From 2b9faadbecb65ff24f1fe639461eb6f4d6ab74a2 Mon Sep 17 00:00:00 2001 From: David Leal Date: Fri, 28 Apr 2023 10:21:27 -0600 Subject: [PATCH] Update many of the actions to their latest version (#1731) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update many of the actions to their latest version * Fix CodeQL action * Use the latest version for all images * Whoops * Use Ubuntu for the Peek Icons workflow * Fix Peek Icons action * Remove token * chore: apply suggestions from code review Co-authored-by: Jørgen Kalsnes Hagen <43886029+Snailedlt@users.noreply.github.com> --------- Co-authored-by: Jørgen Kalsnes Hagen <43886029+Snailedlt@users.noreply.github.com> --- .github/drafts/optimize_svg.yml | 4 +- .github/drafts/stale.yml | 2 +- .github/scripts/icomoon_peek.py | 2 +- .github/workflows/check_icon_pr.yml | 10 +-- .github/workflows/codeql-analysis.yml | 89 +++++++++---------- .github/workflows/in_develop_labeler.yml | 11 ++- .github/workflows/npm_publish.yml | 4 +- .github/workflows/peek_icons.yml | 12 +-- .../workflows/post_check_icon_pr_comment.yml | 12 +-- .github/workflows/post_peek_screenshot.yml | 14 +-- 10 files changed, 82 insertions(+), 78 deletions(-) diff --git a/.github/drafts/optimize_svg.yml b/.github/drafts/optimize_svg.yml index ec35ed2d..0c283531 100644 --- a/.github/drafts/optimize_svg.yml +++ b/.github/drafts/optimize_svg.yml @@ -6,9 +6,9 @@ jobs: peek: name: Optimize the added/changed svgs if: github.event.label.name == 'bot:optimize' - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: ref: ${{ github.head_ref }} diff --git a/.github/drafts/stale.yml b/.github/drafts/stale.yml index 41d74cf7..365ac82e 100644 --- a/.github/drafts/stale.yml +++ b/.github/drafts/stale.yml @@ -5,7 +5,7 @@ on: jobs: stale: - runs-on: ubuntu-latest + runs-on: ubuntu-latestlatest steps: - uses: actions/stale@main with: diff --git a/.github/scripts/icomoon_peek.py b/.github/scripts/icomoon_peek.py index 80a6a6ca..7d66d111 100644 --- a/.github/scripts/icomoon_peek.py +++ b/.github/scripts/icomoon_peek.py @@ -5,7 +5,7 @@ from build_assets import filehandler, arg_getters, util def main(): runner = None try: - args = arg_getters.get_selenium_runner_args(peek_mode=True) + args = arg_getters.get_selenium_runner_args(has_token=False, peek_mode=True) all_icons = filehandler.get_json_file_content(args.devicon_json_path) # get only the icon object that has the name matching the pr title diff --git a/.github/workflows/check_icon_pr.yml b/.github/workflows/check_icon_pr.yml index eb128cc3..3054a6f8 100644 --- a/.github/workflows/check_icon_pr.yml +++ b/.github/workflows/check_icon_pr.yml @@ -3,10 +3,10 @@ on: pull_request jobs: check: name: Check the `devicon.json` and the SVGs' quality - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest if: startsWith(github.event.pull_request.title, 'new icon') || startsWith(github.event.pull_request.title, 'update icon') # only checks icon PR steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Check if PR is develop if: ${{ github.base_ref != 'develop' }} @@ -14,7 +14,7 @@ jobs: echo -e "The PR's base branch is \`${{ github.base_ref }}\`, but should be \`develop\`\nPlease change the PR so that it's based on, and merged into \`develop\`" > ./err_messages.txt echo "wrong_branch=true" >> $GITHUB_ENV - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 if: ${{ !env.wrong_branch }} with: python-version: 3.8 @@ -32,7 +32,7 @@ jobs: run: python ./.github/scripts/check_icon_pr.py "$PR_TITLE" ./icons ./devicon.json - name: Upload the err messages - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 if: success() with: name: err_messages @@ -46,7 +46,7 @@ jobs: run: echo $PR_NUM > pr_num.txt - name: Upload the pr num - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 if: success() with: name: pr_num diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 44c8b786..886d230c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,62 +1,61 @@ -name: "CodeQL" +name: "Code Scanning - Action" on: push: - branches: [master] + branches: [master, develop] pull_request: - # The branches below must be a subset of the branches above - branches: [master] + branches: [master, develop] schedule: - - cron: '0 23 * * 4' + # ┌───────────── minute (0 - 59) + # │ ┌───────────── hour (0 - 23) + # │ │ ┌───────────── day of the month (1 - 31) + # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) + # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) + # │ │ │ │ │ + # │ │ │ │ │ + # │ │ │ │ │ + # * * * * * + - cron: '30 1 * * 0' jobs: - analyze: - name: Analyze + CodeQL-Build: + # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - # Override automatic language detection by changing the below list - # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] - language: ['javascript'] - # Learn more... - # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection + permissions: + # required for all workflows + security-events: write + + # only required for workflows in private repositories + actions: read + contents: read steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 + - name: Checkout repository + uses: actions/checkout@v3 - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + # Override language selection by uncommenting this and choosing your languages + with: + languages: javascript, python - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below). + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # ℹ️ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # ✏️ If the Autobuild fails above, remove it and uncomment the following + # three lines and modify them (or add more) to build your code if your + # project uses a compiled language - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + #- run: | + # make bootstrap + # make release - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/in_develop_labeler.yml b/.github/workflows/in_develop_labeler.yml index d212091b..99727a81 100644 --- a/.github/workflows/in_develop_labeler.yml +++ b/.github/workflows/in_develop_labeler.yml @@ -5,15 +5,20 @@ on: types: - completed jobs: + on-failure: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'failure' }} + steps: + - run: echo "First workflow was a failure" label_preflight: name: Label Issue In Develop - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup Python v3.8 - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.8 diff --git a/.github/workflows/npm_publish.yml b/.github/workflows/npm_publish.yml index 65995014..6a1396be 100644 --- a/.github/workflows/npm_publish.yml +++ b/.github/workflows/npm_publish.yml @@ -7,13 +7,13 @@ jobs: environment: release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: # "ref" specifies the branch to check out. # "github.event.release.target_commitish" is a global variable and specifies the branch the release targeted ref: ${{ github.event.release.target_commitish }} - name: Use Node.js v16 - uses: actions/setup-node@v2 + uses: actions/setup-node@v3 with: node-version: 16 registry-url: https://registry.npmjs.org/ # Specifies the registry, this field is required! diff --git a/.github/workflows/peek_icons.yml b/.github/workflows/peek_icons.yml index 0e8b4c2b..66f3cee3 100644 --- a/.github/workflows/peek_icons.yml +++ b/.github/workflows/peek_icons.yml @@ -9,12 +9,12 @@ jobs: # fail due to system, skipped name: Peek Icons if: github.event.label.name == 'bot:peek' - runs-on: windows-2019 + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup Python v3.8 - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.8 @@ -38,11 +38,11 @@ jobs: - name: Run icomoon_peek.py env: PR_TITLE: ${{ github.event.pull_request.title }} - shell: cmd + shell: bash run: > python ./.github/scripts/icomoon_peek.py - ./.github/scripts/build_assets/geckodriver-v0.32.2-win64/geckodriver.exe ./icomoon.json - ./devicon.json ./icons ./ --headless "%PR_TITLE%" + ./.github/scripts/build_assets/geckodriver-v0.32.2-linux64/geckodriver ./icomoon.json + ./devicon.json ./icons ./ --headless "$PR_TITLE" - name: Upload the err messages (created by icomoon_peek.py) uses: actions/upload-artifact@v2.2.4 diff --git a/.github/workflows/post_check_icon_pr_comment.yml b/.github/workflows/post_check_icon_pr_comment.yml index 116d16c4..9d953fc3 100644 --- a/.github/workflows/post_check_icon_pr_comment.yml +++ b/.github/workflows/post_check_icon_pr_comment.yml @@ -7,14 +7,14 @@ on: jobs: post_result_of_svg_check: name: Post the result of the Check SVG Action - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Check if the trigger run worked. If it failed, fail the current run. if: github.event.workflow_run.conclusion != 'success' uses: cutenode/action-always-fail@v1.0.1 - name: Download workflow artifact - uses: dawidd6/action-download-artifact@v2.11.0 + uses: dawidd6/action-download-artifact@v2.26.1 if: success() with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -24,19 +24,19 @@ jobs: - name: Read the pr_num file if: success() id: pr_num_reader - uses: juliangruber/read-file-action@v1.0.0 + uses: juliangruber/read-file-action@v1.1.6 with: path: ./pr_num/pr_num.txt - name: Read the err message file if: success() id: err_message_reader - uses: juliangruber/read-file-action@v1.0.0 + uses: juliangruber/read-file-action@v1.1.6 with: path: ./err_messages/err_messages.txt - name: Comment on the PR about the result - SVG Error - uses: jungwinter/comment@v1 # let us comment on a specific PR + uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR if: success() && (steps.err_message_reader.outputs.content != '') env: MESSAGE: | @@ -61,7 +61,7 @@ jobs: body: ${{ format(env.MESSAGE, steps.err_message_reader.outputs.content) }} - name: Comment on the PR about the result - Failure - uses: jungwinter/comment@v1 # let us comment on a specific PR + uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR if: failure() env: MESSAGE: | diff --git a/.github/workflows/post_peek_screenshot.yml b/.github/workflows/post_peek_screenshot.yml index 22528454..8b10a6df 100644 --- a/.github/workflows/post_peek_screenshot.yml +++ b/.github/workflows/post_peek_screenshot.yml @@ -7,7 +7,7 @@ on: jobs: post_screenshots_in_comment: name: Post the screenshot - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest if: github.event.action == 'completed' && github.event.workflow_run.conclusion != 'skipped' env: # three possible values: 'skipped', 'success', 'failure' @@ -20,7 +20,7 @@ jobs: run: echo $PEEK_STATUS - name: Download workflow artifact - uses: dawidd6/action-download-artifact@v2.11.0 + uses: dawidd6/action-download-artifact@v2.26.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} workflow: peek_icons.yml @@ -28,14 +28,14 @@ jobs: - name: Read the pr_num file id: pr_num_reader - uses: juliangruber/read-file-action@v1.0.0 + uses: juliangruber/read-file-action@v1.1.6 with: path: ./pr_num/pr_num.txt - name: Read the err message file if: success() id: err_message_reader - uses: juliangruber/read-file-action@v1.0.0 + uses: juliangruber/read-file-action@v1.1.6 with: path: ./err_messages/err_messages.txt @@ -81,7 +81,7 @@ jobs: client_id: ${{secrets.IMGUR_CLIENT_ID}} - name: Comment on the PR about the result - Success - uses: jungwinter/comment@v1 # let us comment on a specific PR + uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR if: env.PEEK_STATUS == 'success' && success() env: MESSAGE: | @@ -138,7 +138,7 @@ jobs: - name: Comment on the PR about the result - Failure if: env.PEEK_STATUS == 'failure' - uses: jungwinter/comment@v1 # let us comment on a specific PR + uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR env: MESSAGE: | Hi there, @@ -166,7 +166,7 @@ jobs: body: ${{ format(env.MESSAGE, steps.err_message_reader.outputs.content) }} - name: Comment on the PR about the result - Failure if: failure() - uses: jungwinter/comment@v1 # let us comment on a specific PR + uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR env: MESSAGE: | Hi there,