diff --git a/.github/actions/lava-test-plans/action.yml b/.github/actions/lava-test-plans/action.yml index 995010f01..c10f295ba 100644 --- a/.github/actions/lava-test-plans/action.yml +++ b/.github/actions/lava-test-plans/action.yml @@ -23,8 +23,9 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: + persist-credentials: false repository: qualcomm-linux/lava-test-plans path: lava-test-plans ref: 1ab5e2f1d6cc3559ca4685941cc9fd17ab132c2d diff --git a/.github/workflows/build-yocto.yml b/.github/workflows/build-yocto.yml index 57ca1cdef..30bba1a4c 100644 --- a/.github/workflows/build-yocto.yml +++ b/.github/workflows/build-yocto.yml @@ -34,7 +34,9 @@ jobs: wget -qO ${KAS_CONTAINER} https://raw.githubusercontent.com/siemens/kas/refs/tags/$LATEST/kas-container chmod +x ${KAS_CONTAINER} - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Run kas lock run: | @@ -57,7 +59,9 @@ jobs: if: github.repository_owner == 'qualcomm-linux' runs-on: [self-hosted, qcom-u2404, amd64] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Download kas lockfile uses: actions/download-artifact@v7 @@ -116,7 +120,9 @@ jobs: yamlfile: ":ci/linux-qcom-rt-6.18.yml:ci/qcom-distro-kvm.yml" name: ${{ matrix.machine }}/${{ matrix.distro.name }}${{ matrix.kernel.dirname }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Run kas build uses: ./.github/actions/compile @@ -245,7 +251,9 @@ jobs: yamlfile: "" name: ${{ matrix.machine }}/${{ matrix.distro.name }}${{ matrix.kernel.dirname }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Run kas build uses: ./.github/actions/compile diff --git a/.github/workflows/publish-results.yml b/.github/workflows/publish-results.yml index 9cabe365f..bf6b7eb56 100644 --- a/.github/workflows/publish-results.yml +++ b/.github/workflows/publish-results.yml @@ -59,7 +59,7 @@ jobs: private-key: ${{ secrets.TEST_REPORTING_APP_TOKEN }} - name: Publish Test Results - uses: EnricoMi/publish-unit-test-result-action@v2 + uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 # v2.23.0 if: | always() && contains(steps.listfiles.outcome, 'success') diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml index 7102d7576..7e8836264 100644 --- a/.github/workflows/repolinter.yml +++ b/.github/workflows/repolinter.yml @@ -13,19 +13,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 + with: + persist-credentials: false + - name: Verify repolinter config file is present id: check_files - uses: andstor/file-existence-action@v3 + uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3 with: files: "repolint.json" - name: Run Repolinter with local repolint.json if: steps.check_files.outputs.files_exists == 'true' - uses: todogroup/repolinter-action@v1 + uses: todogroup/repolinter-action@4d478dcd860571382da7d512d6dc6dd5f554fbb2 # v1.7.3 with: config_file: "repolint.json" - name: Run Repolinter with default ruleset if: steps.check_files.outputs.files_exists == 'false' - uses: todogroup/repolinter-action@v1 + uses: todogroup/repolinter-action@4d478dcd860571382da7d512d6dc6dd5f554fbb2 # v1.7.3 with: config_url: "https://raw.githubusercontent.com/quic/.github/main/repolint.json" diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index e5aaecccf..6c772b388 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -58,7 +58,7 @@ jobs: echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT - name: Comment on PR - uses: thollander/actions-comment-pull-request@v3 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3 with: file-path: pr-comment.txt pr-number: ${{ steps.pr_comment_prep.outputs.pr_number }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 68fea0a40..f53ee8c87 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -40,9 +40,10 @@ jobs: - machine: qcom-armv7a kernel: _linux-qcom-6.18 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - name: Run lava-test-plans uses: ./.github/actions/lava-test-plans @@ -60,9 +61,10 @@ jobs: outputs: jobmatrix: ${{ steps.listjobs.outputs.jobmatrix }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - name: "List jobs" id: listjobs @@ -99,7 +101,7 @@ jobs: save_result_as_artifact: true save_job_details: true result_file_name: "${{ matrix.target.result_file }}" - - uses: mwasilew/github-action-matrix-outputs-write@v2 + - uses: mwasilew/github-action-matrix-outputs-write@f7202d2224ebed937f287a2e2813e47fddd12bc8 # v2 if: always() id: out with: @@ -116,7 +118,7 @@ jobs: outputs: boot_result: "${{ steps.print-boot-result.outputs.boot_result }}" steps: - - uses: cloudposse/github-action-matrix-outputs-read@v1 + - uses: cloudposse/github-action-matrix-outputs-read@33cac12fa9282a7230a418d859b93fdbc4f27b5a # v1 id: read with: matrix-step-name: "submit-boot-job" @@ -165,9 +167,10 @@ jobs: run: | echo "${RESULT}" - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - name: Run lava-test-plans uses: ./.github/actions/lava-test-plans @@ -186,9 +189,10 @@ jobs: outputs: jobmatrix: ${{ steps.listjobs.outputs.jobmatrix }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - name: "List jobs" id: listjobs @@ -240,9 +244,10 @@ jobs: summary_id: ${{ steps.generate-summary.outputs.artifact_id }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - name: Generate Summary id: generate-summary