Upgrade action version to resolve vulnerability

Signed-off-by: Young Bu Park <[email protected]>
radius-project · Mar 29, 2024 · cfcd47d · cfcd47d
1 parent 901b735
commit cfcd47d
Show file tree

Hide file tree

Showing 17 changed files with 64 additions and 82 deletions.
diff --git a/.github/workflows/assets.yaml b/.github/workflows/assets.yaml
@@ -29,7 +29,7 @@ jobs:
     if: github.repository == 'radius-project/radius'
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Parse release version and set environment variables
         run: python ./.github/scripts/get_release_version.py
       # The install scripts are not versioned. They go to tools/rad/install.{sh,ps1}

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -82,14 +82,14 @@ jobs:
             target_arch: arm64
     steps:
       - name: Check out repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Go ${{ env.GOVER }}
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GOVER }}
           cache-dependency-path: go.sum
       - name: Restore the previous coverage
-        uses: actions/cache/restore@v3
+        uses: actions/cache/restore@v4
         with:
           path: ./dist/cache
           key: radius-coverage-
@@ -124,12 +124,12 @@ jobs:
           mkdir ${{ env.RELEASE_PATH }}
           cp ./dist/${{ matrix.target_os}}_${{ matrix.target_arch}}/release/rad.exe ${{ env.RELEASE_PATH }}/rad_${{ matrix.target_os}}_${{ matrix.target_arch}}.exe
       - name: Upload Release binaries 
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: rad_cli_release
           path: ${{ env.RELEASE_PATH }}
       - name: Upload CLI binary
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: rad_cli_${{ matrix.target_os}}_${{ matrix.target_arch}}
           path: |
@@ -173,7 +173,7 @@ jobs:
           GO_TOOL_COVER: go tool cover
       - name: Upload unit-test coverage artifact
         if: matrix.target_arch == 'amd64' && matrix.target_os == 'linux'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: unit_test_coverage
           path: |
@@ -206,7 +206,7 @@ jobs:
           path: ./dist/cache
           key: radius-coverage-${{ github.sha }}-${{ github.run_number }}
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -231,23 +231,23 @@ jobs:
     if: github.repository == 'radius-project/radius'
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Parse release version and set environment variables
         run: python ./.github/scripts/get_release_version.py
       - name: Set up Go ${{ env.GOVER }}
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GOVER }}
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         with:
           platforms: linux/amd64,linux/arm64,linux/arm/v7
       - name: Push container images (latest)
@@ -291,9 +291,9 @@ jobs:
       OCI_REPOSITORY: 'radius-project/helm-chart' 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install helm
-        uses: Azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: 'v3.11.1'
       - name: Parse release version and set environment variables
@@ -333,11 +333,11 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GH_RAD_CI_BOT_PAT }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Parse release version and set environment variables
         run: python ./.github/scripts/get_release_version.py
       - name: Download release artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: rad_cli_release
           path: ${{ env.RELEASE_PATH }}
@@ -360,21 +360,3 @@ jobs:
             --title "Radius v${{ env.REL_VERSION }}" \
             --notes-file docs/release-notes/v${{ env.REL_VERSION }}.md \
             --verify-tag
-
-  delete_artifacts:
-    name: Delete artifacts
-    needs: ['build-and-push-cli']
-    if: github.repository == 'radius-project/radius' && ${{ always() && !contains(needs.build-and-push-cli.result, 'failure') }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Delete release artifacts
-        uses: geekyeggo/delete-artifact@v1
-        with:
-          name: |
-            rad_cli_windows_amd64
-            rad_cli_linux_amd64
-            rad_cli_darwin_amd64
-            rad_cli_linux_arm
-            rad_cli_darwin_arm64
-            rad_cli_linux_arm64
-          failOnError: false
diff --git a/.github/workflows/devcontainer-feature-release.yaml b/.github/workflows/devcontainer-feature-release.yaml
@@ -18,7 +18,7 @@ jobs:
       pull-requests: write
       packages: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: "Publish Features"
         uses: devcontainers/action@v1

diff --git a/.github/workflows/devcontainer-feature-test.yaml b/.github/workflows/devcontainer-feature-test.yaml
@@ -22,7 +22,7 @@ jobs:
           - mcr.microsoft.com/devcontainers/base:ubuntu
           - mcr.microsoft.com/devcontainers/base:debian
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: "Install latest devcontainer CLI"
         run: npm install -g @devcontainers/cli
@@ -34,7 +34,7 @@ jobs:
   test-scenarios:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: "Install latest devcontainer CLI"
         run: npm install -g @devcontainers/cli

diff --git a/.github/workflows/functional-test.yaml b/.github/workflows/functional-test.yaml
@@ -117,7 +117,7 @@ jobs:
             echo "CHECKOUT_REF=${{ github.ref }}" >> $GITHUB_ENV
             echo "PR_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_ENV
       - name: Use custom actions
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: 'Download PR data artifacts'
         if: github.event_name == 'workflow_run'
         uses: ./.github/actions/download-pr-data-artifact
@@ -153,12 +153,12 @@ jobs:
               );
             }
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ${{ env.CHECKOUT_REPO }}
           ref: ${{ env.CHECKOUT_REF }}
       - name: Set up Go ${{ env.GOVER }}
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GOVER }}
       - name: Generate ID for release
@@ -344,7 +344,7 @@ jobs:
         with: 
           app_id: ${{ env.FUNCTIONAL_TEST_APP_ID }}
           private_key: ${{ secrets.FUNCTIONAL_TEST_APP_PRIVATE_KEY }}
-      - uses: LouisBrunner/checks-action@v1.6.1
+      - uses: LouisBrunner/checks-action@v2.0.0
         if: always()
         with:
           token: ${{ steps.get_installation_token.outputs.token }}
@@ -354,12 +354,12 @@ jobs:
           sha: ${{ env.CHECKOUT_REF }}
           details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ${{ env.CHECKOUT_REPO }}
           ref: ${{ env.CHECKOUT_REF }}
       - name: Checkout samples repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         if: matrix.name == 'samples'
         with:
           repository: radius-project/samples
@@ -676,7 +676,7 @@ jobs:
           done
           echo "Test Status: $TEST_STATUS"
           echo "test_status=$TEST_STATUS" >> $GITHUB_OUTPUT
-      - uses: LouisBrunner/checks-action@v1.6.1
+      - uses: LouisBrunner/checks-action@v2.0.0
         if: always()
         with:
           token: ${{ steps.get_installation_token.outputs.token }}

diff --git a/.github/workflows/functional-tests-approval.yaml b/.github/workflows/functional-tests-approval.yaml
@@ -12,6 +12,6 @@ jobs:
     environment: functional-tests
     steps:
     - name: Use custom actions
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Save PR number
       uses: ./.github/actions/save-pr-as-artifact
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -38,13 +38,13 @@ jobs:
       HELM_CHARTS_DIR: deploy/Chart
     steps:
       - name: Check out repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Go ${{ env.GOVER }}
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GOVER }}
       - name: Setup NodeJS
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '18'
       - name: Install TypeSpec compiler
@@ -61,14 +61,14 @@ jobs:
       - name: Install controller-gen
         run: go install sigs.k8s.io/controller-tools/cmd/[email protected]
       - name: Install helm
-        uses: Azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: 'v3.11.1'
       - name: Run Helm linter
         run: |
           helm lint ${{ env.HELM_CHARTS_DIR }}
       - name: Run linter
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v4
         with:
           version: 'latest'
           args: --timeout=10m

diff --git a/.github/workflows/long-running-azure.yaml b/.github/workflows/long-running-azure.yaml
@@ -170,13 +170,13 @@ jobs:
           fi
       - name: Check out code
         if: steps.skip-build.outputs.SKIP_BUILD != 'true'
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ${{ env.CHECKOUT_REPO }}
           ref: ${{ env.CHECKOUT_REF }}
       - name: Set up Go ${{ env.GOVER }}
         if: steps.skip-build.outputs.SKIP_BUILD != 'true'
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GOVER }}
       - name: Log the summary of build info for new version.
@@ -310,19 +310,19 @@ jobs:
       BICEP_RECIPE_TAG_VERSION: ${{ needs.build.outputs.REL_VERSION }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ${{ env.CHECKOUT_REPO }}
           ref: ${{ env.CHECKOUT_REF }}
       - name: Checkout samples repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: radius-project/samples
           ref: refs/heads/edge
           token: ${{ secrets.GH_RAD_CI_BOT_PAT }}
           path: samples
       - name: Set up Go ${{ env.GOVER }}
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GOVER }}
       - name: Download rad CLI

diff --git a/.github/workflows/publish-bicep.yaml b/.github/workflows/publish-bicep.yaml
@@ -33,7 +33,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Checkout PR branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -44,7 +44,7 @@ jobs:
           echo "gh_uri=https://github.com/radius-project/radius/tree/$(git rev-parse HEAD)/hack/bicep-types-radius/generated" >> $GITHUB_OUTPUT
 
       - name: Clone https://github.com/radius-project/bicep
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.GH_RAD_CI_BOT_PAT }}
           repository: radius-project/bicep

diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml
@@ -27,7 +27,7 @@ jobs:
       GOPRIVATE: github.com/radius-project
     steps:
       - name: Checkout radius repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: radius-project/radius
           path: radius
@@ -41,14 +41,14 @@ jobs:
             echo DOCS_BRANCH="edge" >> $GITHUB_ENV
           fi
       - name: Checkout docs repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: radius-project/docs
           path: docs
           ref: ${{ env.DOCS_BRANCH }}
       # Setup dependencies
       - name: Set up Go ${{ env.GOVER }}
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GOVER }}
           cache-dependency-path: radius/go.sum

diff --git a/.github/workflows/radius-bot.yaml b/.github/workflows/radius-bot.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           sparse-checkout: |
             .github/scripts/radius-bot.js

diff --git a/.github/workflows/release-verification.yaml b/.github/workflows/release-verification.yaml
@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'radius-project/radius'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Ensure inputs.version is valid semver
         run: |
           python ./.github/scripts/validate_semver.py ${{ inputs.version }}