From 477904c0717630bc17e5ec27d337cdef4e2a2111 Mon Sep 17 00:00:00 2001 From: Florian Stosse Date: Tue, 2 Dec 2025 19:05:27 +0100 Subject: [PATCH 1/6] Update Node.js and Actions versions for Test workflow --- .github/workflows/test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 760c4ca838..5403f34cd3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,12 +15,12 @@ jobs: strategy: matrix: - node-version: ['18'] + node-version: ['20', '22', '24'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ matrix.node-version }} - run: npm clean-install From a686bca697657f4d37e990cc27c3c3b29fc292f2 Mon Sep 17 00:00:00 2001 From: Florian Stosse Date: Tue, 2 Dec 2025 19:12:08 +0100 Subject: [PATCH 2/6] Update GitHub Actions versions and use pinning --- .github/workflows/build-preview.yml | 10 +++++----- .github/workflows/deploy-preview.yml | 12 ++++++------ .github/workflows/deploy.yml | 6 +++--- .github/workflows/lint.yml | 8 ++++---- .github/workflows/release-drafter.yml | 2 +- .github/workflows/staging.yml | 6 +++--- 6 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-preview.yml b/.github/workflows/build-preview.yml index a634e964da..ebf95ef6c2 100644 --- a/.github/workflows/build-preview.yml +++ b/.github/workflows/build-preview.yml @@ -12,13 +12,13 @@ jobs: build-preview: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version-file: '.nvmrc' - run: npm clean-install - run: npm run dist - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: openstreetmap/iD path: './iD' @@ -33,7 +33,7 @@ jobs: env: ID_PRESETS_CDN_URL: '../../' - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: preview path: | @@ -43,7 +43,7 @@ jobs: - name: Store pull request number for later use run: | echo ${{github.event.number}} > ./pr_number - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: pr path: ./pr_number diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml index 018df45a90..65de4a1807 100644 --- a/.github/workflows/deploy-preview.yml +++ b/.github/workflows/deploy-preview.yml @@ -12,14 +12,14 @@ jobs: runs-on: ubuntu-latest if: ${{github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'}} steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: '18' - run: npm clean-install - name: Get pull request number - uses: actions/github-script@v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 id: pull-request-number with: result-encoding: string @@ -46,7 +46,7 @@ jobs: const file = directory.files.find(d => d.path === 'pr_number'); const content = await file.buffer(); return content.toString(); - - uses: dawidd6/action-download-artifact@v8 + - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 with: github_token: ${{secrets.GITHUB_TOKEN}} workflow: build-preview.yml @@ -61,7 +61,7 @@ jobs: run: ./node_modules/.bin/netlify deploy --no-build --dir=. --alias=pr-${{steps.pull-request-number.outputs.result}} - name: Add comment to pull request - uses: actions/github-script@v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const pullRequestNumber = parseInt(${{steps.pull-request-number.outputs.result}}, 10); @@ -87,7 +87,7 @@ jobs: } - name: Clean up artifact - uses: actions/github-script@v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: result-encoding: string script: | diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 1c790e4d9f..c37d337986 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -15,12 +15,12 @@ jobs: if: github.repository == 'openstreetmap/id-tagging-schema' steps: - name: Checkout - uses: actions/checkout@v4 # If you're using actions/checkout@v3 you must set persist-credentials to false in most cases for the deployment to work correctly. + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # If you're using actions/checkout@v3 you must set persist-credentials to false in most cases for the deployment to work correctly. with: persist-credentials: false - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version-file: '.nvmrc' @@ -31,7 +31,7 @@ jobs: run: npm run build - name: Deploy 🚀 - uses: JamesIves/github-pages-deploy-action@v4 + uses: JamesIves/github-pages-deploy-action@4a3abc783e1a24aeb44c16e869ad83caf6b4cc23 # v4.7.4 with: branch: interim # The branch the action should deploy to. folder: interim # The folder the action should deploy. diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8c99efac72..d1843e70df 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -5,7 +5,7 @@ jobs: name: Check file endings runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - run: | disallowedFiles=`find data/ -type f -not -iname "*.json" -not -iname "*.md"` for f in $disallowedFiles @@ -18,8 +18,8 @@ jobs: name: Check for code formatting mistakes runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version-file: '.nvmrc' - run: npm clean-install @@ -29,7 +29,7 @@ jobs: name: Check for spelling errors runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: codespell-project/actions-codespell@v2 with: check_filenames: true diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 87cdded4c1..29e7eda1e9 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -14,7 +14,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: release-drafter/release-drafter@v6 + - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0 with: disable-autolabeler: true env: diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 01fe875d33..eff8346ec3 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -13,8 +13,8 @@ jobs: runs-on: ubuntu-latest environment: staging steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version-file: '.nvmrc' # install and build development version of id-tagging-schema @@ -25,7 +25,7 @@ jobs: if: env.transifex_password != null - run: npm run dist # install and build development version of iD using freshest version of presets and ELI - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: openstreetmap/id path: './iD' From f9f3224042b673752e69ef59cdc09b3f009013ee Mon Sep 17 00:00:00 2001 From: Florian Stosse Date: Tue, 2 Dec 2025 19:12:19 +0100 Subject: [PATCH 3/6] Add Dependabot config for Actions --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d0faeb1f7a..b9c5b50348 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,3 +10,7 @@ updates: schedule: interval: "daily" versioning-strategy: increase-if-necessary + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" From 707d79cf80715e3d6676c80a5e4c41661bf75c64 Mon Sep 17 00:00:00 2001 From: Martin Raifer Date: Tue, 9 Dec 2025 12:37:54 +0100 Subject: [PATCH 4/6] simplify checkout step, remove redundant comments --- .github/workflows/deploy.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c37d337986..7ecb3b23be 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -15,9 +15,7 @@ jobs: if: github.repository == 'openstreetmap/id-tagging-schema' steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # If you're using actions/checkout@v3 you must set persist-credentials to false in most cases for the deployment to work correctly. - with: - persist-credentials: false + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Node.js uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 @@ -33,5 +31,5 @@ jobs: - name: Deploy 🚀 uses: JamesIves/github-pages-deploy-action@4a3abc783e1a24aeb44c16e869ad83caf6b4cc23 # v4.7.4 with: - branch: interim # The branch the action should deploy to. - folder: interim # The folder the action should deploy. + branch: interim + folder: interim From c85acbb8247077637449ec6086ec852bab0d89db Mon Sep 17 00:00:00 2001 From: Martin Raifer Date: Tue, 9 Dec 2025 12:40:08 +0100 Subject: [PATCH 5/6] use .nvmrc file for deploy-preview step --- .github/workflows/deploy-preview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml index 65de4a1807..dedf728cba 100644 --- a/.github/workflows/deploy-preview.yml +++ b/.github/workflows/deploy-preview.yml @@ -15,7 +15,7 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: '18' + node-version-file: '.nvmrc' - run: npm clean-install - name: Get pull request number From 10f8c46f554963b5ea0c78998b2c4f9e5035fd9f Mon Sep 17 00:00:00 2001 From: Martin Raifer Date: Tue, 9 Dec 2025 12:57:35 +0100 Subject: [PATCH 6/6] it's not necessary to test this repo with multiple nodejs versions see https://github.com/openstreetmap/id-tagging-schema/pull/1843/files#r2602193983 --- .github/workflows/test.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5403f34cd3..fcad42f877 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,15 +13,11 @@ jobs: test: runs-on: ubuntu-latest - strategy: - matrix: - node-version: ['20', '22', '24'] - steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: ${{ matrix.node-version }} + node-version-file: '.nvmrc' - run: npm clean-install - run: npm run test