diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2d542adf25..7a087044a6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -193,7 +193,7 @@ jobs: > The coverage result does not include the functional test coverage. - name: Save coverage (only main push) - uses: actions/cache/save@v3 + uses: actions/cache/save@v4 if: matrix.target_arch == 'amd64' && matrix.target_os == 'linux' && github.ref == 'refs/heads/main' with: path: ./dist/cache diff --git a/.github/workflows/close-stale-prs.yml b/.github/workflows/close-stale-prs.yml index 04eec4cf6e..7a4b17e8a0 100644 --- a/.github/workflows/close-stale-prs.yml +++ b/.github/workflows/close-stale-prs.yml @@ -16,7 +16,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v5 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-pr-message: 'This pull request has been automatically marked as stale because it has been inactive for 90 days. Remove stale label or comment or this PR will be closed in 7 days.' diff --git a/.github/workflows/devops-boards.yaml b/.github/workflows/devops-boards.yaml index 7e5490999a..d1d053cc1b 100644 --- a/.github/workflows/devops-boards.yaml +++ b/.github/workflows/devops-boards.yaml @@ -13,7 +13,7 @@ jobs: alert: runs-on: ubuntu-latest steps: - - uses: danhellem/github-actions-issue-to-work-item@v2.1 + - uses: danhellem/github-actions-issue-to-work-item@v2.2 env: ado_token: "${{ secrets.ADO_AOCTO_BOT_TOKEN }}" github_token: "${{ secrets.GH_RAD_CI_BOT_PAT }}" diff --git a/.github/workflows/functional-test.yaml b/.github/workflows/functional-test.yaml index 56bc75ffdf..98eec4662f 100644 --- a/.github/workflows/functional-test.yaml +++ b/.github/workflows/functional-test.yaml @@ -100,7 +100,7 @@ jobs: DE_TAG: ${{ steps.gen-id.outputs.DE_TAG }} steps: - name: Get GitHub app token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@v2 id: get_installation_token with: app_id: ${{ env.FUNCTIONAL_TEST_APP_ID }} @@ -124,7 +124,7 @@ jobs: id: get-pr-number - name: 'Set PR context (workflow_run)' if: github.event_name == 'workflow_run' - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -137,7 +137,7 @@ jobs: `PR_NUMBER=${{ steps.get-pr-number.outputs.pr_number }}\n`); - name: Set DE image and tag (repository_dispatch from de-functional-test) if: github.event_name == 'repository_dispatch' - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GH_RAD_CI_BOT_PAT }} script: | @@ -222,7 +222,7 @@ jobs: ## Test Status - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -339,7 +339,7 @@ jobs: DE_TAG: ${{ needs.build.outputs.DE_TAG }} steps: - name: Get GitHub app token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@v2 id: get_installation_token with: app_id: ${{ env.FUNCTIONAL_TEST_APP_ID }} @@ -366,7 +366,7 @@ jobs: ref: refs/heads/edge path: samples - name: Set up Go ${{ env.GOVER }} - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: go-version: ${{ env.GOVER }} - name: Get Go Cache path @@ -374,7 +374,7 @@ jobs: run: | echo "go-build=$(go env GOCACHE)" >> $GITHUB_OUTPUT echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -383,7 +383,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Download rad CLI - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.RAD_CLI_ARTIFACT_NAME }} path: bin @@ -413,7 +413,7 @@ jobs: while [ $(az group exists --name $RESOURCE_GROUP) = false ]; do sleep 2; done env: RESOURCE_GROUP: ${{ env.AZURE_TEST_RESOURCE_GROUP }} - - uses: azure/setup-helm@v3 + - uses: azure/setup-helm@v4 with: version: ${{ env.HELM_VER }} - name: Create KinD cluster @@ -470,7 +470,7 @@ jobs: helm repo add azure-workload-identity https://azure.github.io/azure-workload-identity/charts helm install workload-identity-webhook azure-workload-identity/workload-identity-webhook --namespace radius-default --create-namespace --version ${{ env.AZURE_WORKLOAD_IDENTITY_WEBHOOK_VER }} --set azureTenantID=${{ secrets.AZURE_SP_TESTS_TENANTID }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -571,7 +571,7 @@ jobs: BICEP_RECIPE_REGISTRY: ${{ env.BICEP_RECIPE_REGISTRY }} BICEP_RECIPE_TAG_VERSION: ${{ env.BICEP_RECIPE_TAG_VERSION }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: azure/setup-kubectl@v3 + - uses: azure/setup-kubectl@v4 if: always() with: version: ${{ env.KUBECTL_VER }} @@ -651,7 +651,7 @@ jobs: CHECKOUT_REF: ${{ needs.build.outputs.CHECKOUT_REF }} steps: - name: Get GitHub app token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@v2 id: get_installation_token with: app_id: ${{ env.FUNCTIONAL_TEST_APP_ID }} @@ -695,7 +695,7 @@ jobs: if: failure() && github.event_name == 'schedule' && github.repository == 'radius-project/radius' steps: - name: Create failure issue for failing scheduled run - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GH_RAD_CI_BOT_PAT }} script: | diff --git a/.github/workflows/long-running-azure.yaml b/.github/workflows/long-running-azure.yaml index 2a9639ba9a..24088da4d8 100644 --- a/.github/workflows/long-running-azure.yaml +++ b/.github/workflows/long-running-azure.yaml @@ -107,7 +107,7 @@ jobs: RAD_CLI_ARTIFACT_NAME: ${{ steps.gen-id.outputs.RAD_CLI_ARTIFACT_NAME }} steps: - name: Restore the latest cached binaries - uses: actions/cache/restore@v3 + uses: actions/cache/restore@v4 with: path: ./dist/cache key: radius-test-latest- @@ -214,7 +214,7 @@ jobs: tenant-id: ${{ secrets.AZURE_SP_TESTS_TENANTID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID_TESTS }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -261,7 +261,7 @@ jobs: echo "PR_NUMBER=${{ steps.gen-id.outputs.PR_NUMBER }}" >> ./dist/cache/.buildenv echo "BICEP_RECIPE_TAG_VERSION=${{ steps.gen-id.outputs.REL_VERSION }}" >> ./dist/cache/.buildenv - name: Store the latest binaries into cache - uses: actions/cache/save@v3 + uses: actions/cache/save@v4 if: steps.skip-build.outputs.SKIP_BUILD != 'true' && success() with: path: ./dist/cache @@ -322,13 +322,13 @@ jobs: go-version: ${{ env.GOVER }} - name: Download rad CLI if: env.SKIP_BUILD != 'true' - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.RAD_CLI_ARTIFACT_NAME }} path: bin - name: Restore the latest cached binaries if: env.SKIP_BUILD == 'true' - uses: actions/cache/restore@v3 + uses: actions/cache/restore@v4 with: path: ./dist/cache key: radius-test-latest- @@ -345,7 +345,7 @@ jobs: tenant-id: ${{ secrets.AZURE_SP_TESTS_TENANTID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID_TESTS }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -503,7 +503,7 @@ jobs: if: failure() && github.repository == 'radius-project/radius' && github.event_name == 'schedule' steps: - name: Create failure issue for failing long running test run - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GH_RAD_CI_BOT_PAT }} script: | diff --git a/.github/workflows/publish-bicep.yaml b/.github/workflows/publish-bicep.yaml index 8c424686e1..5b2971508c 100644 --- a/.github/workflows/publish-bicep.yaml +++ b/.github/workflows/publish-bicep.yaml @@ -57,7 +57,7 @@ jobs: cp -R hack/bicep-types-radius/generated/* workflow-temp/bicep/src/Bicep.Types.Radius/generated - name: Create Pull Request in radius-project/bicep repo - uses: peter-evans/create-pull-request@v4 + uses: peter-evans/create-pull-request@v6 with: path: workflow-temp/bicep token: ${{ secrets.GH_RAD_CI_BOT_PAT }} diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index 604f359c23..bf9bfc45a5 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -104,7 +104,7 @@ jobs: git status --porcelain -unormal -- *.md - name: Create pull request if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.open_pull_request == 'true') - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: ${{ secrets.GH_RAD_CI_BOT_PAT }} path: docs diff --git a/.github/workflows/purge-aws-test-resources.yaml b/.github/workflows/purge-aws-test-resources.yaml index 160a0f7636..8ebc612d25 100644 --- a/.github/workflows/purge-aws-test-resources.yaml +++ b/.github/workflows/purge-aws-test-resources.yaml @@ -32,7 +32,7 @@ jobs: if: github.repository == 'radius-project/radius' steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.FUNCTEST_AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.FUNCTEST_AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/radius-bot.yaml b/.github/workflows/radius-bot.yaml index 994f0ced5c..6a93863367 100644 --- a/.github/workflows/radius-bot.yaml +++ b/.github/workflows/radius-bot.yaml @@ -16,7 +16,7 @@ jobs: .github/scripts/radius-bot.js sparse-checkout-cone-mode: false - name: Comment analyzer - uses: actions/github-script@v6 + uses: actions/github-script@v7 env: TEAM_SLUG: 'approvers-radius' with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6602d64405..a655f04dc0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -46,7 +46,7 @@ jobs: uses: actions/checkout@v4 - name: Get supported versions from versions.yaml id: get-supported-versions - uses: mikefarah/yq@v4.34.2 + uses: mikefarah/yq@v4.43.1 with: # Get a comma-separated list of supported versions cmd: yq '.supported[].version' versions.yaml | tr '\n' ',' | sed 's/,$//' @@ -165,7 +165,7 @@ jobs: git config --global user.email "radiuscoreteam@service.microsoft.com" - name: Get supported versions from versions.yaml id: get-supported-versions - uses: mikefarah/yq@v4.34.2 + uses: mikefarah/yq@v4.43.1 with: # Get a comma-separated list of supported versions cmd: yq '.supported[].version' ./radius/versions.yaml | tr '\n' ',' | sed 's/,$//' diff --git a/.github/workflows/retry-functional-test.yaml b/.github/workflows/retry-functional-test.yaml index 26e25f4df0..03087a0344 100644 --- a/.github/workflows/retry-functional-test.yaml +++ b/.github/workflows/retry-functional-test.yaml @@ -90,7 +90,7 @@ jobs: DE_TAG: ${{ steps.gen-id.outputs.DE_TAG }} steps: - name: Get GitHub app token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@v2 id: get_installation_token with: app_id: ${{ env.FUNCTIONAL_TEST_APP_ID }} @@ -169,7 +169,7 @@ jobs: ## Test Status - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -285,7 +285,7 @@ jobs: DE_TAG: ${{ needs.build.outputs.DE_TAG }} steps: - name: Get GitHub app token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@v2 id: get_installation_token with: app_id: ${{ env.FUNCTIONAL_TEST_APP_ID }} @@ -320,7 +320,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Download rad CLI - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.RAD_CLI_ARTIFACT_NAME }} path: bin @@ -407,7 +407,7 @@ jobs: helm repo add azure-workload-identity https://azure.github.io/azure-workload-identity/charts helm install workload-identity-webhook azure-workload-identity/workload-identity-webhook --namespace radius-default --create-namespace --version ${{ env.AZURE_WORKLOAD_IDENTITY_WEBHOOK_VER }} --set azureTenantID=${{ secrets.AZURE_SP_TESTS_TENANTID }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -508,7 +508,7 @@ jobs: BICEP_RECIPE_REGISTRY: ${{ env.BICEP_RECIPE_REGISTRY }} BICEP_RECIPE_TAG_VERSION: ${{ env.BICEP_RECIPE_TAG_VERSION }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: azure/setup-kubectl@v3 + - uses: azure/setup-kubectl@v4 if: always() with: version: ${{ env.KUBECTL_VER }} diff --git a/.github/workflows/triage-bot.yaml b/.github/workflows/triage-bot.yaml index dbc919b89d..4062a63c1f 100644 --- a/.github/workflows/triage-bot.yaml +++ b/.github/workflows/triage-bot.yaml @@ -29,12 +29,12 @@ jobs: env: RADIUS_TRIAGE_BOT_APP_ID: 417813 steps: - - uses: tibdex/github-app-token@v1 + - uses: tibdex/github-app-token@v2 id: get_installation_token with: app_id: ${{ env.RADIUS_TRIAGE_BOT_APP_ID }} private_key: ${{ secrets.RADIUS_TRIAGE_BOT_PRIVATE_KEY }} - - uses: dessant/label-actions@v3 + - uses: dessant/label-actions@v4 with: github-token: ${{ steps.get_installation_token.outputs.token }} config-path: '.github/triage-bot/triage-bot-config.yaml'