diff --git a/.github/workflows/assistant-to-the-branch-manager.yml b/.github/workflows/assistant-to-the-branch-manager.yml index 28975701c..f8eca6617 100644 --- a/.github/workflows/assistant-to-the-branch-manager.yml +++ b/.github/workflows/assistant-to-the-branch-manager.yml @@ -16,7 +16,7 @@ jobs: assistant_to_the_branch_manager: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # Setting persist-credentials instructs actions/checkout not to persist the credentials # in configuration or environment. Since we don't rely on the credentials used for diff --git a/.github/workflows/branch-manager.yml b/.github/workflows/branch-manager.yml index 84767f786..2c9ae54c7 100644 --- a/.github/workflows/branch-manager.yml +++ b/.github/workflows/branch-manager.yml @@ -24,7 +24,7 @@ jobs: branch_manager: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # Setting `persist-credentials: false` prevents the github-action account from being the # account that is attempted to be used for authentication, instead the remote is set to diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 10f999836..4ede0f8a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,7 +37,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d75ff37f6..344914dd5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Initialize CodeQL uses: github/codeql-action/init@a4e1a019f5e24960714ff6296aee04b736cbc3cf # v3.29.6 with: diff --git a/.github/workflows/commit-message-based-labels.yml b/.github/workflows/commit-message-based-labels.yml index c9bb7445a..a94a5607b 100644 --- a/.github/workflows/commit-message-based-labels.yml +++ b/.github/workflows/commit-message-based-labels.yml @@ -12,7 +12,7 @@ jobs: commit_message_based_labels: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/pull-request-labeling with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/feature-request.yml b/.github/workflows/feature-request.yml index e918c4997..5f1f4ee44 100644 --- a/.github/workflows/feature-request.yml +++ b/.github/workflows/feature-request.yml @@ -10,7 +10,7 @@ jobs: feature_triage: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/feature-request with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/ng-renovate.yml b/.github/workflows/ng-renovate.yml index 2a5a845c5..620d4739e 100644 --- a/.github/workflows/ng-renovate.yml +++ b/.github/workflows/ng-renovate.yml @@ -29,7 +29,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/npm/checkout-and-setup-node - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - run: pnpm install --frozen-lockfile diff --git a/.github/workflows/org-wide-actions.yml b/.github/workflows/org-wide-actions.yml index 7241bbf64..1db861223 100644 --- a/.github/workflows/org-wide-actions.yml +++ b/.github/workflows/org-wide-actions.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'angular/dev-infra' runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./.github/local-actions/labels-sync with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} @@ -28,7 +28,7 @@ jobs: if: github.repository == 'angular/dev-infra' runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./.github/local-actions/lock-closed with: lock-bot-key: ${{ secrets.LOCK_BOT_PRIVATE_KEY }} diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml index da2319f26..0682f3fad 100644 --- a/.github/workflows/perf.yml +++ b/.github/workflows/perf.yml @@ -23,7 +23,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - run: pnpm install --frozen-lockfile @@ -41,7 +41,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - run: pnpm install --frozen-lockfile diff --git a/.github/workflows/post-approval-changes.yml b/.github/workflows/post-approval-changes.yml index d79d34d35..761550eab 100644 --- a/.github/workflows/post-approval-changes.yml +++ b/.github/workflows/post-approval-changes.yml @@ -9,7 +9,7 @@ jobs: post_approval_changes: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/post-approval-changes with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index b5e510686..40f55e6f5 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -22,7 +22,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote @@ -50,7 +50,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./github-actions/npm/checkout-and-setup-node - uses: ./github-actions/bazel/setup - uses: ./github-actions/bazel/configure-remote diff --git a/.github/workflows/publish-snapshots.yml b/.github/workflows/publish-snapshots.yml index ab80ad8a7..bbd4fe9aa 100644 --- a/.github/workflows/publish-snapshots.yml +++ b/.github/workflows/publish-snapshots.yml @@ -19,7 +19,7 @@ jobs: # Because the checkout and setup node action is contained in the dev-infra repo, we must # checkout the repo to be able to run the action we have created. Other repos will skip # this step. - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 - uses: ./github-actions/npm/checkout-and-setup-node diff --git a/github-actions/npm/checkout-and-setup-node/action.yml b/github-actions/npm/checkout-and-setup-node/action.yml index eb2cb310b..120c54181 100644 --- a/github-actions/npm/checkout-and-setup-node/action.yml +++ b/github-actions/npm/checkout-and-setup-node/action.yml @@ -40,7 +40,7 @@ runs: git config --global core.eol lf shell: bash - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: filter: blob:none persist-credentials: false