diff --git a/.github/workflows/bench-all-runtimes.yml b/.github/workflows/bench-all-runtimes.yml index fa36a6c249776..61f589274c656 100644 --- a/.github/workflows/bench-all-runtimes.yml +++ b/.github/workflows/bench-all-runtimes.yml @@ -133,7 +133,7 @@ jobs: path: patches # needs to be able to trigger CI - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@v2 id: generate_token with: app-id: ${{ secrets.CMD_BOT_APP_ID }} diff --git a/.github/workflows/benchmarks-networking.yml b/.github/workflows/benchmarks-networking.yml index 8f4246c795481..b8cefc2ff9d2a 100644 --- a/.github/workflows/benchmarks-networking.yml +++ b/.github/workflows/benchmarks-networking.yml @@ -80,7 +80,7 @@ jobs: git config --global --add safe.directory '*' ls -lsR ./charts - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@v2 id: app-token with: app-id: ${{ secrets.POLKADOTSDK_GHPAGES_APP_ID }} diff --git a/.github/workflows/benchmarks-subsystem.yml b/.github/workflows/benchmarks-subsystem.yml index 82aff7e694f9b..9026865409a23 100644 --- a/.github/workflows/benchmarks-subsystem.yml +++ b/.github/workflows/benchmarks-subsystem.yml @@ -96,7 +96,7 @@ jobs: git config --global --add safe.directory '*' ls -lsR ./charts - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@v2 id: app-token with: app-id: ${{ secrets.POLKADOTSDK_GHPAGES_APP_ID }} diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index d70fd699c0504..15a10c01ca8a8 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -36,7 +36,7 @@ jobs: - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.0 (22. Sep 2023) - name: Lychee link checker - uses: lycheeverse/lychee-action@f613c4a64e50d792e0b31ec34bbcbba12263c6a6 # for v1.9.1 (10. Jan 2024) + uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # for v1.9.1 (10. Jan 2024) with: args: >- --config .config/lychee.toml diff --git a/.github/workflows/check-semver.yml b/.github/workflows/check-semver.yml index 1e6d2f07a7c90..a52fc30535c34 100644 --- a/.github/workflows/check-semver.yml +++ b/.github/workflows/check-semver.yml @@ -71,7 +71,7 @@ jobs: - name: Rust Cache if: ${{ !contains(github.event.pull_request.labels.*.name, 'R0-silent') }} - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 + uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: cache-on-failure: true diff --git a/.github/workflows/checks-quick.yml b/.github/workflows/checks-quick.yml index 2ae87a5399144..eb3f8746d7830 100644 --- a/.github/workflows/checks-quick.yml +++ b/.github/workflows/checks-quick.yml @@ -220,7 +220,7 @@ jobs: echo "RUST_VERSION=${RUST_VERSION}" >> $GITHUB_ENV - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 + uses: actions-rust-lang/setup-rust-toolchain@9d7e65c320fdb52dcd45ffaa68deb6c02c8754d9 # v1.12.0 with: cache: false toolchain: ${{ env.RUST_VERSION }} diff --git a/.github/workflows/cmd-run.yml b/.github/workflows/cmd-run.yml index b5da4a4a9190f..5ce9eac5b4489 100644 --- a/.github/workflows/cmd-run.yml +++ b/.github/workflows/cmd-run.yml @@ -275,7 +275,7 @@ jobs: runs-on: ubuntu-latest steps: # needs to be able to trigger CI, as default token does not retrigger - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@v2 id: generate_token with: app-id: ${{ secrets.CMD_BOT_APP_ID }} diff --git a/.github/workflows/cmd.yml b/.github/workflows/cmd.yml index 7c7d20a424e5f..c9608ac950bca 100644 --- a/.github/workflows/cmd.yml +++ b/.github/workflows/cmd.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.CMD_BOT_APP_ID }} private-key: ${{ secrets.CMD_BOT_APP_KEY }} diff --git a/.github/workflows/command-backport.yml b/.github/workflows/command-backport.yml index 6fd42b11d9981..4df81512b70e7 100644 --- a/.github/workflows/command-backport.yml +++ b/.github/workflows/command-backport.yml @@ -54,7 +54,7 @@ jobs: - name: Generate token id: generate_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.RELEASE_BACKPORT_AUTOMATION_APP_ID }} private-key: ${{ secrets.RELEASE_BACKPORT_AUTOMATION_APP_PRIVATE_KEY }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 24fb284780be8..2fd01bf83a421 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -122,7 +122,7 @@ jobs: - uses: actions/checkout@v4 with: ref: gh-pages - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@v2 id: app-token with: app-id: ${{ secrets.POLKADOTSDK_GHPAGES_APP_ID }} diff --git a/.github/workflows/misc-sync-templates.yml b/.github/workflows/misc-sync-templates.yml index 7989c41192def..bf4d689288aca 100644 --- a/.github/workflows/misc-sync-templates.yml +++ b/.github/workflows/misc-sync-templates.yml @@ -119,7 +119,7 @@ jobs: if: matrix.template != 'solochain' - name: Generate a token for the template repository id: app_token - uses: actions/create-github-app-token@v1.9.3 + uses: actions/create-github-app-token@v2 with: owner: "paritytech" repositories: "polkadot-sdk-${{ matrix.template }}-template" diff --git a/.github/workflows/publish-check-compile.yml b/.github/workflows/publish-check-compile.yml index 2c2b3f4a3d31f..6b7a8120657af 100644 --- a/.github/workflows/publish-check-compile.yml +++ b/.github/workflows/publish-check-compile.yml @@ -32,7 +32,7 @@ jobs: - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - name: Rust Cache - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 + uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: cache-on-failure: true diff --git a/.github/workflows/publish-check-crates.yml b/.github/workflows/publish-check-crates.yml index ac204b97dbdfe..e745a616def3c 100644 --- a/.github/workflows/publish-check-crates.yml +++ b/.github/workflows/publish-check-crates.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - name: Rust Cache - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 + uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: cache-on-failure: true diff --git a/.github/workflows/publish-claim-crates.yml b/.github/workflows/publish-claim-crates.yml index 804baf9ff06cf..843ba8082acda 100644 --- a/.github/workflows/publish-claim-crates.yml +++ b/.github/workflows/publish-claim-crates.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - name: Rust Cache - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 + uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: cache-on-failure: true diff --git a/.github/workflows/release-30_publish_release_draft.yml b/.github/workflows/release-30_publish_release_draft.yml index 0759a804cf8cc..8c8e228301592 100644 --- a/.github/workflows/release-30_publish_release_draft.yml +++ b/.github/workflows/release-30_publish_release_draft.yml @@ -113,7 +113,7 @@ jobs: - name: Generate content write token for the release automation id: generate_write_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }} private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }} @@ -155,7 +155,7 @@ jobs: - name: Generate content write token for the release automation id: generate_write_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }} private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }} @@ -207,7 +207,7 @@ jobs: - name: Generate content write token for the release automation id: generate_write_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }} private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }} diff --git a/.github/workflows/release-reusable-promote-to-final.yml b/.github/workflows/release-reusable-promote-to-final.yml index a3e9d9969903a..c323ec4850872 100644 --- a/.github/workflows/release-reusable-promote-to-final.yml +++ b/.github/workflows/release-reusable-promote-to-final.yml @@ -69,7 +69,7 @@ jobs: fi - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index f40568c2e7771..1de2053013841 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -104,7 +104,7 @@ jobs: ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} - name: Generate artifact attestation - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 with: subject-path: /artifacts/${{ matrix.binaries }}/${{ matrix.binaries }} @@ -173,7 +173,7 @@ jobs: run: echo "/opt/homebrew/bin" >> $GITHUB_PATH - name: Install rust ${{ env.RUST_VERSION }} - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 + uses: actions-rust-lang/setup-rust-toolchain@9d7e65c320fdb52dcd45ffaa68deb6c02c8754d9 # v1.12.0 with: cache: false toolchain: ${{ env.RUST_VERSION }} @@ -219,7 +219,7 @@ jobs: ./.github/scripts/release/build-macos-release.sh ${{ matrix.binaries }} ${{ inputs.package }} - name: Generate artifact attestation - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 with: subject-path: ${{ env.ARTIFACTS_PATH }}/${{ matrix.binaries }} @@ -292,7 +292,7 @@ jobs: . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} ${VERSION} - name: Generate artifact attestation - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 with: subject-path: target/production/*.deb diff --git a/.github/workflows/release-reusable-s3-upload.yml b/.github/workflows/release-reusable-s3-upload.yml index 37d0dd489bcba..b4c7b5d77bb53 100644 --- a/.github/workflows/release-reusable-s3-upload.yml +++ b/.github/workflows/release-reusable-s3-upload.yml @@ -46,7 +46,7 @@ jobs: path: release-artifacts/${{ inputs.target }}/${{ inputs.package }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/release-srtool.yml b/.github/workflows/release-srtool.yml index 0b38c51ed5a4a..fac6f300ae71c 100644 --- a/.github/workflows/release-srtool.yml +++ b/.github/workflows/release-srtool.yml @@ -87,7 +87,7 @@ jobs: echo "Compressed Runtime: ${{ steps.srtool_build.outputs.wasm_compressed }}" - name: Generate artifact attestation - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 with: subject-path: ${{ steps.srtool_build.outputs.wasm }} diff --git a/.github/workflows/review-bot.yml b/.github/workflows/review-bot.yml index 27c6162a0fc20..040a7e8d5c402 100644 --- a/.github/workflows/review-bot.yml +++ b/.github/workflows/review-bot.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Generate token id: app_token - uses: actions/create-github-app-token@v1.9.3 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.REVIEW_APP_ID }} private-key: ${{ secrets.REVIEW_APP_KEY }} @@ -29,7 +29,7 @@ jobs: with: artifact-name: pr_number - name: "Evaluates PR reviews and assigns reviewers" - uses: paritytech/review-bot@v2.7.0 + uses: paritytech/review-bot@v2.7.1 with: repo-token: ${{ steps.app_token.outputs.token }} team-token: ${{ steps.app_token.outputs.token }} diff --git a/.github/workflows/tests-misc.yml b/.github/workflows/tests-misc.yml index 757d88ff69cfb..88cc25b5d3c48 100644 --- a/.github/workflows/tests-misc.yml +++ b/.github/workflows/tests-misc.yml @@ -359,7 +359,7 @@ jobs: - name: Set up Homebrew uses: Homebrew/actions/setup-homebrew@1ccc07ccd54b6048295516a3eb89b192c35057dc # master from 12.09.2024 - name: Install rust ${{ env.RUST_VERSION }} - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 + uses: actions-rust-lang/setup-rust-toolchain@9d7e65c320fdb52dcd45ffaa68deb6c02c8754d9 # v1.12.0 with: cache: false toolchain: ${{ env.RUST_VERSION }}