cd.yaml b/.github/workflows/secureSignal-cd.yaml index 00c05b3a..4d1615ea 100644 --- a/.github/workflows/secureSignal-cd.yaml +++ b/.github/workflows/secureSignal-cd.yaml @@ -13,7 +13,7 @@ jobs: outputs: is_any_file_modified: ${{ steps.verify.outputs.any_modified }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for change to src/secureSignalUid2.ts id: verify_uid2 uses: tj-actions/changed-files@v41 @@ -34,7 +34,7 @@ jobs: target: [development, production] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: @@ -69,7 +69,7 @@ jobs: environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Deploy UID2 Secure Signals to CDN uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/secureSignal-to-cdn.yaml b/.github/workflows/secureSignal-to-cdn.yaml index 6d1833d8..e9d998f2 100644 --- a/.github/workflows/secureSignal-to-cdn.yaml +++ b/.github/workflows/secureSignal-to-cdn.yaml @@ -14,7 +14,7 @@ jobs: uid2_modified: ${{ steps.verify_uid2.outputs.any_modified }} euid_modified: ${{ steps.verify_euid.outputs.any_modified }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for change to src/secureSignalUid2.ts id: verify_uid2 uses: tj-actions/changed-files@v41 @@ -36,7 +36,7 @@ jobs: target: [development, production] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: @@ -66,7 +66,7 @@ jobs: id-token: write environment: uid2-test steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Deploy UID2 Secure Signals to Test CDN uses: ./.github/actions/cdn_deployment_aws with: @@ -115,7 +115,7 @@ jobs: file_name: euidSecureSignal.js environment: ${{ matrix.github_env }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Deploy ${{ matrix.product == 'uid2' && 'UID2' || 'EUID' }} Secure Signals to ${{ matrix.build_type == 'development' && 'Integration' || 'Production' }} CDN uses: ./.github/actions/cdn_deployment_aws with: diff --git a/examples/cstg/Dockerfile b/examples/cstg/Dockerfile index f52afdd0..058f3542 100644 --- a/examples/cstg/Dockerfile +++ b/examples/cstg/Dockerfile @@ -1,4 +1,4 @@ FROM nginx:latest -COPY ./nginx/nginx.conf /etc/nginx/nginx.conf +COPY ./nginx/http.conf /data/nginx/custom/http.conf COPY ./nginx/default.conf.template /etc/nginx/templates/ COPY ./html /usr/share/nginx/html diff --git a/examples/cstg/nginx/default.conf.template b/examples/cstg/nginx/default.conf.template index 63d712d2..5a6037ef 100644 --- a/examples/cstg/nginx/default.conf.template +++ b/examples/cstg/nginx/default.conf.template @@ -3,6 +3,8 @@ server { server_name localhost; root /usr/share/nginx/html; + access_log /var/log/nginx/access.log path_status; + location / { sub_filter '{{ UID_JS_SDK_URL }}' '${UID_JS_SDK_URL}'; sub_filter '{{ UID_JS_SDK_NAME }}' '${UID_JS_SDK_NAME}'; diff --git a/examples/cstg/nginx/http.conf b/examples/cstg/nginx/http.conf new file mode 100644 index 00000000..e12d8e4a --- /dev/null +++ b/examples/cstg/nginx/http.conf @@ -0,0 +1,3 @@ +http { + log_format path_status '$remote_addr - $remote_user [$time_local] $request $status'; +} diff --git a/examples/cstg/nginx/nginx.conf b/examples/cstg/nginx/nginx.conf deleted file mode 100644 index cc94f6a2..00000000 --- a/examples/cstg/nginx/nginx.conf +++ /dev/null @@ -1,33 +0,0 @@ -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - log_format path_status '$remote_addr - $remote_user [$time_local] $request $status'; - - access_log /var/log/nginx/access.log path_status; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} From 450f837c2246cff5a4dbb396ef15b0c4179e6455 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 15:49:04 +1000 Subject: [PATCH 02/11] fixup: remove unrelated examples/ changes from UID2-6742 commit --- examples/cstg/Dockerfile | 1 - examples/cstg/nginx/default.conf.template | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/examples/cstg/Dockerfile b/examples/cstg/Dockerfile index f52afdd0..799c1539 100644 --- a/examples/cstg/Dockerfile +++ b/examples/cstg/Dockerfile @@ -1,4 +1,3 @@ FROM nginx:latest -COPY ./nginx/nginx.conf /etc/nginx/nginx.conf COPY ./nginx/default.conf.template /etc/nginx/templates/ COPY ./html /usr/share/nginx/html diff --git a/examples/cstg/nginx/default.conf.template b/examples/cstg/nginx/default.conf.template index 63d712d2..9ea60875 100644 --- a/examples/cstg/nginx/default.conf.template +++ b/examples/cstg/nginx/default.conf.template @@ -3,6 +3,10 @@ server { server_name localhost; root /usr/share/nginx/html; + log_format path_status '$request_uri $status $remote_addr'; + + access_log /var/log/nginx/access.log path_status; + location / { sub_filter '{{ UID_JS_SDK_URL }}' '${UID_JS_SDK_URL}'; sub_filter '{{ UID_JS_SDK_NAME }}' '${UID_JS_SDK_NAME}'; From 7f14dd977475b0ca6b5ac45b54dfa299e0b45cf7 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 15:53:33 +1000 Subject: [PATCH 03/11] chore(UID2-6742): upgrade Node.js 20 actions to Node.js 24-compatible versions --- .github/workflows/node.js.yaml | 2 +- .github/workflows/publish-cstg-example.yml | 2 +- .github/workflows/publish-js-sdk-example.yml | 2 +- .github/workflows/publish-package-to-cdn.yml | 8 ++++---- .github/workflows/publish-package-to-npmjs.yml | 8 ++++---- .github/workflows/publish-secure-signal-examples.yml | 6 +++--- .github/workflows/secureSignal-cd.yaml | 6 +++--- .github/workflows/secureSignal-to-cdn.yaml | 8 ++++---- 8 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/node.js.yaml b/.github/workflows/node.js.yaml index f992106e..4a30c6ab 100644 --- a/.github/workflows/node.js.yaml +++ b/.github/workflows/node.js.yaml @@ -18,7 +18,7 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: diff --git a/.github/workflows/publish-cstg-example.yml b/.github/workflows/publish-cstg-example.yml index 6228f960..a774f271 100644 --- a/.github/workflows/publish-cstg-example.yml +++ b/.github/workflows/publish-cstg-example.yml @@ -15,7 +15,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/publish-js-sdk-example.yml b/.github/workflows/publish-js-sdk-example.yml index ad2fb90b..c0be6d33 100644 --- a/.github/workflows/publish-js-sdk-example.yml +++ b/.github/workflows/publish-js-sdk-example.yml @@ -15,7 +15,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/publish-package-to-cdn.yml b/.github/workflows/publish-package-to-cdn.yml index 8ced0ab2..476cbb71 100644 --- a/.github/workflows/publish-package-to-cdn.yml +++ b/.github/workflows/publish-package-to-cdn.yml @@ -42,7 +42,7 @@ jobs: node-version: [20.x] target: [development, production] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - name: Use Node.js ${{ matrix.node-version }} @@ -95,7 +95,7 @@ jobs: needs: [build, incrementVersionNumber] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: actions/setup-node@v4 @@ -130,7 +130,7 @@ jobs: id-token: write environment: uid2-test steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws @@ -178,7 +178,7 @@ jobs: build_type: production environment: ${{ matrix.github_env }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/publish-package-to-npmjs.yml b/.github/workflows/publish-package-to-npmjs.yml index e3703048..3792f259 100644 --- a/.github/workflows/publish-package-to-npmjs.yml +++ b/.github/workflows/publish-package-to-npmjs.yml @@ -41,7 +41,7 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ target: [development, production] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - name: Use Node.js ${{ matrix.node-version }} @@ -92,7 +92,7 @@ jobs: needs: [build, incrementVersionNumber] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: actions/setup-node@v4 @@ -128,7 +128,7 @@ jobs: environment: [integ, production] environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws @@ -150,7 +150,7 @@ jobs: environment: [integ, production] environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/publish-secure-signal-examples.yml b/.github/workflows/publish-secure-signal-examples.yml index 3a42bbaf..ec8ea281 100644 --- a/.github/workflows/publish-secure-signal-examples.yml +++ b/.github/workflows/publish-secure-signal-examples.yml @@ -14,7 +14,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: @@ -43,7 +43,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: @@ -71,7 +71,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/secureSignal-cd.yaml b/.github/workflows/secureSignal-cd.yaml index 00c05b3a..4d1615ea 100644 --- a/.github/workflows/secureSignal-cd.yaml +++ b/.github/workflows/secureSignal-cd.yaml @@ -13,7 +13,7 @@ jobs: outputs: is_any_file_modified: ${{ steps.verify.outputs.any_modified }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for change to src/secureSignalUid2.ts id: verify_uid2 uses: tj-actions/changed-files@v41 @@ -34,7 +34,7 @@ jobs: target: [development, production] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: @@ -69,7 +69,7 @@ jobs: environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Deploy UID2 Secure Signals to CDN uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/secureSignal-to-cdn.yaml b/.github/workflows/secureSignal-to-cdn.yaml index 6d1833d8..e9d998f2 100644 --- a/.github/workflows/secureSignal-to-cdn.yaml +++ b/.github/workflows/secureSignal-to-cdn.yaml @@ -14,7 +14,7 @@ jobs: uid2_modified: ${{ steps.verify_uid2.outputs.any_modified }} euid_modified: ${{ steps.verify_euid.outputs.any_modified }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check for change to src/secureSignalUid2.ts id: verify_uid2 uses: tj-actions/changed-files@v41 @@ -36,7 +36,7 @@ jobs: target: [development, production] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: @@ -66,7 +66,7 @@ jobs: id-token: write environment: uid2-test steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Deploy UID2 Secure Signals to Test CDN uses: ./.github/actions/cdn_deployment_aws with: @@ -115,7 +115,7 @@ jobs: file_name: euidSecureSignal.js environment: ${{ matrix.github_env }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Deploy ${{ matrix.product == 'uid2' && 'UID2' || 'EUID' }} Secure Signals to ${{ matrix.build_type == 'development' && 'Integration' || 'Production' }} CDN uses: ./.github/actions/cdn_deployment_aws with: From f91f4043f7f5c4bde3e9fb5c8c9f8464aabfaf58 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 17:25:05 +1000 Subject: [PATCH 04/11] chore(UID2-6742): upgrade additional Node.js 20 actions to Node.js 24-compatible versions - actions/upload-artifact: v4 -> v7 (multiple workflows) Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/publish-package-to-cdn.yml | 4 ++-- .github/workflows/publish-package-to-npmjs.yml | 4 ++-- .github/workflows/secureSignal-cd.yaml | 4 ++-- .github/workflows/secureSignal-to-cdn.yaml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish-package-to-cdn.yml b/.github/workflows/publish-package-to-cdn.yml index 476cbb71..583dafd9 100644 --- a/.github/workflows/publish-package-to-cdn.yml +++ b/.github/workflows/publish-package-to-cdn.yml @@ -57,12 +57,12 @@ jobs: run: npm install - name: Build script run: npm run build -- --mode=${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 if: inputs.publish_to_cdn with: name: uid2SDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} path: ./dist/uid2-sdk-${{ steps.version.outputs.package_version }}.js - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 if: inputs.publish_to_cdn with: name: euidSDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} diff --git a/.github/workflows/publish-package-to-npmjs.yml b/.github/workflows/publish-package-to-npmjs.yml index 3792f259..860546d1 100644 --- a/.github/workflows/publish-package-to-npmjs.yml +++ b/.github/workflows/publish-package-to-npmjs.yml @@ -56,12 +56,12 @@ jobs: run: npm install - name: Build script run: npm run build -- --mode=${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 if: inputs.publish_to_cdn with: name: uid2SDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} path: ./dist/uid2-sdk-${{ steps.version.outputs.package_version }}.js - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 if: inputs.publish_to_cdn with: name: euidSDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} diff --git a/.github/workflows/secureSignal-cd.yaml b/.github/workflows/secureSignal-cd.yaml index 4d1615ea..e374b681 100644 --- a/.github/workflows/secureSignal-cd.yaml +++ b/.github/workflows/secureSignal-cd.yaml @@ -46,12 +46,12 @@ jobs: - name: Build run: npm run build:esp -- --mode=${{ matrix.target }} - name: Upload UID2 Secure Signals Files - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.target }}Uid2SecureSignalScript path: ./dist/uid2SecureSignal.js - name: Upload EUID Secure Signals Files - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.target }}EuidSecureSignalScript path: ./dist/euidSecureSignal.js diff --git a/.github/workflows/secureSignal-to-cdn.yaml b/.github/workflows/secureSignal-to-cdn.yaml index e9d998f2..f12d6b5d 100644 --- a/.github/workflows/secureSignal-to-cdn.yaml +++ b/.github/workflows/secureSignal-to-cdn.yaml @@ -48,12 +48,12 @@ jobs: - name: Build run: npm run build:esp -- --mode=${{ matrix.target }} - name: Upload UID2 Secure Signals Files - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.target }}Uid2SecureSignalScript path: ./dist/uid2SecureSignal.js - name: Upload EUID Secure Signals Files - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.target }}EuidSecureSignalScript path: ./dist/euidSecureSignal.js From 67f3aead61ff35379e8eeed0b05c7ee3adba61b1 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 4 May 2026 20:06:40 +1000 Subject: [PATCH 05/11] chore(UID2-6742): upgrade remaining deprecated Node.js 20 actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upgrades found after CI runs exposed additional deprecated actions: - docker/build-push-action@v5 → v7.1.0 (bcafcacb) - actions/download-artifact@v4 → v8 - aws-actions/configure-aws-credentials@v4 SHA → v6.1.0 (ec61189d) - actions/setup-python@v5 SHA → v6.2.0 (a309ff8b) All replacements use node24-compatible versions. Co-Authored-By: Claude Sonnet 4.6 --- .../actions/cdn_deployment_aws/action.yaml | 168 +++++++++--------- .github/workflows/publish-cstg-example.yml | 2 +- .github/workflows/publish-js-sdk-example.yml | 2 +- .../publish-secure-signal-examples.yml | 8 +- 4 files changed, 90 insertions(+), 90 deletions(-) diff --git a/.github/actions/cdn_deployment_aws/action.yaml b/.github/actions/cdn_deployment_aws/action.yaml index 91f45f9d..dbfed453 100644 --- a/.github/actions/cdn_deployment_aws/action.yaml +++ b/.github/actions/cdn_deployment_aws/action.yaml @@ -1,84 +1,84 @@ -name: CDN Deployment for AWS -description: Deploys to AWS CDN and optionally invalidates the path in CloudFront -inputs: - artifact: - description: Name of the artifact - required: true - invalidate_paths: - description: paths that get invalidated in cloud front - default: '' - aws_account_id: - description: The AWS account id - required: true - aws_distribution_id: - description: The CloudFront description id - required: true - aws_bucket_name: - description: The AWS bucket to sync - required: true - deploy_index_html: - description: Deploy a simple index.html file to S3 root - default: 'false' -runs: - using: 'composite' - - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: us-east-2 - role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/github-runner-for-cdn - - - name: Check Identity - shell: bash - run: aws sts get-caller-identity - - - uses: actions/download-artifact@v4 - with: - name: ${{ inputs.artifact }} - path: ./download - - - name: Deploy - shell: bash - run: aws s3 sync ./download s3://${{ inputs.aws_bucket_name }} - - - name: Create and Deploy Index HTML - if: ${{ inputs.deploy_index_html == 'true' }} - shell: bash - run: | - echo ' - - - - - UID2/EUID SDK Files - - - -

UID2/EUID SDK Files

-

This directory contains the latest SDK files for UID2 and EUID integration.

-
-
- SDK Files: Available in this directory -
-
- Documentation: Visit Documentation -
-
- - ' > index.html - aws s3 cp index.html s3://${{ inputs.aws_bucket_name }}/index.html - - - name: Invalidate CloudFront - uses: chetan/invalidate-cloudfront-action@v2 - env: - DISTRIBUTION: ${{ inputs.aws_distribution_id }} - PATHS: ${{ inputs.invalidate_paths }} - AWS_REGION: us-east-2 +name: CDN Deployment for AWS +description: Deploys to AWS CDN and optionally invalidates the path in CloudFront +inputs: + artifact: + description: Name of the artifact + required: true + invalidate_paths: + description: paths that get invalidated in cloud front + default: '' + aws_account_id: + description: The AWS account id + required: true + aws_distribution_id: + description: The CloudFront description id + required: true + aws_bucket_name: + description: The AWS bucket to sync + required: true + deploy_index_html: + description: Deploy a simple index.html file to S3 root + default: 'false' +runs: + using: 'composite' + + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-2 + role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/github-runner-for-cdn + + - name: Check Identity + shell: bash + run: aws sts get-caller-identity + + - uses: actions/download-artifact@v8 + with: + name: ${{ inputs.artifact }} + path: ./download + + - name: Deploy + shell: bash + run: aws s3 sync ./download s3://${{ inputs.aws_bucket_name }} + + - name: Create and Deploy Index HTML + if: ${{ inputs.deploy_index_html == 'true' }} + shell: bash + run: | + echo ' + + + + + UID2/EUID SDK Files + + + +

UID2/EUID SDK Files

+

This directory contains the latest SDK files for UID2 and EUID integration.

+
+
+ SDK Files: Available in this directory +
+
+ Documentation: Visit Documentation +
+
+ + ' > index.html + aws s3 cp index.html s3://${{ inputs.aws_bucket_name }}/index.html + + - name: Invalidate CloudFront + uses: chetan/invalidate-cloudfront-action@v2 + env: + DISTRIBUTION: ${{ inputs.aws_distribution_id }} + PATHS: ${{ inputs.invalidate_paths }} + AWS_REGION: us-east-2 diff --git a/.github/workflows/publish-cstg-example.yml b/.github/workflows/publish-cstg-example.yml index a774f271..5d532563 100644 --- a/.github/workflows/publish-cstg-example.yml +++ b/.github/workflows/publish-cstg-example.yml @@ -30,7 +30,7 @@ jobs: tags: | type=sha,format=short - name: Build and push Docker CSTG Example image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: examples/cstg push: true diff --git a/.github/workflows/publish-js-sdk-example.yml b/.github/workflows/publish-js-sdk-example.yml index c0be6d33..398723b9 100644 --- a/.github/workflows/publish-js-sdk-example.yml +++ b/.github/workflows/publish-js-sdk-example.yml @@ -30,7 +30,7 @@ jobs: tags: | type=sha,format=short - name: Build and push Docker JS SDK Example image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: examples/js-sdk push: true diff --git a/.github/workflows/publish-secure-signal-examples.yml b/.github/workflows/publish-secure-signal-examples.yml index ec8ea281..e8eca48e 100644 --- a/.github/workflows/publish-secure-signal-examples.yml +++ b/.github/workflows/publish-secure-signal-examples.yml @@ -30,7 +30,7 @@ jobs: type=sha,format=short type=raw,value=latest - name: Build and push Docker server_side image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: examples/google-secure-signals-integration/server_side push: true @@ -59,7 +59,7 @@ jobs: type=sha,format=short type=raw,value=latest - name: Build and push Docker standard image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: examples/google-secure-signals-integration/with_sdk_v3 push: true @@ -87,14 +87,14 @@ jobs: type=sha,format=short type=raw,value=latest - name: Build and push Docker client_side image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: examples/google-secure-signals-integration/client_side push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Build and push Docker React image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: examples/google-secure-signals-integration/react_client_side push: true From 31f0a15381cbf6e9dbf720c3275cec4cbb1a5d03 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 5 May 2026 11:41:36 +1000 Subject: [PATCH 06/11] chore(UID2-6742): upgrade Node.js 20 actions to Node.js 24-compatible versions --- .github/actions/cdn_deployment_aws/action.yaml | 2 +- .github/workflows/node.js.yaml | 2 +- .github/workflows/publish-package-to-cdn.yml | 4 ++-- .github/workflows/publish-package-to-npmjs.yml | 4 ++-- .github/workflows/secureSignal-cd.yaml | 2 +- .github/workflows/secureSignal-to-cdn.yaml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/actions/cdn_deployment_aws/action.yaml b/.github/actions/cdn_deployment_aws/action.yaml index dbfed453..7eb85598 100644 --- a/.github/actions/cdn_deployment_aws/action.yaml +++ b/.github/actions/cdn_deployment_aws/action.yaml @@ -24,7 +24,7 @@ runs: steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: us-east-2 role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/github-runner-for-cdn diff --git a/.github/workflows/node.js.yaml b/.github/workflows/node.js.yaml index 4a30c6ab..a01a0107 100644 --- a/.github/workflows/node.js.yaml +++ b/.github/workflows/node.js.yaml @@ -20,7 +20,7 @@ jobs: steps: - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.node-version }} cache: 'npm' diff --git a/.github/workflows/publish-package-to-cdn.yml b/.github/workflows/publish-package-to-cdn.yml index 583dafd9..c008cfd7 100644 --- a/.github/workflows/publish-package-to-cdn.yml +++ b/.github/workflows/publish-package-to-cdn.yml @@ -46,7 +46,7 @@ jobs: with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.node-version }} - name: Get Package Version @@ -98,7 +98,7 @@ jobs: - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: '20.x' registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/publish-package-to-npmjs.yml b/.github/workflows/publish-package-to-npmjs.yml index 860546d1..7f047527 100644 --- a/.github/workflows/publish-package-to-npmjs.yml +++ b/.github/workflows/publish-package-to-npmjs.yml @@ -45,7 +45,7 @@ jobs: with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.node-version }} - name: Get Package Version @@ -95,7 +95,7 @@ jobs: - uses: actions/checkout@v6 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: '20.x' registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/secureSignal-cd.yaml b/.github/workflows/secureSignal-cd.yaml index e374b681..cb3ee778 100644 --- a/.github/workflows/secureSignal-cd.yaml +++ b/.github/workflows/secureSignal-cd.yaml @@ -36,7 +36,7 @@ jobs: steps: - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.node-version }} cache: 'npm' diff --git a/.github/workflows/secureSignal-to-cdn.yaml b/.github/workflows/secureSignal-to-cdn.yaml index f12d6b5d..27475701 100644 --- a/.github/workflows/secureSignal-to-cdn.yaml +++ b/.github/workflows/secureSignal-to-cdn.yaml @@ -38,7 +38,7 @@ jobs: steps: - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.node-version }} cache: 'npm' From 34aecebf0fbd91f6e0b7b0e98c89a902ae560fad Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 5 May 2026 14:17:10 +1000 Subject: [PATCH 07/11] chore(UID2-6742): SHA-pin download-artifact@v8 to v8.0.1 --- .github/actions/cdn_deployment_aws/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/cdn_deployment_aws/action.yaml b/.github/actions/cdn_deployment_aws/action.yaml index 7eb85598..cc66489b 100644 --- a/.github/actions/cdn_deployment_aws/action.yaml +++ b/.github/actions/cdn_deployment_aws/action.yaml @@ -33,7 +33,7 @@ runs: shell: bash run: aws sts get-caller-identity - - uses: actions/download-artifact@v8 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.artifact }} path: ./download From 5257727e298ebec9521ed12f62e4e9a77ae26e02 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 5 May 2026 14:31:05 +1000 Subject: [PATCH 08/11] chore(UID2-6742): SHA-pin bare action tag references --- .github/actions/cdn_deployment_aws/action.yaml | 2 +- .github/workflows/node.js.yaml | 2 +- .github/workflows/publish-cstg-example.yml | 2 +- .github/workflows/publish-js-sdk-example.yml | 2 +- .github/workflows/publish-package-to-cdn.yml | 12 ++++++------ .github/workflows/publish-package-to-npmjs.yml | 12 ++++++------ .github/workflows/publish-secure-signal-examples.yml | 6 +++--- .github/workflows/secureSignal-cd.yaml | 10 +++++----- .github/workflows/secureSignal-to-cdn.yaml | 12 ++++++------ 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/actions/cdn_deployment_aws/action.yaml b/.github/actions/cdn_deployment_aws/action.yaml index cc66489b..42fe8737 100644 --- a/.github/actions/cdn_deployment_aws/action.yaml +++ b/.github/actions/cdn_deployment_aws/action.yaml @@ -77,7 +77,7 @@ runs: aws s3 cp index.html s3://${{ inputs.aws_bucket_name }}/index.html - name: Invalidate CloudFront - uses: chetan/invalidate-cloudfront-action@v2 + uses: chetan/invalidate-cloudfront-action@6adb1f613f4102ad81cd08a7ba83b8abe490cb8d # v2 env: DISTRIBUTION: ${{ inputs.aws_distribution_id }} PATHS: ${{ inputs.invalidate_paths }} diff --git a/.github/workflows/node.js.yaml b/.github/workflows/node.js.yaml index a01a0107..319142b0 100644 --- a/.github/workflows/node.js.yaml +++ b/.github/workflows/node.js.yaml @@ -18,7 +18,7 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: diff --git a/.github/workflows/publish-cstg-example.yml b/.github/workflows/publish-cstg-example.yml index 5d532563..e93e88e3 100644 --- a/.github/workflows/publish-cstg-example.yml +++ b/.github/workflows/publish-cstg-example.yml @@ -15,7 +15,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/publish-js-sdk-example.yml b/.github/workflows/publish-js-sdk-example.yml index 398723b9..0dc0e4bf 100644 --- a/.github/workflows/publish-js-sdk-example.yml +++ b/.github/workflows/publish-js-sdk-example.yml @@ -15,7 +15,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/publish-package-to-cdn.yml b/.github/workflows/publish-package-to-cdn.yml index c008cfd7..2d27cb7a 100644 --- a/.github/workflows/publish-package-to-cdn.yml +++ b/.github/workflows/publish-package-to-cdn.yml @@ -42,7 +42,7 @@ jobs: node-version: [20.x] target: [development, production] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - name: Use Node.js ${{ matrix.node-version }} @@ -57,12 +57,12 @@ jobs: run: npm install - name: Build script run: npm run build -- --mode=${{ matrix.target }} - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: inputs.publish_to_cdn with: name: uid2SDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} path: ./dist/uid2-sdk-${{ steps.version.outputs.package_version }}.js - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: inputs.publish_to_cdn with: name: euidSDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} @@ -95,7 +95,7 @@ jobs: needs: [build, incrementVersionNumber] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 @@ -130,7 +130,7 @@ jobs: id-token: write environment: uid2-test steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws @@ -178,7 +178,7 @@ jobs: build_type: production environment: ${{ matrix.github_env }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/publish-package-to-npmjs.yml b/.github/workflows/publish-package-to-npmjs.yml index 7f047527..80213aa2 100644 --- a/.github/workflows/publish-package-to-npmjs.yml +++ b/.github/workflows/publish-package-to-npmjs.yml @@ -41,7 +41,7 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ target: [development, production] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - name: Use Node.js ${{ matrix.node-version }} @@ -56,12 +56,12 @@ jobs: run: npm install - name: Build script run: npm run build -- --mode=${{ matrix.target }} - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: inputs.publish_to_cdn with: name: uid2SDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} path: ./dist/uid2-sdk-${{ steps.version.outputs.package_version }}.js - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: inputs.publish_to_cdn with: name: euidSDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} @@ -92,7 +92,7 @@ jobs: needs: [build, incrementVersionNumber] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 @@ -128,7 +128,7 @@ jobs: environment: [integ, production] environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws @@ -150,7 +150,7 @@ jobs: environment: [integ, production] environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} - uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/publish-secure-signal-examples.yml b/.github/workflows/publish-secure-signal-examples.yml index e8eca48e..03783817 100644 --- a/.github/workflows/publish-secure-signal-examples.yml +++ b/.github/workflows/publish-secure-signal-examples.yml @@ -14,7 +14,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: @@ -43,7 +43,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: @@ -71,7 +71,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: diff --git a/.github/workflows/secureSignal-cd.yaml b/.github/workflows/secureSignal-cd.yaml index cb3ee778..d651e825 100644 --- a/.github/workflows/secureSignal-cd.yaml +++ b/.github/workflows/secureSignal-cd.yaml @@ -13,7 +13,7 @@ jobs: outputs: is_any_file_modified: ${{ steps.verify.outputs.any_modified }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check for change to src/secureSignalUid2.ts id: verify_uid2 uses: tj-actions/changed-files@v41 @@ -34,7 +34,7 @@ jobs: target: [development, production] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: @@ -46,12 +46,12 @@ jobs: - name: Build run: npm run build:esp -- --mode=${{ matrix.target }} - name: Upload UID2 Secure Signals Files - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ matrix.target }}Uid2SecureSignalScript path: ./dist/uid2SecureSignal.js - name: Upload EUID Secure Signals Files - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ matrix.target }}EuidSecureSignalScript path: ./dist/euidSecureSignal.js @@ -69,7 +69,7 @@ jobs: environment: ${{ matrix.environment }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Deploy UID2 Secure Signals to CDN uses: ./.github/actions/cdn_deployment_aws diff --git a/.github/workflows/secureSignal-to-cdn.yaml b/.github/workflows/secureSignal-to-cdn.yaml index 27475701..cddb5a49 100644 --- a/.github/workflows/secureSignal-to-cdn.yaml +++ b/.github/workflows/secureSignal-to-cdn.yaml @@ -14,7 +14,7 @@ jobs: uid2_modified: ${{ steps.verify_uid2.outputs.any_modified }} euid_modified: ${{ steps.verify_euid.outputs.any_modified }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check for change to src/secureSignalUid2.ts id: verify_uid2 uses: tj-actions/changed-files@v41 @@ -36,7 +36,7 @@ jobs: target: [development, production] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: @@ -48,12 +48,12 @@ jobs: - name: Build run: npm run build:esp -- --mode=${{ matrix.target }} - name: Upload UID2 Secure Signals Files - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ matrix.target }}Uid2SecureSignalScript path: ./dist/uid2SecureSignal.js - name: Upload EUID Secure Signals Files - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ matrix.target }}EuidSecureSignalScript path: ./dist/euidSecureSignal.js @@ -66,7 +66,7 @@ jobs: id-token: write environment: uid2-test steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Deploy UID2 Secure Signals to Test CDN uses: ./.github/actions/cdn_deployment_aws with: @@ -115,7 +115,7 @@ jobs: file_name: euidSecureSignal.js environment: ${{ matrix.github_env }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Deploy ${{ matrix.product == 'uid2' && 'UID2' || 'EUID' }} Secure Signals to ${{ matrix.build_type == 'development' && 'Integration' || 'Production' }} CDN uses: ./.github/actions/cdn_deployment_aws with: From 776de0eecd046a2a982f5095bff3afd1709faa73 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 5 May 2026 17:17:43 +1000 Subject: [PATCH 09/11] fix(UID2-6742): correct SHA pins (tag SHA not commit SHA) --- .github/actions/cdn_deployment_aws/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/cdn_deployment_aws/action.yaml b/.github/actions/cdn_deployment_aws/action.yaml index 42fe8737..b7078b4f 100644 --- a/.github/actions/cdn_deployment_aws/action.yaml +++ b/.github/actions/cdn_deployment_aws/action.yaml @@ -77,7 +77,7 @@ runs: aws s3 cp index.html s3://${{ inputs.aws_bucket_name }}/index.html - name: Invalidate CloudFront - uses: chetan/invalidate-cloudfront-action@6adb1f613f4102ad81cd08a7ba83b8abe490cb8d # v2 + uses: chetan/invalidate-cloudfront-action@cacab256f2bd90d1c04447a7d6afdaf6f346e7b3 # v2 env: DISTRIBUTION: ${{ inputs.aws_distribution_id }} PATHS: ${{ inputs.invalidate_paths }} From 690103c0e893e4d49a28fb0bc65ebb8459ede213 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Wed, 6 May 2026 11:28:00 +1000 Subject: [PATCH 10/11] revert: restore examples/cstg files to merge-base state (not part of UID2-6742) --- examples/cstg/Dockerfile | 1 + examples/cstg/nginx/default.conf.template | 4 ---- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/examples/cstg/Dockerfile b/examples/cstg/Dockerfile index 799c1539..f52afdd0 100644 --- a/examples/cstg/Dockerfile +++ b/examples/cstg/Dockerfile @@ -1,3 +1,4 @@ FROM nginx:latest +COPY ./nginx/nginx.conf /etc/nginx/nginx.conf COPY ./nginx/default.conf.template /etc/nginx/templates/ COPY ./html /usr/share/nginx/html diff --git a/examples/cstg/nginx/default.conf.template b/examples/cstg/nginx/default.conf.template index 9ea60875..63d712d2 100644 --- a/examples/cstg/nginx/default.conf.template +++ b/examples/cstg/nginx/default.conf.template @@ -3,10 +3,6 @@ server { server_name localhost; root /usr/share/nginx/html; - log_format path_status '$request_uri $status $remote_addr'; - - access_log /var/log/nginx/access.log path_status; - location / { sub_filter '{{ UID_JS_SDK_URL }}' '${UID_JS_SDK_URL}'; sub_filter '{{ UID_JS_SDK_NAME }}' '${UID_JS_SDK_NAME}'; From 6f53b7589e58ace5ef65db12d38132ef77da4f08 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Wed, 6 May 2026 11:45:47 +1000 Subject: [PATCH 11/11] test(UID2-6742): redirect uid2-shared-actions refs to branch for CI validation --- .github/workflows/build-sdk-package.yml | 2 +- .github/workflows/node.js.yaml | 2 +- .github/workflows/vulnerability-scan-failure-notify.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-sdk-package.yml b/.github/workflows/build-sdk-package.yml index ef2d1c15..422b9b2a 100644 --- a/.github/workflows/build-sdk-package.yml +++ b/.github/workflows/build-sdk-package.yml @@ -16,7 +16,7 @@ on: jobs: incrementVersionNumber: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-increase-version-number.yaml@v3 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-increase-version-number.yaml@sch-UID2-6742-update-node20-actions with: release_type: ${{ inputs.release_type }} merge_environment: ${{ github.ref_protected && 'ci-auto-merge' || '' }} diff --git a/.github/workflows/node.js.yaml b/.github/workflows/node.js.yaml index 319142b0..a79b1d4b 100644 --- a/.github/workflows/node.js.yaml +++ b/.github/workflows/node.js.yaml @@ -32,6 +32,6 @@ jobs: - run: npm test working-directory: ${{ env.WORKING_DIR }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_type: 'fs' diff --git a/.github/workflows/vulnerability-scan-failure-notify.yaml b/.github/workflows/vulnerability-scan-failure-notify.yaml index 6704b919..dec38c01 100644 --- a/.github/workflows/vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/vulnerability-scan-failure-notify.yaml @@ -16,7 +16,7 @@ on: jobs: vulnerability-scan-failure-notify: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@v3 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@sch-UID2-6742-update-node20-actions secrets: SLACK_WEBHOOK : ${{ secrets.SLACK_WEBHOOK }} with: