From 7671782d05b1fa5d9a3e958c733aab2ec38a5e42 Mon Sep 17 00:00:00 2001 From: "alithya-oss-backstage-ci[bot]" <173350712+alithya-oss-backstage-ci[bot]@users.noreply.github.com> Date: Fri, 15 May 2026 13:27:05 +0000 Subject: [PATCH] chore(deps): update github actions Signed-off-by: Renovate Bot --- .github/workflows/automate-staleness.yml | 2 +- .github/workflows/automate_changeset_feedback.yml | 6 +++--- .github/workflows/automate_renovate_changeset.yml | 6 +++--- .github/workflows/ci.yml | 10 +++++----- .github/workflows/codeql.yml | 10 +++++----- .github/workflows/cron.yml | 4 ++-- .github/workflows/pr.yml | 4 ++-- .github/workflows/release.yml | 2 +- .github/workflows/release_workspace.yml | 12 ++++++------ .github/workflows/renovate.yaml | 2 +- .github/workflows/scorecard.yml | 8 ++++---- .github/workflows/version-bump.yml | 10 +++++----- 12 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.github/workflows/automate-staleness.yml b/.github/workflows/automate-staleness.yml index 92bb1936..30970078 100644 --- a/.github/workflows/automate-staleness.yml +++ b/.github/workflows/automate-staleness.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit diff --git a/.github/workflows/automate_changeset_feedback.yml b/.github/workflows/automate_changeset_feedback.yml index b7d9d2f4..3ab8cca5 100644 --- a/.github/workflows/automate_changeset_feedback.yml +++ b/.github/workflows/automate_changeset_feedback.yml @@ -24,11 +24,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: # Fetch the commit that's merged into the base rather than the target ref # This will let us diff only the contents of the PR, without fetching more history @@ -36,7 +36,7 @@ jobs: - name: fetch base run: git fetch --depth 1 origin ${{ github.base_ref }} - - uses: backstage/actions/changeset-feedback@b3c1841fd69e1658ac631afafd0fb140a2309024 # v0.6.17 + - uses: backstage/actions/changeset-feedback@2cd6978b476cbdc39fec48346f8b6ca13199dd6a # v0.7.8 name: Generate feedback with: diff-ref: 'origin/main' diff --git a/.github/workflows/automate_renovate_changeset.yml b/.github/workflows/automate_renovate_changeset.yml index 3f1d252b..1f416251 100644 --- a/.github/workflows/automate_renovate_changeset.yml +++ b/.github/workflows/automate_renovate_changeset.yml @@ -11,12 +11,12 @@ jobs: if: github.actor == 'backstage-goalie[bot]' && github.repository == 'backstage/community-plugins' steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 2 ref: ${{ github.head_ref }} @@ -28,6 +28,6 @@ jobs: git config --global user.name 'Github changeset workflow' - name: Generate feedback - uses: backstage/actions/renovate-changesets@b3c1841fd69e1658ac631afafd0fb140a2309024 # v0.6.17 + uses: backstage/actions/renovate-changesets@2cd6978b476cbdc39fec48346f8b6ca13199dd6a # v0.7.8 with: multiple-workspaces: true diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 77b99602..70c1cb31 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: workspaces: ${{ steps.find-changed-workspaces.outputs.workspaces }} steps: - name: Checkout base branch for diff purposes - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.base.ref }} @@ -25,7 +25,7 @@ jobs: COMMITS: ${{ github.event.pull_request.commits }} run: echo "NUMBER_OF_COMMITS=$(($COMMITS + 1))" >> $GITHUB_ENV - name: Checkout head branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: # Needed for diff fetch-depth: ${{ env.NUMBER_OF_COMMITS }} @@ -61,11 +61,11 @@ jobs: steps: - name: Checkout main branch for tests purposes - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: main - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.workflow_run.head_branch }} @@ -130,7 +130,7 @@ jobs: fail-fast: false steps: - name: Checkout head branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.workflow_run.head_branch }} - name: Setup node diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e18eb07b..37337ce5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,16 +41,16 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/init@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3.35.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/autobuild@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3.35.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/analyze@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3.35.5 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml index 37336fc3..045a695a 100644 --- a/.github/workflows/cron.yml +++ b/.github/workflows/cron.yml @@ -9,11 +9,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - - uses: backstage/actions/cron@b3c1841fd69e1658ac631afafd0fb140a2309024 # v0.6.17 + - uses: backstage/actions/cron@2cd6978b476cbdc39fec48346f8b6ca13199dd6a # v0.7.8 with: app-id: ${{ secrets.BACKSTAGE_GOALIE_APPLICATION_ID }} private-key: ${{ secrets.BACKSTAGE_GOALIE_PRIVATE_KEY }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 8072f5fd..4f076fe0 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -18,12 +18,12 @@ jobs: if: github.repository == 'alithya-oss/backstage-plugins' && ( github.event.pull_request || github.event.issue.pull_request ) steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: PR sync - uses: backstage/actions/pr-sync@b3c1841fd69e1658ac631afafd0fb140a2309024 # v0.6.17 + uses: backstage/actions/pr-sync@2cd6978b476cbdc39fec48346f8b6ca13199dd6a # v0.7.8 with: github-token: ${{ secrets.GITHUB_TOKEN }} app-id: ${{ secrets.BACKSTAGE_GOALIE_APPLICATION_ID }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 89417dd4..cc8c0e1d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: workspaces: ${{ steps.find-changed-workspaces.outputs.workspaces }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Node uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 diff --git a/.github/workflows/release_workspace.yml b/.github/workflows/release_workspace.yml index f76c0505..e9609395 100644 --- a/.github/workflows/release_workspace.yml +++ b/.github/workflows/release_workspace.yml @@ -49,12 +49,12 @@ jobs: needs_release: ${{ steps.release_check.outputs.needs_release }} steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ inputs.branch }} - name: Set up Node @@ -67,7 +67,7 @@ jobs: id: yarn-cache-dir-path run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} @@ -123,12 +123,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ inputs.branch }} - name: Set up Node @@ -145,7 +145,7 @@ jobs: id: yarn-cache-dir-path run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 75fe5e65..6cfc3bab 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: name: Renovate runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # This third party action allows you to download the cache artifact from different workflow runs # Note that actions/cache doesn't work well because the cache key would need to be computed from diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 184272c2..110c9855 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -34,12 +34,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -64,7 +64,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3 with: sarif_file: results.sarif diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 302b0a88..8d2ed7d4 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -40,19 +40,19 @@ jobs: name: ${{ matrix.workspace }} version:bump steps: - name: 'Checkout community-plugins' - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 1 # Beginning of yarn setup - name: use node.js 22.x - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 22.x registry-url: https://registry.npmjs.org/ # Needed for auth - name: cache all node_modules id: cache-modules - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: '**/node_modules' key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock', '**/package.json') }} @@ -61,7 +61,7 @@ jobs: if: steps.cache-modules.outputs.cache-hit != 'true' run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT - name: cache global yarn cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 if: steps.cache-modules.outputs.cache-hit != 'true' with: path: ${{ steps.yarn-cache.outputs.dir }} @@ -122,7 +122,7 @@ jobs: git push origin ${{ matrix.workspace }}/v${{ steps.set_release_name.outputs.release_version }} - name: 'Create Pull Request' if: ${{ steps.check_for_changes.outputs.HAS_CHANGES == 1 }} - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: github-token: ${{secrets.GH_SERVICE_ACCOUNT_TOKEN}} script: |