diff --git a/.github/workflows/aws-api-mcp-upgrade-version.yml b/.github/workflows/aws-api-mcp-upgrade-version.yml index e7bb20c619..aebbabd982 100644 --- a/.github/workflows/aws-api-mcp-upgrade-version.yml +++ b/.github/workflows/aws-api-mcp-upgrade-version.yml @@ -36,11 +36,11 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} - name: Install uv - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3 + uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 - name: Check and upgrade AWS CLI version id: upgrade working-directory: src/aws-api-mcp-server diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index 3db8d14c22..dc68e2aa60 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 - name: Bandit Scan uses: shundor/python-bandit-scan@ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd with: # optional arguments diff --git a/.github/workflows/cfn_nag.yml b/.github/workflows/cfn_nag.yml index f94ca25913..12c0e8c847 100644 --- a/.github/workflows/cfn_nag.yml +++ b/.github/workflows/cfn_nag.yml @@ -25,7 +25,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so follow-up steps can access it - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 - name: Simple test uses: stelligent/cfn_nag@8b5f03da74202ba323a145e9d037ddce6cab9dec diff --git a/.github/workflows/check-gh-pages-builds.yml b/.github/workflows/check-gh-pages-builds.yml index 6bac75335f..2981d372ef 100644 --- a/.github/workflows/check-gh-pages-builds.yml +++ b/.github/workflows/check-gh-pages-builds.yml @@ -11,8 +11,8 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: 22 cache: npm diff --git a/.github/workflows/check-license-header.yml b/.github/workflows/check-license-header.yml index 5b5219a194..44f891af5c 100644 --- a/.github/workflows/check-license-header.yml +++ b/.github/workflows/check-license-header.yml @@ -12,7 +12,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Check license headers uses: viperproject/check-license-header@e06c65614fa9f32e099838df4dd25440c5344b32 # v2.0.3 with: diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index bd9605c000..65ef2d683e 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -25,10 +25,10 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so follow-up steps can access it - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 - name: Checkov GitHub Action - uses: bridgecrewio/checkov-action@de3c276ef8118f7ce6bcb2e51d8dd3d65ac0ae36 # v12.3073.0 + uses: bridgecrewio/checkov-action@02a4c5d6a02367e5ea493c34c26b094302fd3f61 # v12.3075.0 with: # This will add both a CLI output to the console and create a results.sarif file output_format: cli,sarif diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a61dde32e0..1ddea8c193 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -61,7 +61,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` diff --git a/.github/workflows/dependency-review-action.yml b/.github/workflows/dependency-review-action.yml index 8ba962ba2e..533e60f93c 100644 --- a/.github/workflows/dependency-review-action.yml +++ b/.github/workflows/dependency-review-action.yml @@ -10,7 +10,7 @@ jobs: contents: read steps: - name: 'Checkout Repository' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 - name: 'Dependency Review' uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 #v4.8.2 with: diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 57fe93b77b..dda8fcfc9f 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -18,8 +18,8 @@ jobs: contents: read # to download the repository runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: 22 cache: npm diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml index 617f019d52..a7cdd37906 100644 --- a/.github/workflows/powershell.yml +++ b/.github/workflows/powershell.yml @@ -27,7 +27,7 @@ jobs: name: PSScriptAnalyzer runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 - name: Run PSScriptAnalyzer uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 871dd35f0a..62dc96eb21 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -13,7 +13,7 @@ jobs: outputs: precommits: ${{ steps.find-precommit.outputs.precommits }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Find precommit configurations id: find-precommit working-directory: . @@ -37,8 +37,8 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 #v6.1.0 with: python-version-file: ${{ matrix.precommit }}/.python-version - run: | diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index f414a73675..333ca4269f 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -17,7 +17,7 @@ jobs: changed-directories: ${{ steps.find-changed-directories.outputs.changed-directories }} changed-files: ${{ steps.find-changed-directories.outputs.changed-files }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Fetch base branch @@ -75,13 +75,13 @@ jobs: security-events: write actions: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install uv - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3 + uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version-file: "src/${{ matrix.package }}/.python-version" # cache: uv (not supported) diff --git a/.github/workflows/release-initiate-branch.yml b/.github/workflows/release-initiate-branch.yml index d54b80f6ab..99e085f41a 100644 --- a/.github/workflows/release-initiate-branch.yml +++ b/.github/workflows/release-initiate-branch.yml @@ -38,7 +38,7 @@ jobs: timeout-minutes: 5 steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} fetch-depth: 0 @@ -120,7 +120,7 @@ jobs: if: ${{ needs.look-for-changes.outputs.changed-directories != '[]' && needs.look-for-changes.outputs.changed-directories != '' }} steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} - name: Create release branch @@ -173,12 +173,12 @@ jobs: needs: [look-for-changes, create-branch] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} ref: ${{ needs.create-branch.outputs.release-branch }} - name: Install uv - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3 + uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 - name: Bump package version run: | set -euo pipefail @@ -274,7 +274,7 @@ jobs: needs: [look-for-changes, create-branch, bump-changed-directories] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} ref: ${{ needs.create-branch.outputs.release-branch }} diff --git a/.github/workflows/release-merge-tag.yml b/.github/workflows/release-merge-tag.yml index e113c3b80d..fb28cb91db 100644 --- a/.github/workflows/release-merge-tag.yml +++ b/.github/workflows/release-merge-tag.yml @@ -40,7 +40,7 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Close the Open Release Pull Requests env: GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} @@ -62,7 +62,7 @@ jobs: pull-requests: read steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 18d5963f70..1f3fed8dcf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -85,7 +85,7 @@ jobs: needs: [validate-repository,look-for-changes] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Draft release with validation id: draft-release env: @@ -141,7 +141,7 @@ jobs: needs: [validate-repository] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} fetch-depth: 0 @@ -303,10 +303,10 @@ jobs: # Clear up space for specific large projects - name: Clear Up Space (Aggressively) for Specific Projects if: contains(fromJson('["core-mcp-server"]'), matrix.changed-directory) - uses: awslabs/mcp/.github/actions/clear-space-ubuntu-latest-agressively@bb62109f04532df81644eb76173ad4f987ab6033 + uses: awslabs/mcp/.github/actions/clear-space-ubuntu-latest-agressively@20e7472ba2174045f54ffd7ea8a0f5d91aae57db #TODO: remove local action checkout when working... - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} sparse-checkout: | @@ -350,7 +350,7 @@ jobs: echo "::debug::Directory validated: $FULL_PATH" - name: Install uv - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3 + uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 - name: Build package working-directory: ${{ env.SRC_DIRECTORY }}/${{ matrix.changed-directory }} run: | @@ -417,7 +417,7 @@ jobs: needs: [validate-repository, draft_release_when_tagged, publish-pypi, publish-npmjs] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Publish release id: create-release env: diff --git a/.github/workflows/scanners.yml b/.github/workflows/scanners.yml index a523be9c39..f337622834 100644 --- a/.github/workflows/scanners.yml +++ b/.github/workflows/scanners.yml @@ -14,8 +14,8 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 #v6.1.0 with: python-version: '3' - run: | diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index bd34ab5553..f6582160b4 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -21,7 +21,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 791a30790a..c66a4c91eb 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -20,8 +20,8 @@ jobs: security-events: write # if: (github.actor != 'dependabot[bot]') steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 #v6.1.0 with: python-version: '3.13' cache: 'pip' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index e93529f601..cb338a1338 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 + - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 with: days-before-stale: -1 days-before-close: -1 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index b399d0c0c3..9f3eb4d656 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -24,7 +24,7 @@ jobs: outputs: dockerfiles: ${{ steps.find-dockerfiles.outputs.dockerfiles }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Find Dockerfiles id: find-dockerfiles run: | @@ -46,7 +46,7 @@ jobs: steps: - name: Clear Up Space (Agressively) for Trivy Scans that Run Out of Space if: contains(toJson('["src/core-mcp-server"]'), matrix.dockerfile) - uses: awslabs/mcp/.github/actions/clear-space-ubuntu-latest-agressively@bb62109f04532df81644eb76173ad4f987ab6033 + uses: awslabs/mcp/.github/actions/clear-space-ubuntu-latest-agressively@20e7472ba2174045f54ffd7ea8a0f5d91aae57db - name: Get Checkout Depth id: checkout-depth @@ -57,7 +57,7 @@ jobs: - name: Checkout code id: checkout-code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true fetch-depth: ${{ steps.checkout-depth.outputs.fetch-depth || '1' }} diff --git a/.github/workflows/typescript.yml b/.github/workflows/typescript.yml index d42c90c73a..65104ec502 100644 --- a/.github/workflows/typescript.yml +++ b/.github/workflows/typescript.yml @@ -14,7 +14,7 @@ jobs: outputs: packages: ${{ steps.find-packages.outputs.packages }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Find JS packages id: find-packages working-directory: src @@ -31,12 +31,12 @@ jobs: name: Build ${{ matrix.package }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version-file: "src/${{ matrix.package }}/.node-version" cache: npm @@ -65,7 +65,7 @@ jobs: npx @cyclonedx/cyclonedx-npm --gather-license-texts --mc-type library --output-format XML > src/${{ matrix.package }}/sbom.cyclondx.xml - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "3.x"