Release 20240627 2

.github/actions/add-commit-status/action.yml

@@ -11,7 +11,7 @@ runs:
   using: composite
   steps:
     - name: Add commit status
-      uses: actions/github-script@v6
+      uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
       env:
         STATE: ${{ inputs.state }}
         STATUS_CONTEXT: ${{ inputs.statusContext }}
@@ -36,4 +36,4 @@ runs:
 
           const result = await github.rest.repos.createCommitStatus(args);
 
-          console.log("Result:", result)
+          console.log("Result:", result)

.github/actions/bootstrap/action.yml

@@ -2,9 +2,9 @@ name: Bootstrap Workflow
 description: Reusable action for setting up the repo
 runs:
   using: composite
-  steps: 
+  steps:
     - name: Setup node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7
       with:
         node-version: 16
 
@@ -14,7 +14,7 @@ runs:
       working-directory: utils
       run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c
       id: yarn-cache
       with:
         path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -24,4 +24,4 @@ runs:
 
     - name: Install dependencies
       shell: bash
-      run: cd utils && yarn install --frozen-lockfile
+      run: cd utils && yarn install --frozen-lockfile

.github/workflows/pr-merged.yml

@@ -23,37 +23,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         with:
           token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
           ref: "release"
           fetch-depth: 0
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Generate UUIDs for quickstarts
         id: generate-uuids
         run: cd utils && yarn generate-uuids
 
-      - name: Temporarily disable branch protections
-        id: disable-branch-protection
-        if: always()
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
-          script: |
-            const result = await github.rest.repos.updateBranchProtection({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              branch: 'release',
-              required_status_checks: null,
-              restrictions: null,
-              enforce_admins: null,
-              required_pull_request_reviews: null
-            })
-            console.log("Result:", result)
-
       - name: Commit changes
         id: commit-changes
         run: |
@@ -69,99 +51,3 @@ jobs:
       - name: Push Commit
         if: env.commit == 'true'
         run: git push origin HEAD
-
-      - name: Re-enable branch protections
-        id: enable-branch-protection
-        if: always()
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
-          script: |
-            const result = await github.rest.repos.updateBranchProtection({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              branch: 'release',
-              required_status_checks: {
-                strict: true,
-                contexts: [
-                    'Validation / Image count and extension compliance',
-                    'Validation / Ensure icons exist',
-                    'Validation / Install plan ids exist',
-                    'Validation / Data source ids exist',
-                    'Validation / Install plan schema compliance',
-                    'Validation / Data source schema compliance',
-                    'Validation / Quickstart id are unique',
-                    'Validation / Validate Quickstart Schema',
-                    'Validation / Quickstart dashboard name is unique'
-                ]
-              },
-              restrictions: {
-                "users":[],
-                "teams":[],
-                "apps":[]
-              },
-              enforce_admins: true,
-              required_pull_request_reviews: {
-                dismiss_stale_reviews: true,
-                required_approving_review_count: 1,
-                dismissal_restrictions: {
-                  users: [],
-                  teams: []
-                }
-              }
-            })
-            console.log("Result:", result)
-
-  # get-pr-number:
-  #   name: Get PR number
-  #   runs-on: ubuntu-latest
-  #   outputs:
-  #     pr-number: ${{ steps.output_pr_number.outputs.pr-number }}
-  #   steps:
-  #     - name: Download artifact
-  #       uses: dawidd6/action-download-artifact@v2
-  #       with:
-  #         workflow: submit_gate.yml
-  #         run_id: ${{ github.event.workflow_run.id }}
-
-  #     - name: Get PR number
-  #       id: output_pr_number
-  #       run: |
-  #         export PR_NUMBER=$(cat artifact/pr_number_submit.txt)
-  #         echo "pr-number=$PR_NUMBER" >> $GITHUB_OUTPUT
-
-  # staging:
-  #   needs: [generate-uuid, get-pr-number]
-  #   uses: ./.github/workflows/reusable.quickstart_submission.yml
-  #   with:
-  #     pr-number: ${{ needs.get-pr-number.outputs.pr-number }}
-  #     dry-run: false
-  #   secrets:
-  #     nr-api-url: ${{ secrets.NR_API_URL_STAGING }}
-  #     nr-api-token: ${{ secrets.NR_API_TOKEN_STAGING }}
-  #     github-token: ${{ secrets.GITHUB_TOKEN }}
-  #     nr-license-key: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
-
-  # production:
-  #   needs: [staging, get-pr-number]
-  #   uses: ./.github/workflows/reusable.quickstart_submission.yml
-  #   with:
-  #     pr-number: ${{ needs.get-pr-number.outputs.pr-number }}
-  #     dry-run: false
-  #   secrets:
-  #     nr-api-url: ${{ secrets.NR_API_URL }}
-  #     nr-api-token: ${{ secrets.NR_API_TOKEN }}
-  #     github-token: ${{ secrets.GITHUB_TOKEN }}
-  #     nr-license-key: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
-
-  # eu-production:
-  #   needs: [staging, get-pr-number]
-  #   uses: ./.github/workflows/reusable.quickstart_submission.yml
-  #   with:
-  #     pr-number: ${{ needs.get-pr-number.outputs.pr-number }}
-  #     dry-run: false
-  #   secrets:
-  #     nr-api-url: ${{ secrets.NR_API_URL_EU }}
-  #     nr-api-token: ${{ secrets.NR_API_TOKEN_EU }}
-  #     github-token: ${{ secrets.GITHUB_TOKEN }}
-  #     nr-license-key: ${{ secrets.NEW_RELIC_LICENSE_KEY }}

.github/workflows/pr-project-board.yml

@@ -4,8 +4,7 @@ on:
   pull_request_target:
     types: [opened]
     paths:
-      - 'quickstarts/**'
-
+      - "quickstarts/**"
 
 env:
   GITHUB_TOKEN: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
@@ -15,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
 
       - name: Move PR to Project Board for triage
         run: |

.github/workflows/preview-links.yml

@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Create preview links
         id: links

.github/workflows/release.yml

@@ -10,112 +10,18 @@ env:
   THIRD_PARTY_GIT_AUTHOR_NAME: nr-opensource-bot
 
 jobs:
-  generate-schema-docs:
-    name: Generate GraphQL schema documentation
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
-          ref: "main"
-          fetch-depth: 0
-
-      - name: Setup workspace
-        uses: './.github/actions/bootstrap'
-
-      - name: Generate schema docs for GraphQl
-        id: generate-schema
-        env:
-          NR_API_URL: ${{ secrets.NR_API_URL }}
-          NR_API_TOKEN: ${{ secrets.NR_API_TOKEN }}
-        run: cd utils && yarn generate-schema-docs
-
-      - name: Commit changes
-        id: commit-changes
-        run: |
-          git config --local user.email "${{ env.THIRD_PARTY_GIT_AUTHOR_EMAIL }}"
-          git config --local user.name "${{ env.THIRD_PARTY_GIT_AUTHOR_NAME }}"
-          git add ./docs/*
-          git diff-index --quiet HEAD ./docs/* || git commit -m 'chore: generate schema documentation [skip ci]'
-          echo "commit=true" >> $GITHUB_ENV
-
-      - name: Temporarily disable branch protections
-        id: disable-branch-protection
-        if: always()
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
-          script: |
-            const result = await github.rest.repos.updateBranchProtection({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              branch: 'main',
-              required_status_checks: null,
-              restrictions: null,
-              enforce_admins: null,
-              required_pull_request_reviews: null
-            })
-            console.log("Result:", result)
-
-      - name: Push Commit
-        if: env.commit == 'true'
-        run: git push origin HEAD
-
-      - name: Re-enable branch protections
-        id: enable-branch-protection
-        if: always()
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
-          script: |
-            const result = await github.rest.repos.updateBranchProtection({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              branch: 'main',
-              required_status_checks: {
-                strict: true,
-                contexts: [
-                    'Validation / Image count and extension compliance',
-                    'Validation / Ensure icons exist',
-                    'Validation / Install plan ids exist',
-                    'Validation / Data source ids exist',
-                    'Validation / Install plan schema compliance',
-                    'Validation / Data source schema compliance',
-                    'Validation / Quickstart id are unique',
-                    'Validation / Validate Quickstart Schema',
-                    'Validation / Quickstart dashboard name is unique'
-                ]
-              },
-              restrictions: {
-                "users":[],
-                "teams":[],
-                "apps":[]
-              },
-              enforce_admins: true,
-              required_pull_request_reviews: {
-                dismiss_stale_reviews: true,
-                required_approving_review_count: 1,
-                dismissal_restrictions: {
-                  users: [],
-                  teams: []
-                }
-              }
-            })
-            console.log("Result:", result)
-
   generate-third-party-notices:
     runs-on: ubuntu-latest
     steps:
       # Checkout fetch-depth: 2 because there's a check to see if package.json
       # was updated, and need at least 2 commits for the check to function properly
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         with:
           fetch-depth: 2
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Install OSS CLI
         working-directory: ./utils

.github/workflows/repolinter.yml

@@ -15,17 +15,17 @@ jobs:
     steps:
       - name: Test Default Branch
         id: default-branch
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
         with:
           script: |
             const data = await github.rest.repos.get(context.repo)
             return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0]
       - name: Checkout Self
         if: ${{ steps.default-branch.outputs.result == 'true' }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
       - name: Run Repolinter
         if: ${{ steps.default-branch.outputs.result == 'true' }}
-        uses: newrelic/repolinter-action@v1
+        uses: newrelic/repolinter-action@3f4448f855c351e9695b24524a4111c7847b84cb
         with:
           config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-project.yml
           output_type: issue