diff --git a/.github/workflows/cron-weekly.yml b/.github/workflows/cron-weekly.yml index 26269d89f3ba..d1b80e73b95c 100644 --- a/.github/workflows/cron-weekly.yml +++ b/.github/workflows/cron-weekly.yml @@ -12,8 +12,8 @@ jobs: if: github.repository_owner == 'storybookjs' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: gaurav-nelson/github-action-markdown-link-check@v1 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 # checks all markdown files from important folders including all subfolders with: # only show errors that occur instead of successful links + errors @@ -25,4 +25,7 @@ jobs: - name: Send Discord Notification if: failure() # Only run this step if previous steps failed run: | - curl -H "Content-Type: application/json" -X POST -d '{"content":"The Markdown Links Check workflow has failed in the repository: [storybook]"}' ${{ secrets.DISCORD_MONITORING_URL }} + curl -H "Content-Type: application/json" -X POST -d '{"content":"The Markdown Links Check workflow has failed in the repository: [storybook]"}' "${DISCORD_MONITORING_URL}" + + env: + DISCORD_MONITORING_URL: ${{ secrets.DISCORD_MONITORING_URL }} \ No newline at end of file diff --git a/.github/workflows/generate-sandboxes.yml b/.github/workflows/generate-sandboxes.yml index f2039c66a1ee..1a8388a4042e 100644 --- a/.github/workflows/generate-sandboxes.yml +++ b/.github/workflows/generate-sandboxes.yml @@ -81,7 +81,9 @@ jobs: - name: Publish # publish sandboxes even if the generation fails, as some sandboxes might have been generated successfully if: ${{ !cancelled() }} - run: yarn publish-sandboxes --remote=https://storybook-bot:${{ secrets.PAT_STORYBOOK_BOT }}@github.com/storybookjs/sandboxes.git --push --branch=next + run: yarn publish-sandboxes --remote="https://storybook-bot:${PAT_STORYBOOK_BOT}@github.com/storybookjs/sandboxes.git" --push --branch=next + env: + PAT_STORYBOOK_BOT: ${{ secrets.PAT_STORYBOOK_BOT }} - name: Report failure to Discord if: failure() @@ -150,7 +152,9 @@ jobs: - name: Publish # publish sandboxes even if the generation fails, as some sandboxes might have been generated successfully if: ${{ !cancelled() }} - run: yarn publish-sandboxes --remote=https://storybook-bot:${{ secrets.PAT_STORYBOOK_BOT }}@github.com/storybookjs/sandboxes.git --push --branch=main + run: yarn publish-sandboxes --remote="https://storybook-bot:${PAT_STORYBOOK_BOT}@github.com/storybookjs/sandboxes.git" --push --branch=main + env: + PAT_STORYBOOK_BOT: ${{ secrets.PAT_STORYBOOK_BOT }} - name: Report failure to Discord if: failure() diff --git a/.github/workflows/handle-release-branches.yml b/.github/workflows/handle-release-branches.yml index 021ed04934ff..587bc8178055 100644 --- a/.github/workflows/handle-release-branches.yml +++ b/.github/workflows/handle-release-branches.yml @@ -10,8 +10,10 @@ jobs: steps: - id: get-branch run: | - BRANCH=($(echo ${{ github.ref }} | sed -E 's/refs\/heads\///')) + BRANCH=($(echo "${GIT_REF}" | sed -E 's/refs\/heads\///')) echo "branch=$BRANCH" >> $GITHUB_ENV + env: + GIT_REF: ${{ github.ref }} outputs: branch: ${{ env.branch }} is-latest-branch: ${{ env.branch == 'main' }} @@ -24,22 +26,24 @@ jobs: if: ${{ needs.branch-checks.outputs.is-latest-branch == 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - run: curl -X POST "https://api.netlify.com/build_hooks/${{ secrets.FRONTPAGE_HOOK }}" + - run: curl -X POST "https://api.netlify.com/build_hooks/${FRONTPAGE_HOOK}" + env: + FRONTPAGE_HOOK: ${{ secrets.FRONTPAGE_HOOK }} get-next-release-branch: needs: branch-checks if: ${{ needs.branch-checks.outputs.is-next-branch == 'true' || needs.branch-checks.outputs.is-release-branch == 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: next path: next - id: next-version - uses: notiz-dev/github-action-json-property@release + uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # release with: path: ${{ github.workspace }}/next/code/package.json prop_path: version @@ -55,7 +59,7 @@ jobs: if: ${{ needs.branch-checks.outputs.is-next-branch == 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 @@ -97,5 +101,8 @@ jobs: run: | curl -X POST https://api.github.com/repos/storybookjs/frontpage/dispatches \ -H 'Accept: application/vnd.github.v3+json' \ - -u ${{ secrets.FRONTPAGE_ACCESS_TOKEN }} \ + -u "${FRONTPAGE_ACCESS_TOKEN}" \ --data '{"event_type": "request-create-frontpage-branch", "client_payload": { "branch": "${{ needs.create-next-release-branch.outputs.branch || needs.branch-checks.outputs.branch }}" }}' + + env: + FRONTPAGE_ACCESS_TOKEN: ${{ secrets.FRONTPAGE_ACCESS_TOKEN }} diff --git a/.github/workflows/nx.yml b/.github/workflows/nx.yml index f3b048a2122a..cc0db2352f28 100644 --- a/.github/workflows/nx.yml +++ b/.github/workflows/nx.yml @@ -51,7 +51,7 @@ jobs: fi fi - if [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/next" ]]; then + if [[ "${{ github.event_name }}" == "push" && "${GIT_REF}" == "refs/heads/next" ]]; then tags="merged" fi @@ -60,6 +60,8 @@ jobs: fi echo "tag=$tags" >> "$GITHUB_OUTPUT" + env: + GIT_REF: ${{ github.ref }} - name: Select distribution config id: dist run: | @@ -91,7 +93,7 @@ jobs: node-version: 22 cache: 'yarn' - run: yarn install --immutable - - uses: nrwl/nx-set-shas@v4 + - uses: nrwl/nx-set-shas@3e9ad7370203c1e93d109be57f3b72eb0eb511b1 # v4 - id: nx name: 'Run nx' run: | diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8259f525d13e..3558fbe5b901 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -111,7 +111,9 @@ jobs: - name: Get target branch id: target - run: echo "target=${{ github.ref_name == 'next-release' && 'next' || 'main' }}" >> $GITHUB_OUTPUT + run: echo "target=${REF_NAME}" >> $GITHUB_OUTPUT + env: + REF_NAME: ${{ github.ref_name == 'next-release' && 'next' || 'main' }} - name: Get changelog for ${{ steps.version.outputs.current-version }} if: steps.publish-needed.outputs.published == 'false' @@ -203,7 +205,7 @@ jobs: - name: Create Sentry release if: steps.publish-needed.outputs.published == 'false' - uses: getsentry/action-release@v3 + uses: getsentry/action-release@dab6548b3c03c4717878099e43782cf5be654289 # v3 env: SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_ORG: ${{ secrets.SENTRY_ORG }} diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index af45b109da06..a48595626c20 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -18,7 +18,7 @@ jobs: if: github.repository_owner == 'storybookjs' runs-on: ubuntu-latest steps: - - uses: balazsorban44/nissuer@1.10.0 + - uses: balazsorban44/nissuer@92ef22afd6a75e5e588f5d689a1fd3433f596f82 # 1.10.0 with: label-comments: | { diff --git a/.github/workflows/trigger-circle-ci-workflow.yml b/.github/workflows/trigger-circle-ci-workflow.yml index 7b1cedda19f1..57fdbbdb6ae9 100644 --- a/.github/workflows/trigger-circle-ci-workflow.yml +++ b/.github/workflows/trigger-circle-ci-workflow.yml @@ -60,7 +60,7 @@ jobs: if: github.repository_owner == 'storybookjs' && needs.get-parameters.outputs.workflow != '' steps: - name: Trigger Normal tests - uses: fjogeleit/http-request-action@v1 + uses: fjogeleit/http-request-action@c0b95d02a088b47c1f2f4db04fd8af8bd19eee54 # v1 with: url: 'https://circleci.com/api/v2/project/gh/storybookjs/storybook/pipeline' method: 'POST'