actions: upgrade all actions

This commit is contained in:
Jay Lee
2025-08-31 17:32:37 -04:00
parent 158ec79880
commit f6a473ab43
5 changed files with 16 additions and 18 deletions

View File

@@ -108,21 +108,21 @@ jobs:
steps: steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
fetch-depth: 0 fetch-depth: 0
- id: auth - id: auth
name: Authenticate to Google Cloud name: Authenticate to Google Cloud
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # 2.1.12 uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with: with:
workload_identity_provider: projects/297925809119/locations/global/workloadIdentityPools/gha-pool/providers/gha-provider workload_identity_provider: projects/297925809119/locations/global/workloadIdentityPools/gha-pool/providers/gha-provider
service_account: github-actions-testing-for-gam@gam-project-wyo-lub-ivl.iam.gserviceaccount.com service_account: github-actions-testing-for-gam@gam-project-wyo-lub-ivl.iam.gserviceaccount.com
- name: Cache multiple paths - name: Cache multiple paths
if: matrix.goal == 'build' if: matrix.goal == 'build'
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # 4.2.4 uses: actions/cache@638ed79f9dc94c1de1baef91bcab5edaa19451f4 # v4.2.4
id: cache-python-ssl id: cache-python-ssl
with: with:
path: | path: |
@@ -137,7 +137,7 @@ jobs:
- name: Use pre-compiled Python for testing - name: Use pre-compiled Python for testing
if: matrix.python != '' if: matrix.python != ''
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # 5.6.0 uses: actions/setup-python@3d1e2d2ca0a067f27da6fec484fce7f5256def85 # v5.6.0
with: with:
python-version: ${{ matrix.python }} python-version: ${{ matrix.python }}
allow-prereleases: true allow-prereleases: true
@@ -217,13 +217,13 @@ jobs:
- name: MacOS import developer certificates for signing - name: MacOS import developer certificates for signing
if: runner.os == 'macOS' if: runner.os == 'macOS'
uses: apple-actions/import-codesign-certs@95e84a1a18f2bdbc5c6ab9b7f4429372e4b13a8b # 5.0.3 uses: apple-actions/import-codesign-certs@11e1bb2d3771ad8ffa8459dfe527bc26b2dd4b62 # v5.0.3
with: with:
p12-file-base64: ${{ secrets.CERTIFICATES_P12 }} p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }} p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
- name: Windows Configure VCode - name: Windows Configure VCode
uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # 1.13.0 uses: ilammy/msvc-dev-cmd@460a772e4cf7358f9f2f23773240813e40e7a894 # v1.13.0
if: runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true' if: runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
with: with:
arch: ${{ runner.arch }} arch: ${{ runner.arch }}
@@ -285,7 +285,7 @@ jobs:
echo "COMPILED_OPENSSL_VERSION=${COMPILED_OPENSSL_VERSION}" >> $GITHUB_ENV echo "COMPILED_OPENSSL_VERSION=${COMPILED_OPENSSL_VERSION}" >> $GITHUB_ENV
- name: Windows NASM Install - name: Windows NASM Install
uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b # 1.5.2 uses: ilammy/setup-nasm@3a5c2907aab40613bec4a2c63f5d0ef0b11fbd9f # v1.5.2
if: matrix.goal == 'build' && runner.os == 'Windows' && runner.arch == 'X64' && steps.cache-python-ssl.outputs.cache-hit != 'true' if: matrix.goal == 'build' && runner.os == 'Windows' && runner.arch == 'X64' && steps.cache-python-ssl.outputs.cache-hit != 'true'
- name: Config OpenSSL - name: Config OpenSSL
@@ -669,7 +669,7 @@ jobs:
$gam create signjwtserviceaccount $gam create signjwtserviceaccount
- name: Attest gam executable was generated from this Action - name: Attest gam executable was generated from this Action
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # 2.4.0 uses: actions/attest-build-provenance@0b6e9809265278d02c58acf52849a95818a5a306 # v3.0.0
if: matrix.goal == 'build' if: matrix.goal == 'build'
with: with:
subject-path: ${{ env.gam }} subject-path: ${{ env.gam }}
@@ -733,7 +733,7 @@ jobs:
& 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe' verify /pa /v "$env:MSI_FILENAME" & 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe' verify /pa /v "$env:MSI_FILENAME"
- name: Attest that gam package files were generated from this Action - name: Attest that gam package files were generated from this Action
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # 2.4.0 uses: actions/attest-build-provenance@0b6e9809265278d02c58acf52849a95818a5a306 # v3.0.0
if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.goal == 'build' if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.goal == 'build'
with: with:
subject-path: | subject-path: |
@@ -990,7 +990,7 @@ jobs:
packages: write packages: write
steps: steps:
- name: Merge Artifacts - name: Merge Artifacts
uses: actions/upload-artifact/merge@v4 uses: actions/upload-artifact/merge@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: gam-binaries name: gam-binaries
pattern: gam-binaries-* pattern: gam-binaries-*
@@ -1006,7 +1006,7 @@ jobs:
steps: steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
fetch-depth: 0 fetch-depth: 0
@@ -1029,7 +1029,7 @@ jobs:
echo "dateversion=${dateversion}" >> $GITHUB_OUTPUT echo "dateversion=${dateversion}" >> $GITHUB_OUTPUT
- name: Publish draft release - name: Publish draft release
uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # 2.3.2 uses: softprops/action-gh-release@fbadcc90e88ecface60a0a0d123795b784ceb239 # v2.3.2
with: with:
draft: true draft: true
prerelease: false prerelease: false

View File

@@ -39,9 +39,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v3 uses: github/codeql-action/init@v3
with: with:

View File

@@ -19,7 +19,7 @@ jobs:
check-certs: check-certs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@master - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
with: with:
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo fetch-depth: 0 # otherwise, you will failed to push refs to dest repo

View File

@@ -18,7 +18,7 @@ jobs:
git clone https://github.com/GAM-team/GAM git clone https://github.com/GAM-team/GAM
- name: Checkout Wiki source - name: Checkout Wiki source
uses: actions/checkout@master uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
with: with:
path: GAM.wiki path: GAM.wiki
repository: GAM-team/GAM.wiki repository: GAM-team/GAM.wiki

View File

@@ -16,7 +16,7 @@ jobs:
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
fetch-depth: 0 fetch-depth: 0