From 8260938a0e4fc2e9d26029943d822b174e158507 Mon Sep 17 00:00:00 2001 From: Andrew Anguiano Date: Tue, 25 Jun 2024 16:17:59 -0400 Subject: [PATCH 1/7] refactor: Pin actions/github-script to SHA --- .github/actions/add-commit-status/action.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/actions/add-commit-status/action.yml b/.github/actions/add-commit-status/action.yml index 0671b65038..34306fd430 100644 --- a/.github/actions/add-commit-status/action.yml +++ b/.github/actions/add-commit-status/action.yml @@ -11,7 +11,7 @@ runs: using: composite steps: - name: Add commit status - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 env: STATE: ${{ inputs.state }} STATUS_CONTEXT: ${{ inputs.statusContext }} @@ -36,4 +36,5 @@ runs: const result = await github.rest.repos.createCommitStatus(args); - console.log("Result:", result) \ No newline at end of file + console.log("Result:", result) + From 972a355c25a024269e808f738f2b8ee643eb2852 Mon Sep 17 00:00:00 2001 From: Andrew Anguiano Date: Tue, 25 Jun 2024 16:21:14 -0400 Subject: [PATCH 2/7] refactor: Pin actions/setup-node to SHA --- .github/actions/bootstrap/action.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/actions/bootstrap/action.yml b/.github/actions/bootstrap/action.yml index de2093e864..d17db0e791 100644 --- a/.github/actions/bootstrap/action.yml +++ b/.github/actions/bootstrap/action.yml @@ -2,9 +2,9 @@ name: Bootstrap Workflow description: Reusable action for setting up the repo runs: using: composite - steps: + steps: - name: Setup node - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 with: node-version: 16 @@ -24,4 +24,5 @@ runs: - name: Install dependencies shell: bash - run: cd utils && yarn install --frozen-lockfile \ No newline at end of file + run: cd utils && yarn install --frozen-lockfile + From d38d3e8a6aae508b7fc15c0a9616430184b78c43 Mon Sep 17 00:00:00 2001 From: Andrew Anguiano Date: Tue, 25 Jun 2024 16:29:13 -0400 Subject: [PATCH 3/7] refactor: Use repo vars to pin action SHAs --- .github/actions/add-commit-status/action.yml | 2 +- .github/actions/bootstrap/action.yml | 2 +- .github/workflows/pr-merged.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/add-commit-status/action.yml b/.github/actions/add-commit-status/action.yml index 34306fd430..94a630ffb7 100644 --- a/.github/actions/add-commit-status/action.yml +++ b/.github/actions/add-commit-status/action.yml @@ -11,7 +11,7 @@ runs: using: composite steps: - name: Add commit status - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 + uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} env: STATE: ${{ inputs.state }} STATUS_CONTEXT: ${{ inputs.statusContext }} diff --git a/.github/actions/bootstrap/action.yml b/.github/actions/bootstrap/action.yml index d17db0e791..7a891e27c5 100644 --- a/.github/actions/bootstrap/action.yml +++ b/.github/actions/bootstrap/action.yml @@ -4,7 +4,7 @@ runs: using: composite steps: - name: Setup node - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 + uses: actions/setup-node@${{ vars.ACTIONS_SETUP_NODE_SHA }} with: node-version: 16 diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml index 7cbd468a1a..931c458323 100644 --- a/.github/workflows/pr-merged.yml +++ b/.github/workflows/pr-merged.yml @@ -23,14 +23,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} ref: "release" fetch-depth: 0 - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Generate UUIDs for quickstarts id: generate-uuids From 40cde64014a5910cea4ec9fdad1c10f57db41590 Mon Sep 17 00:00:00 2001 From: Andrew Anguiano Date: Tue, 25 Jun 2024 16:32:15 -0400 Subject: [PATCH 4/7] refactor: Update pr-merged workflow to pin actions SHAs --- .github/workflows/pr-merged.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml index 931c458323..2dbb3216a0 100644 --- a/.github/workflows/pr-merged.yml +++ b/.github/workflows/pr-merged.yml @@ -39,7 +39,7 @@ jobs: - name: Temporarily disable branch protections id: disable-branch-protection if: always() - uses: actions/github-script@v6 + uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} with: github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} script: | @@ -73,7 +73,7 @@ jobs: - name: Re-enable branch protections id: enable-branch-protection if: always() - uses: actions/github-script@v6 + uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} with: github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} script: | From 55f58a2096dd11fa2b66721a272ccf1e56f08ee9 Mon Sep 17 00:00:00 2001 From: Andrew Anguiano Date: Tue, 25 Jun 2024 16:32:32 -0400 Subject: [PATCH 5/7] chore: Remove commented configs --- .github/workflows/pr-merged.yml | 54 --------------------------------- 1 file changed, 54 deletions(-) diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml index 2dbb3216a0..75904480be 100644 --- a/.github/workflows/pr-merged.yml +++ b/.github/workflows/pr-merged.yml @@ -111,57 +111,3 @@ jobs: } }) console.log("Result:", result) - - # get-pr-number: - # name: Get PR number - # runs-on: ubuntu-latest - # outputs: - # pr-number: ${{ steps.output_pr_number.outputs.pr-number }} - # steps: - # - name: Download artifact - # uses: dawidd6/action-download-artifact@v2 - # with: - # workflow: submit_gate.yml - # run_id: ${{ github.event.workflow_run.id }} - - # - name: Get PR number - # id: output_pr_number - # run: | - # export PR_NUMBER=$(cat artifact/pr_number_submit.txt) - # echo "pr-number=$PR_NUMBER" >> $GITHUB_OUTPUT - - # staging: - # needs: [generate-uuid, get-pr-number] - # uses: ./.github/workflows/reusable.quickstart_submission.yml - # with: - # pr-number: ${{ needs.get-pr-number.outputs.pr-number }} - # dry-run: false - # secrets: - # nr-api-url: ${{ secrets.NR_API_URL_STAGING }} - # nr-api-token: ${{ secrets.NR_API_TOKEN_STAGING }} - # github-token: ${{ secrets.GITHUB_TOKEN }} - # nr-license-key: ${{ secrets.NEW_RELIC_LICENSE_KEY }} - - # production: - # needs: [staging, get-pr-number] - # uses: ./.github/workflows/reusable.quickstart_submission.yml - # with: - # pr-number: ${{ needs.get-pr-number.outputs.pr-number }} - # dry-run: false - # secrets: - # nr-api-url: ${{ secrets.NR_API_URL }} - # nr-api-token: ${{ secrets.NR_API_TOKEN }} - # github-token: ${{ secrets.GITHUB_TOKEN }} - # nr-license-key: ${{ secrets.NEW_RELIC_LICENSE_KEY }} - - # eu-production: - # needs: [staging, get-pr-number] - # uses: ./.github/workflows/reusable.quickstart_submission.yml - # with: - # pr-number: ${{ needs.get-pr-number.outputs.pr-number }} - # dry-run: false - # secrets: - # nr-api-url: ${{ secrets.NR_API_URL_EU }} - # nr-api-token: ${{ secrets.NR_API_TOKEN_EU }} - # github-token: ${{ secrets.GITHUB_TOKEN }} - # nr-license-key: ${{ secrets.NEW_RELIC_LICENSE_KEY }} From f3f5f56b379cae8e4c8b183305b9657d0b2e12f9 Mon Sep 17 00:00:00 2001 From: Andrew Anguiano Date: Tue, 25 Jun 2024 16:53:43 -0400 Subject: [PATCH 6/7] refactor: Interpolate SHA variables for actions --- .github/workflows/pr-project-board.yml | 5 +- .github/workflows/preview-links.yml | 4 +- .github/workflows/release.yml | 12 ++-- .github/workflows/repolinter.yml | 6 +- .../reusable.quickstart_submission.yml | 20 +++--- .github/workflows/run_tests.yml | 4 +- .github/workflows/stale-message.yml | 2 +- .github/workflows/submit-gate.yml | 4 +- .github/workflows/validate_data_sources.yml | 11 ++-- .github/workflows/validate_install_plans.yml | 11 ++-- .github/workflows/validate_packs.yml | 63 +++++++++---------- .github/workflows/validation_gate.yml | 4 +- .github/workflows/yaml-lint.yml | 6 +- 13 files changed, 76 insertions(+), 76 deletions(-) diff --git a/.github/workflows/pr-project-board.yml b/.github/workflows/pr-project-board.yml index 7af3ec269e..eb368efb8b 100644 --- a/.github/workflows/pr-project-board.yml +++ b/.github/workflows/pr-project-board.yml @@ -4,8 +4,7 @@ on: pull_request_target: types: [opened] paths: - - 'quickstarts/**' - + - "quickstarts/**" env: GITHUB_TOKEN: ${{ secrets.OPENSOURCE_BOT_TOKEN }} @@ -15,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} - name: Move PR to Project Board for triage run: | diff --git a/.github/workflows/preview-links.yml b/.github/workflows/preview-links.yml index 2b40f9c103..37c0ff3cee 100644 --- a/.github/workflows/preview-links.yml +++ b/.github/workflows/preview-links.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Create preview links id: links diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3725559044..fce88846b8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,14 +15,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} ref: "main" fetch-depth: 0 - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Generate schema docs for GraphQl id: generate-schema @@ -43,7 +43,7 @@ jobs: - name: Temporarily disable branch protections id: disable-branch-protection if: always() - uses: actions/github-script@v6 + uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} with: github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} script: | @@ -65,7 +65,7 @@ jobs: - name: Re-enable branch protections id: enable-branch-protection if: always() - uses: actions/github-script@v6 + uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} with: github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} script: | @@ -110,12 +110,12 @@ jobs: # Checkout fetch-depth: 2 because there's a check to see if package.json # was updated, and need at least 2 commits for the check to function properly - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: fetch-depth: 2 - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Install OSS CLI working-directory: ./utils diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml index 36e3331909..877f2cb0a9 100644 --- a/.github/workflows/repolinter.yml +++ b/.github/workflows/repolinter.yml @@ -15,17 +15,17 @@ jobs: steps: - name: Test Default Branch id: default-branch - uses: actions/github-script@v6 + uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} with: script: | const data = await github.rest.repos.get(context.repo) return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0] - name: Checkout Self if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} - name: Run Repolinter if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: newrelic/repolinter-action@v1 + uses: newrelic/repolinter-action@${{ vars.ACTIONS_REPO_LINTER_ACTION_SHA }} with: config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-project.yml output_type: issue diff --git a/.github/workflows/reusable.quickstart_submission.yml b/.github/workflows/reusable.quickstart_submission.yml index 8fa871bdb8..af4c73b204 100644 --- a/.github/workflows/reusable.quickstart_submission.yml +++ b/.github/workflows/reusable.quickstart_submission.yml @@ -31,14 +31,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} # Ensure we have the most recent commit to `main` with: ref: "main" fetch-depth: 0 - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Update install plans env: @@ -55,14 +55,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} # Ensure we have the most recent commit to `main` with: ref: "main" fetch-depth: 0 - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Update data sources env: @@ -80,14 +80,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} # Ensure we have the most recent commit to `main` with: ref: "main" fetch-depth: 0 - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Update quickstarts env: @@ -105,14 +105,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} # Ensure we have the most recent commit to `main` with: ref: "main" fetch-depth: 0 - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Update dashboards with required datasources from quickstarts env: @@ -130,14 +130,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} # Ensure we have the most recent commit to `main` with: ref: "main" fetch-depth: 0 - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Update dashboards with required datasources from quickstarts env: diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 4b6433cd4e..2045dca1cd 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -14,10 +14,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Run tests run: cd utils && yarn test diff --git a/.github/workflows/stale-message.yml b/.github/workflows/stale-message.yml index 6f818a72d8..5b62dd6bc1 100644 --- a/.github/workflows/stale-message.yml +++ b/.github/workflows/stale-message.yml @@ -11,7 +11,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v7 + - uses: actions/stale@${{ vars.ACTIONS_STALE_SHA }} with: stale-issue-message: "Old issues will be closed after 105 days of inactivity. This issue has been quiet for 90 days and is being marked as stale. Reply here to keep this issue open." close-issue-message: "This issue is being closed due to inactivity. Is this a mistake? Please re-open this issue or create a new one." diff --git a/.github/workflows/submit-gate.yml b/.github/workflows/submit-gate.yml index d1b5045c54..9609ff659f 100644 --- a/.github/workflows/submit-gate.yml +++ b/.github/workflows/submit-gate.yml @@ -4,7 +4,7 @@ # Having it setup this way allows us to have manual approval for this workflow run, and then the subsequent triggered runs can access secrets in the repository for validation (even for forked PRs). name: Submit Gate -on: +on: pull_request: branches: - release @@ -21,6 +21,6 @@ jobs: run: echo "${{ github.event.pull_request.number }}" > pr_number_submit.txt - name: upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@${{ vars.ACTIONS_UPLOAD_ARTIFACT_SHA }} with: path: pr_number_submit.txt diff --git a/.github/workflows/validate_data_sources.yml b/.github/workflows/validate_data_sources.yml index ee712f9b63..562194068e 100644 --- a/.github/workflows/validate_data_sources.yml +++ b/.github/workflows/validate_data_sources.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -24,12 +24,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Validate new files id: validation @@ -50,7 +50,8 @@ jobs: - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Data source schema compliance" - state: ${{ job.status }} \ No newline at end of file + state: ${{ job.status }} + diff --git a/.github/workflows/validate_install_plans.yml b/.github/workflows/validate_install_plans.yml index 48b09da31c..24797bcee8 100644 --- a/.github/workflows/validate_install_plans.yml +++ b/.github/workflows/validate_install_plans.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -24,12 +24,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Validate new files id: validation @@ -49,7 +49,8 @@ jobs: cd utils && yarn create-validate-install-plans $URL $DRY_RUN - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Install plan schema compliance" - state: ${{ job.status }} \ No newline at end of file + state: ${{ job.status }} + diff --git a/.github/workflows/validate_packs.yml b/.github/workflows/validate_packs.yml index 64e5e50a80..acf238cce1 100644 --- a/.github/workflows/validate_packs.yml +++ b/.github/workflows/validate_packs.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -27,12 +27,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Check for unique names and ids id: validation @@ -40,7 +40,7 @@ jobs: - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Quickstart id are unique" state: ${{ job.status }} @@ -50,7 +50,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -62,21 +62,20 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Validate Images id: validation run: cd utils && yarn validate-images - - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Image count and extension compliance" state: ${{ job.status }} @@ -86,7 +85,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -98,12 +97,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Validate Icons id: validation @@ -111,7 +110,7 @@ jobs: - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Ensure icons exist" state: ${{ job.status }} @@ -121,7 +120,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -133,12 +132,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Validate pr quickstart files id: validation @@ -159,7 +158,7 @@ jobs: - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Validate Quickstart Schema" state: ${{ job.status }} @@ -169,7 +168,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -181,12 +180,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Validate new files id: validation @@ -199,7 +198,7 @@ jobs: - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Install plan ids exist" state: ${{ job.status }} @@ -209,7 +208,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -221,12 +220,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Validate new files id: validation @@ -241,7 +240,7 @@ jobs: - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Data source ids exist" state: ${{ job.status }} @@ -251,7 +250,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -263,12 +262,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Check for unique dashboard names id: validation @@ -276,7 +275,7 @@ jobs: - name: Add commit status if: always() - uses: './.github/actions/add-commit-status' + uses: "./.github/actions/add-commit-status" with: statusContext: "Validation / Quickstart dashboard name is unique" state: ${{ job.status }} @@ -285,7 +284,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -297,12 +296,12 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} with: ref: "refs/pull/${{ env.pr-number }}/merge" - name: Setup workspace - uses: './.github/actions/bootstrap' + uses: "./.github/actions/bootstrap" - name: Run dashboard helper id: helper diff --git a/.github/workflows/validation_gate.yml b/.github/workflows/validation_gate.yml index 503bdd3a5c..cefdbfaa97 100644 --- a/.github/workflows/validation_gate.yml +++ b/.github/workflows/validation_gate.yml @@ -4,7 +4,7 @@ # Having it setup this way allows us to have manual approval for this workflow run, and then the subsequent triggered runs can access secrets in the repository for validation (even for forked PRs). name: Validation Gate -on: +on: pull_request: jobs: @@ -18,6 +18,6 @@ jobs: run: echo "${{ github.event.pull_request.number }}" > pr_number.txt - name: upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@${{ vars.ACTIONS_UPLOAD_ARTIFACT_SHA }} with: path: pr_number.txt diff --git a/.github/workflows/yaml-lint.yml b/.github/workflows/yaml-lint.yml index ea05e10483..471dc3575c 100644 --- a/.github/workflows/yaml-lint.yml +++ b/.github/workflows/yaml-lint.yml @@ -3,8 +3,8 @@ name: Lint Yaml on: pull_request: paths: - - '**.yml' - - '**.yaml' + - "**.yml" + - "**.yaml" jobs: lint-yaml-files: @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} - name: Run yamllint run: | From c99a855e6f2d710c0a681333ef463ea07b943e5d Mon Sep 17 00:00:00 2001 From: Andrew Anguiano Date: Wed, 26 Jun 2024 10:11:16 -0400 Subject: [PATCH 7/7] refactor(actions): Remove variables from action versions Github doesn't support interpolating versions in `uses` blocks, so reverted back to just specifying SHAs directly. Bummer. --- .github/actions/add-commit-status/action.yml | 3 +- .github/actions/bootstrap/action.yml | 5 ++- .github/workflows/pr-merged.yml | 6 ++-- .github/workflows/pr-project-board.yml | 2 +- .github/workflows/preview-links.yml | 2 +- .github/workflows/release.yml | 8 ++--- .github/workflows/repolinter.yml | 6 ++-- .../reusable.quickstart_submission.yml | 10 +++--- .github/workflows/run_tests.yml | 2 +- .github/workflows/stale-message.yml | 2 +- .github/workflows/submit-gate.yml | 2 +- .github/workflows/validate_data_sources.yml | 5 ++- .github/workflows/validate_install_plans.yml | 5 ++- .github/workflows/validate_packs.yml | 32 +++++++++---------- .github/workflows/validation_gate.yml | 2 +- .github/workflows/yaml-lint.yml | 2 +- 16 files changed, 45 insertions(+), 49 deletions(-) diff --git a/.github/actions/add-commit-status/action.yml b/.github/actions/add-commit-status/action.yml index 94a630ffb7..daffe97ce7 100644 --- a/.github/actions/add-commit-status/action.yml +++ b/.github/actions/add-commit-status/action.yml @@ -11,7 +11,7 @@ runs: using: composite steps: - name: Add commit status - uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 env: STATE: ${{ inputs.state }} STATUS_CONTEXT: ${{ inputs.statusContext }} @@ -37,4 +37,3 @@ runs: const result = await github.rest.repos.createCommitStatus(args); console.log("Result:", result) - diff --git a/.github/actions/bootstrap/action.yml b/.github/actions/bootstrap/action.yml index 7a891e27c5..45f608240e 100644 --- a/.github/actions/bootstrap/action.yml +++ b/.github/actions/bootstrap/action.yml @@ -4,7 +4,7 @@ runs: using: composite steps: - name: Setup node - uses: actions/setup-node@${{ vars.ACTIONS_SETUP_NODE_SHA }} + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 with: node-version: 16 @@ -14,7 +14,7 @@ runs: working-directory: utils run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT - - uses: actions/cache@v3 + - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c id: yarn-cache with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} @@ -25,4 +25,3 @@ runs: - name: Install dependencies shell: bash run: cd utils && yarn install --frozen-lockfile - diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml index 75904480be..011adf6396 100644 --- a/.github/workflows/pr-merged.yml +++ b/.github/workflows/pr-merged.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} ref: "release" @@ -39,7 +39,7 @@ jobs: - name: Temporarily disable branch protections id: disable-branch-protection if: always() - uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 with: github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} script: | @@ -73,7 +73,7 @@ jobs: - name: Re-enable branch protections id: enable-branch-protection if: always() - uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 with: github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} script: | diff --git a/.github/workflows/pr-project-board.yml b/.github/workflows/pr-project-board.yml index eb368efb8b..6e6fc001e3 100644 --- a/.github/workflows/pr-project-board.yml +++ b/.github/workflows/pr-project-board.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - name: Move PR to Project Board for triage run: | diff --git a/.github/workflows/preview-links.yml b/.github/workflows/preview-links.yml index 37c0ff3cee..1e5a9407fc 100644 --- a/.github/workflows/preview-links.yml +++ b/.github/workflows/preview-links.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - name: Setup workspace uses: "./.github/actions/bootstrap" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fce88846b8..b32b921a0e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} ref: "main" @@ -43,7 +43,7 @@ jobs: - name: Temporarily disable branch protections id: disable-branch-protection if: always() - uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 with: github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} script: | @@ -65,7 +65,7 @@ jobs: - name: Re-enable branch protections id: enable-branch-protection if: always() - uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 with: github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }} script: | @@ -110,7 +110,7 @@ jobs: # Checkout fetch-depth: 2 because there's a check to see if package.json # was updated, and need at least 2 commits for the check to function properly - name: Checkout repo - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: fetch-depth: 2 diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml index 877f2cb0a9..fe5b5e0039 100644 --- a/.github/workflows/repolinter.yml +++ b/.github/workflows/repolinter.yml @@ -15,17 +15,17 @@ jobs: steps: - name: Test Default Branch id: default-branch - uses: actions/github-script@${{ vars.ACTIONS_GITHUB_SCRIPT_SHA }} + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 with: script: | const data = await github.rest.repos.get(context.repo) return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0] - name: Checkout Self if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - name: Run Repolinter if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: newrelic/repolinter-action@${{ vars.ACTIONS_REPO_LINTER_ACTION_SHA }} + uses: newrelic/repolinter-action@3f4448f855c351e9695b24524a4111c7847b84cb with: config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-project.yml output_type: issue diff --git a/.github/workflows/reusable.quickstart_submission.yml b/.github/workflows/reusable.quickstart_submission.yml index af4c73b204..6aaaff6cf0 100644 --- a/.github/workflows/reusable.quickstart_submission.yml +++ b/.github/workflows/reusable.quickstart_submission.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # Ensure we have the most recent commit to `main` with: ref: "main" @@ -55,7 +55,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # Ensure we have the most recent commit to `main` with: ref: "main" @@ -80,7 +80,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # Ensure we have the most recent commit to `main` with: ref: "main" @@ -105,7 +105,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # Ensure we have the most recent commit to `main` with: ref: "main" @@ -130,7 +130,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # Ensure we have the most recent commit to `main` with: ref: "main" diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 2045dca1cd..b0c4a83e66 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - name: Setup workspace uses: "./.github/actions/bootstrap" diff --git a/.github/workflows/stale-message.yml b/.github/workflows/stale-message.yml index 5b62dd6bc1..0171a761e8 100644 --- a/.github/workflows/stale-message.yml +++ b/.github/workflows/stale-message.yml @@ -11,7 +11,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@${{ vars.ACTIONS_STALE_SHA }} + - uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b with: stale-issue-message: "Old issues will be closed after 105 days of inactivity. This issue has been quiet for 90 days and is being marked as stale. Reply here to keep this issue open." close-issue-message: "This issue is being closed due to inactivity. Is this a mistake? Please re-open this issue or create a new one." diff --git a/.github/workflows/submit-gate.yml b/.github/workflows/submit-gate.yml index 9609ff659f..f5d7757511 100644 --- a/.github/workflows/submit-gate.yml +++ b/.github/workflows/submit-gate.yml @@ -21,6 +21,6 @@ jobs: run: echo "${{ github.event.pull_request.number }}" > pr_number_submit.txt - name: upload artifact - uses: actions/upload-artifact@${{ vars.ACTIONS_UPLOAD_ARTIFACT_SHA }} + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: path: pr_number_submit.txt diff --git a/.github/workflows/validate_data_sources.yml b/.github/workflows/validate_data_sources.yml index 562194068e..9f39d62947 100644 --- a/.github/workflows/validate_data_sources.yml +++ b/.github/workflows/validate_data_sources.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -24,7 +24,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -54,4 +54,3 @@ jobs: with: statusContext: "Validation / Data source schema compliance" state: ${{ job.status }} - diff --git a/.github/workflows/validate_install_plans.yml b/.github/workflows/validate_install_plans.yml index 24797bcee8..3c8dc5e091 100644 --- a/.github/workflows/validate_install_plans.yml +++ b/.github/workflows/validate_install_plans.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -24,7 +24,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -53,4 +53,3 @@ jobs: with: statusContext: "Validation / Install plan schema compliance" state: ${{ job.status }} - diff --git a/.github/workflows/validate_packs.yml b/.github/workflows/validate_packs.yml index acf238cce1..b80f9f71ef 100644 --- a/.github/workflows/validate_packs.yml +++ b/.github/workflows/validate_packs.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -27,7 +27,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -50,7 +50,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -62,7 +62,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -85,7 +85,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -97,7 +97,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -120,7 +120,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -132,7 +132,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -168,7 +168,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -180,7 +180,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -208,7 +208,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -220,7 +220,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -250,7 +250,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -262,7 +262,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" @@ -284,7 +284,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: dawidd6/action-download-artifact@${{ vars.DAWIDD6_ACTION_DOWNLOAD_ARTIFACT_SHA }} + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow: validation_gate.yml run_id: ${{ github.event.workflow_run.id }} @@ -296,7 +296,7 @@ jobs: echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: "refs/pull/${{ env.pr-number }}/merge" diff --git a/.github/workflows/validation_gate.yml b/.github/workflows/validation_gate.yml index cefdbfaa97..a06b325d9a 100644 --- a/.github/workflows/validation_gate.yml +++ b/.github/workflows/validation_gate.yml @@ -18,6 +18,6 @@ jobs: run: echo "${{ github.event.pull_request.number }}" > pr_number.txt - name: upload artifact - uses: actions/upload-artifact@${{ vars.ACTIONS_UPLOAD_ARTIFACT_SHA }} + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: path: pr_number.txt diff --git a/.github/workflows/yaml-lint.yml b/.github/workflows/yaml-lint.yml index 471dc3575c..9f49d59877 100644 --- a/.github/workflows/yaml-lint.yml +++ b/.github/workflows/yaml-lint.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@${{ vars.ACTIONS_CHECKOUT_SHA }} + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - name: Run yamllint run: |