diff --git a/.github/workflows/automatic-issue-responses.yml b/.github/workflows/automatic-issue-responses.yml index 970532ab1e..6ca8ec09ac 100644 --- a/.github/workflows/automatic-issue-responses.yml +++ b/.github/workflows/automatic-issue-responses.yml @@ -25,7 +25,7 @@ jobs: # Intended behavior - if: github.event.label.name == 'intended-behavior' name: Intended behaviour - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 with: comment: | Your issue appears to be describing the intended behavior of the software. If you want this to be changed, it would be a feature request. @@ -38,7 +38,7 @@ jobs: # Customer support request - if: github.event.label.name == 'customer-support' name: Customer Support request - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 with: comment: | We use GitHub issues as a place to track bugs and other development related issues. Your issue appears to be a support request, or would otherwise be better handled by our dedicated Customer Success team. @@ -49,14 +49,14 @@ jobs: # Resolved - if: github.event.label.name == 'resolved' name: Resolved - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 with: comment: | We’ve closed this issue, as it appears the original problem has been resolved. If this happens again or continues to be an problem, please respond to this issue with any additional detail to assist with reproduction and root cause analysis. # Stale - if: github.event.label.name == 'stale' name: Stale - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 with: comment: | As we haven’t heard from you about this problem in some time, this issue will now be closed. diff --git a/.github/workflows/build-self-host.yml b/.github/workflows/build-self-host.yml index f00c85ca81..a600294725 100644 --- a/.github/workflows/build-self-host.yml +++ b/.github/workflows/build-self-host.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Check Branch to Publish env: @@ -39,14 +39,14 @@ jobs: ########## Set up Docker ########## - name: Set up QEMU emulators - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 + uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 + uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 ########## Login to Docker registries ########## - name: Login to Azure - QA Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} @@ -54,7 +54,7 @@ jobs: run: az acr login -n bitwardenqa - name: Login to Azure - Prod Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} @@ -62,13 +62,13 @@ jobs: run: az acr login -n bitwardenprod - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve github PAT secrets id: retrieve-secret-pat - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f with: keyvault: "bitwarden-ci" secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -76,7 +76,7 @@ jobs: - name: Retrieve secrets if: ${{ env.is_publish_branch == 'true' }} id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f with: keyvault: "bitwarden-ci" secrets: "docker-password, @@ -128,7 +128,7 @@ jobs: fi - name: Build Docker image - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v3.2.0 with: context: . file: docker-unified/Dockerfile @@ -166,21 +166,21 @@ jobs: fi - name: Login to Azure - CI subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 if: failure() with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f if: failure() with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure - uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 65adc85a7f..fef9c2a55a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repo - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Install cloc run: | @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Verify Format run: dotnet format --verify-no-changes @@ -43,7 +43,7 @@ jobs: NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages steps: - name: Set up dotnet - uses: actions/setup-dotnet@9211491ffb35dd6a6657ca4f45d43dfe6e97c829 + uses: actions/setup-dotnet@9211491ffb35dd6a6657ca4f45d43dfe6e97c829 # v2.0.0 with: dotnet-version: "6.0.x" @@ -55,7 +55,7 @@ jobs: echo "GitHub event: $GITHUB_EVENT" - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Restore run: dotnet restore --locked-mode @@ -81,7 +81,7 @@ jobs: shell: pwsh - name: Report test results - uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 + uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 if: always() with: name: Test Results @@ -128,10 +128,10 @@ jobs: dotnet: true steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Node - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: "npm" cache-dependency-path: "**/package-lock.json" @@ -175,7 +175,7 @@ jobs: ls -atlh ../../../ - name: Upload project artifact - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: ${{ matrix.project_name }}.zip path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip @@ -248,7 +248,7 @@ jobs: dotnet: true steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Check Branch to Publish env: @@ -265,7 +265,7 @@ jobs: ########## ACRs ########## - name: Login to Azure - QA Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} @@ -273,7 +273,7 @@ jobs: run: az acr login -n bitwardenqa - name: Login to Azure - PROD Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} @@ -281,13 +281,13 @@ jobs: run: az acr login -n bitwardenprod - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve github PAT secrets id: retrieve-secret-pat - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f with: keyvault: "bitwarden-ci" secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -295,7 +295,7 @@ jobs: - name: Retrieve secrets if: ${{ env.is_publish_branch == 'true' }} id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f with: keyvault: "bitwarden-ci" secrets: "docker-password, @@ -349,7 +349,7 @@ jobs: - name: Get build artifact if: ${{ matrix.dotnet }} - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 + uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3.0.0 with: name: ${{ matrix.project_name }}.zip @@ -361,7 +361,7 @@ jobs: -d ${{ matrix.base_path }}/${{ matrix.project_name }}/obj/build-output/publish - name: Build Docker image - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v3.2.0 with: context: ${{ matrix.base_path }}/${{ matrix.project_name }} file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile @@ -391,12 +391,12 @@ jobs: needs: build-docker steps: - name: Set up dotnet - uses: actions/setup-dotnet@9211491ffb35dd6a6657ca4f45d43dfe6e97c829 + uses: actions/setup-dotnet@9211491ffb35dd6a6657ca4f45d43dfe6e97c829 # v3.0.3 with: dotnet-version: "6.0.x" - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Restore run: dotnet tool restore @@ -429,7 +429,7 @@ jobs: - name: Upload Docker stub artifact if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: docker-stub.zip path: docker-stub.zip @@ -437,7 +437,7 @@ jobs: - name: Upload Docker stub checksum artifact if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: docker-stub-sha256.txt path: docker-stub-sha256.txt @@ -463,7 +463,7 @@ jobs: GLOBALSETTINGS__SQLSERVER__CONNECTIONSTRING: "placeholder" - name: Upload Swagger artifact - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: swagger.json path: swagger.json @@ -488,7 +488,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Print environment run: | @@ -507,7 +507,7 @@ jobs: - name: Upload project artifact Windows if: ${{ contains(matrix.target, 'win') == true }} - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: MsSqlMigratorUtility-${{ matrix.target }} path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility.exe @@ -515,7 +515,7 @@ jobs: - name: Upload project artifact if: ${{ contains(matrix.target, 'win') == false }} - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: MsSqlMigratorUtility-${{ matrix.target }} path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility @@ -565,21 +565,21 @@ jobs: fi - name: Login to Azure - CI subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 if: failure() with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f if: failure() with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure - uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} diff --git a/.github/workflows/cleanup-after-pr.yml b/.github/workflows/cleanup-after-pr.yml index ab6920aca2..0b9813a480 100644 --- a/.github/workflows/cleanup-after-pr.yml +++ b/.github/workflows/cleanup-after-pr.yml @@ -11,11 +11,11 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 ########## ACR ########## - name: Login to Azure - QA Subscription - uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a # v1.3.0 with: creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} @@ -23,7 +23,7 @@ jobs: run: az acr login -n bitwardenqa - name: Login to Azure - PROD Subscription - uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a # v1.3.0 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} diff --git a/.github/workflows/container-registry-purge.yml b/.github/workflows/container-registry-purge.yml index 984ef8675a..9970b7ea00 100644 --- a/.github/workflows/container-registry-purge.yml +++ b/.github/workflows/container-registry-purge.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Login to Azure - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} @@ -85,21 +85,21 @@ jobs: fi - name: Login to Azure - CI subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 if: failure() with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f if: failure() with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure - uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} diff --git a/.github/workflows/enforce-labels.yml b/.github/workflows/enforce-labels.yml index b698bf47d8..747bcc07f4 100644 --- a/.github/workflows/enforce-labels.yml +++ b/.github/workflows/enforce-labels.yml @@ -11,6 +11,6 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Enforce Label - uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 + uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # v2.2.2 with: BANNED_LABELS: "hold,DB-migrations-changed,needs-qa" diff --git a/.github/workflows/protect-files.yml b/.github/workflows/protect-files.yml index c9461faf77..7222ea9597 100644 --- a/.github/workflows/protect-files.yml +++ b/.github/workflows/protect-files.yml @@ -30,7 +30,7 @@ jobs: label: "DB-migrations-changed" steps: - name: Checkout repo - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: fetch-depth: 2 @@ -50,6 +50,6 @@ jobs: - name: Add label to pull request if: contains(steps.check-changes.outputs.changes_detected, true) - uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90 + uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90 # v1.0.4 with: add-labels: ${{ matrix.label }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 96ed73fb54..c5c15d7b78 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,11 +34,11 @@ jobs: fi - name: Checkout repo - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - name: Check Release Version id: version - uses: bitwarden/gh-actions/release-version-check@4cf17a5ff15a995a2daf2b60ba371e5c9907c068 + uses: bitwarden/gh-actions/release-version-check@34ecb67b2a357795dc893549df0795e7383ff50f with: release-type: ${{ github.event.inputs.release_type }} project-type: dotnet @@ -76,7 +76,7 @@ jobs: - name: Create GitHub deployment for ${{ matrix.name }} if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48 + uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5 id: deployment with: token: "${{ secrets.GITHUB_TOKEN }}" @@ -87,7 +87,7 @@ jobs: - name: Download latest Release ${{ matrix.name }} asset if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a + uses: bitwarden/gh-actions/download-artifacts@34ecb67b2a357795dc893549df0795e7383ff50f with: workflow: build.yml workflow_conclusion: success @@ -96,7 +96,7 @@ jobs: - name: Download latest Release ${{ matrix.name }} asset if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a + uses: bitwarden/gh-actions/download-artifacts@34ecb67b2a357795dc893549df0795e7383ff50f with: workflow: build.yml workflow_conclusion: success @@ -104,7 +104,7 @@ jobs: artifacts: ${{ matrix.name }}.zip - name: Login to Azure - CI subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -129,12 +129,12 @@ jobs: echo "publish-profile=$publish_profile" >> $GITHUB_OUTPUT - name: Login to Azure - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Deploy App - uses: azure/webapps-deploy@0b651ed7546ecfc75024011f76944cb9b381ef1e + uses: azure/webapps-deploy@016bdd3f9b7cec60310bcf9da98f671628795644 # v2.2.4 with: app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }} publish-profile: ${{ steps.retrieve-secrets.outputs.publish-profile }} @@ -156,7 +156,7 @@ jobs: - name: Update ${{ matrix.name }} deployment status to Success if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 + uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: "${{ secrets.GITHUB_TOKEN }}" state: "success" @@ -164,7 +164,7 @@ jobs: - name: Update ${{ matrix.name }} deployment status to Failure if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 + uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: "${{ secrets.GITHUB_TOKEN }}" state: "failure" @@ -227,7 +227,7 @@ jobs: echo "Github Release Option: $RELEASE_OPTION" - name: Checkout repo - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - name: Setup project name id: setup @@ -241,7 +241,7 @@ jobs: - name: Setup DCT id: setup-dct if: matrix.origin_docker_repo == 'bitwarden' - uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff + uses: bitwarden/gh-actions/setup-docker-trust@34ecb67b2a357795dc893549df0795e7383ff50f with: azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} azure-keyvault-name: "bitwarden-ci" @@ -284,7 +284,7 @@ jobs: ########## ACR PROD ########## - name: Login to Azure - PROD Subscription - uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} @@ -338,7 +338,7 @@ jobs: steps: - name: Download latest Release docker-stub if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a + uses: bitwarden/gh-actions/download-artifacts@34ecb67b2a357795dc893549df0795e7383ff50f with: workflow: build.yml workflow_conclusion: success @@ -349,7 +349,7 @@ jobs: - name: Download latest Release docker-stub if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a + uses: bitwarden/gh-actions/download-artifacts@34ecb67b2a357795dc893549df0795e7383ff50f with: workflow: build.yml workflow_conclusion: success @@ -360,7 +360,7 @@ jobs: - name: Create release if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01 + uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0 with: artifacts: "docker-stub.zip, docker-stub-sha256.txt, diff --git a/.github/workflows/stop-staging-slots.yml b/.github/workflows/stop-staging-slots.yml index 5694e36dcf..9d82da2abf 100644 --- a/.github/workflows/stop-staging-slots.yml +++ b/.github/workflows/stop-staging-slots.yml @@ -29,7 +29,7 @@ jobs: echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -47,7 +47,7 @@ jobs: echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT - name: Login to Azure - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index a2924f5709..ca6dff234d 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -14,22 +14,22 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout Branch - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f with: keyvault: "bitwarden-ci" secrets: "github-gpg-private-key, github-gpg-private-key-passphrase" - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@c8bb57c57e8df1be8c73ff3d59deab1dbc00e0d1 + uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 with: gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} @@ -40,7 +40,7 @@ jobs: run: git switch -c version_bump_${{ github.event.inputs.version_number }} - name: Bump Version - Props - uses: bitwarden/gh-actions/version-bump@6a42772f8849107fd457cf47cd9c7e224be44e55 + uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f with: version: ${{ github.event.inputs.version_number }} file_path: "Directory.Build.props" diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index 9fda2eee0a..9db5d644aa 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -8,4 +8,4 @@ on: jobs: call-workflow: - uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@master + uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@34ecb67b2a357795dc893549df0795e7383ff50f