diff --git a/.github/workflows/assistant-to-the-branch-manager.yml b/.github/workflows/assistant-to-the-branch-manager.yml index 96ba13def..98b92f88a 100644 --- a/.github/workflows/assistant-to-the-branch-manager.yml +++ b/.github/workflows/assistant-to-the-branch-manager.yml @@ -16,7 +16,7 @@ jobs: assistant_to_the_branch_manager: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # Setting persist-credentials instructs actions/checkout not to persist the credentials # in configuration or environment. Since we don't rely on the credentials used for diff --git a/.github/workflows/branch-manager.yml b/.github/workflows/branch-manager.yml index 25289f503..ff2757548 100644 --- a/.github/workflows/branch-manager.yml +++ b/.github/workflows/branch-manager.yml @@ -24,7 +24,7 @@ jobs: branch_manager: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # Setting `persist-credentials: false` prevents the github-action account from being the # account that is attempted to be used for authentication, instead the remote is set to diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 36605f5f4..73488cda4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,7 +37,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 22f59bd5c..cc269c73d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,12 +25,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: category: '/language:${{matrix.language}}' diff --git a/.github/workflows/commit-message-based-labels.yml b/.github/workflows/commit-message-based-labels.yml index 6ae46a7fb..81edc852d 100644 --- a/.github/workflows/commit-message-based-labels.yml +++ b/.github/workflows/commit-message-based-labels.yml @@ -12,7 +12,7 @@ jobs: commit_message_based_labels: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/pull-request-labeling with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/feature-request.yml b/.github/workflows/feature-request.yml index b3a1274c1..a49b9f6e7 100644 --- a/.github/workflows/feature-request.yml +++ b/.github/workflows/feature-request.yml @@ -10,7 +10,7 @@ jobs: feature_triage: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/feature-request with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml index c95fb99fa..88ab08b35 100644 --- a/.github/workflows/gemini-review.yml +++ b/.github/workflows/gemini-review.yml @@ -40,7 +40,7 @@ jobs: --repo "${REPOSITORY}" - name: 'Checkout repository' - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: 'Run Gemini security analysis review' uses: 'google-github-actions/run-gemini-cli@5a3b23c898e09c9a9d00e75f7725e83ed603884d' # v0.1.19 diff --git a/.github/workflows/ng-renovate.yml b/.github/workflows/ng-renovate.yml index 02c309cc0..3ef688abb 100644 --- a/.github/workflows/ng-renovate.yml +++ b/.github/workflows/ng-renovate.yml @@ -30,7 +30,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/npm/checkout-and-setup-node with: cache-dependency-path: './.github/ng-renovate/pnpm-lock.yaml' diff --git a/.github/workflows/org-wide-actions.yml b/.github/workflows/org-wide-actions.yml index cefc05214..7eb8ecadb 100644 --- a/.github/workflows/org-wide-actions.yml +++ b/.github/workflows/org-wide-actions.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'angular/dev-infra' runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/local-actions/labels-sync with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} @@ -28,7 +28,7 @@ jobs: if: github.repository == 'angular/dev-infra' runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/local-actions/lock-closed with: lock-bot-key: ${{ secrets.LOCK_BOT_PRIVATE_KEY }} diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml index 65f0f2c19..5f576b648 100644 --- a/.github/workflows/perf.yml +++ b/.github/workflows/perf.yml @@ -23,7 +23,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - run: pnpm install --frozen-lockfile @@ -41,7 +41,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - run: pnpm install --frozen-lockfile diff --git a/.github/workflows/post-approval-changes.yml b/.github/workflows/post-approval-changes.yml index 2d8300ab5..017634649 100644 --- a/.github/workflows/post-approval-changes.yml +++ b/.github/workflows/post-approval-changes.yml @@ -9,7 +9,7 @@ jobs: post_approval_changes: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/post-approval-changes with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index fee48a3d6..fe4900299 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -22,7 +22,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote @@ -48,7 +48,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote diff --git a/.github/workflows/publish-snapshots.yml b/.github/workflows/publish-snapshots.yml index 14965be9f..624d3c0da 100644 --- a/.github/workflows/publish-snapshots.yml +++ b/.github/workflows/publish-snapshots.yml @@ -19,7 +19,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 1 - uses: ./github-actions/npm/checkout-and-setup-node diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7b0712be9..b647d2a8b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -23,7 +23,7 @@ jobs: id-token: write steps: - name: 'Checkout code' - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -45,6 +45,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: sarif_file: results.sarif diff --git a/github-actions/bazel/setup/action.yml b/github-actions/bazel/setup/action.yml index 7c03a8ab6..337c6ef82 100644 --- a/github-actions/bazel/setup/action.yml +++ b/github-actions/bazel/setup/action.yml @@ -13,7 +13,7 @@ runs: using: composite steps: - name: Configure action caching for bazel version downloaded by bazelisk - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | ~/.cache/bazelisk @@ -27,7 +27,7 @@ runs: shell: bash - name: Configure action caching for bazel repository cache - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: # Note: Bazel repository cache is located in system locations and cannot use # a shared cache between different runner operating systems. diff --git a/github-actions/npm/checkout-and-setup-node/action.yml b/github-actions/npm/checkout-and-setup-node/action.yml index 806b5b885..7b2d58756 100644 --- a/github-actions/npm/checkout-and-setup-node/action.yml +++ b/github-actions/npm/checkout-and-setup-node/action.yml @@ -38,7 +38,7 @@ runs: git config --global core.eol lf shell: bash - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: filter: blob:none persist-credentials: false