This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch chart/v1-2x-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/chart/v1-2x-test by this push:
new e38667753c3 Fix chart 1-2x line CI startup failure from
non-allowlisted actions (#69630)
e38667753c3 is described below
commit e38667753c380bc9f48d19090d94553a5183e3fb
Author: Jarek Potiuk <[email protected]>
AuthorDate: Wed Jul 8 23:40:42 2026 +0200
Fix chart 1-2x line CI startup failure from non-allowlisted actions (#69630)
Pull requests targeting chart/v1-2x-test failed to run any CI: every run
ended in startup_failure and reported only branch-independent bot checks,
so a PR could sit with no tests, static checks, or CodeQL. The cause was
aws-actions/configure-aws-credentials pinned at v6.0.0, a version no longer
on the ASF Actions allowlist; GitHub refuses to start a workflow that
references a non-allowlisted action, and startup_failure produces no check
runs, which is why the failure was invisible on the PR.
Bump the stale action pins on this branch to the allowlisted revisions
already
used on main, and add the ASF Allowlist Check workflow so future drift onto
a
non-allowlisted action is caught here instead of silently breaking CI.
---
.github/actions/install-prek/action.yml | 4 +--
.github/actions/post_tests_failure/action.yml | 6 ++--
.github/actions/post_tests_success/action.yml | 2 +-
.../actions/prepare_breeze_and_image/action.yml | 2 +-
.github/actions/prepare_single_ci_image/action.yml | 2 +-
.github/workflows/additional-ci-image-checks.yml | 2 +-
.github/workflows/additional-prod-image-tests.yml | 8 ++---
.github/workflows/airflow-distributions-tests.yml | 2 +-
.github/workflows/airflow-e2e-tests.yml | 4 +--
...{registry-tests.yml => asf-allowlist-check.yml} | 40 +++++-----------------
.github/workflows/automatic-backport.yml | 2 +-
.github/workflows/backport-cli.yml | 2 +-
.github/workflows/basic-tests.yml | 38 ++++++++++----------
.github/workflows/ci-amd-arm.yml | 24 ++++++-------
.github/workflows/ci-image-build.yml | 8 ++---
.github/workflows/ci-image-checks.yml | 28 +++++++--------
.github/workflows/ci-notification.yml | 10 +++---
.github/workflows/codeql-analysis.yml | 8 ++---
.github/workflows/finalize-tests.yml | 6 ++--
.github/workflows/generate-constraints.yml | 4 +--
.github/workflows/helm-tests.yml | 6 ++--
.github/workflows/integration-system-tests.yml | 6 ++--
.github/workflows/k8s-tests.yml | 4 +--
.github/workflows/milestone-tag-assistant.yml | 4 +--
.github/workflows/prod-image-build.yml | 8 ++---
.github/workflows/publish-docs-to-s3.yml | 14 ++++----
.github/workflows/push-image-cache.yml | 4 +--
.github/workflows/recheck-old-bug-report.yml | 2 +-
.github/workflows/registry-backfill.yml | 14 ++++----
.github/workflows/registry-build.yml | 10 +++---
.github/workflows/registry-tests.yml | 4 +--
.github/workflows/release_dockerhub_image.yml | 2 +-
.../workflows/release_single_dockerhub_image.yml | 6 ++--
.github/workflows/run-unit-tests.yml | 2 +-
.github/workflows/stale.yml | 4 +--
.github/workflows/test-providers.yml | 4 +--
.github/workflows/ui-e2e-tests.yml | 8 ++---
.github/workflows/update-constraints-on-push.yml | 8 ++---
38 files changed, 144 insertions(+), 168 deletions(-)
diff --git a/.github/actions/install-prek/action.yml
b/.github/actions/install-prek/action.yml
index d763c005fbd..139f8f53df5 100644
--- a/.github/actions/install-prek/action.yml
+++ b/.github/actions/install-prek/action.yml
@@ -61,7 +61,7 @@ runs:
echo
shell: bash
- name: "Restore prek cache"
- uses:
apache/infrastructure-actions/stash/restore@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/restore@49df447b39b18354895520e0a63731b7cad7cbec
with:
# yamllint disable rule:line-length
key: cache-prek-v9-${{ inputs.platform }}-python${{
inputs.python-version }}-uv${{ inputs.uv-version }}-${{
hashFiles('**/.pre-commit-config.yaml') }}
@@ -110,7 +110,7 @@ runs:
shell: bash
if: inputs.save-cache == 'true'
- name: "Save prek cache"
- uses:
apache/infrastructure-actions/stash/save@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/save@49df447b39b18354895520e0a63731b7cad7cbec
with:
# yamllint disable rule:line-length
key: cache-prek-v9-${{ inputs.platform }}-python${{
inputs.python-version }}-uv${{ inputs.uv-version }}-${{
hashFiles('**/.pre-commit-config.yaml') }}
diff --git a/.github/actions/post_tests_failure/action.yml
b/.github/actions/post_tests_failure/action.yml
index e6bbf03ad94..275339a5445 100644
--- a/.github/actions/post_tests_failure/action.yml
+++ b/.github/actions/post_tests_failure/action.yml
@@ -22,21 +22,21 @@ runs:
using: "composite"
steps:
- name: "Upload airflow logs"
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
# v4.6.2
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: airflow-logs-${{env.JOB_ID}}
path: './files/airflow_logs*'
retention-days: 7
if-no-files-found: ignore
- name: "Upload container logs"
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
# v4.6.2
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: container-logs-${{env.JOB_ID}}
path: "./files/container_logs*"
retention-days: 7
if-no-files-found: ignore
- name: "Upload other logs"
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
# v4.6.2
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: container-logs-${{env.JOB_ID}}
path: "./files/other_logs*"
diff --git a/.github/actions/post_tests_success/action.yml
b/.github/actions/post_tests_success/action.yml
index 7298fadaf7c..4c41a9331ec 100644
--- a/.github/actions/post_tests_success/action.yml
+++ b/.github/actions/post_tests_success/action.yml
@@ -31,7 +31,7 @@ runs:
using: "composite"
steps:
- name: "Upload artifact for warnings"
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
# v4.6.2
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: test-warnings-${{ env.JOB_ID }}
path: ./files/warnings-*.txt
diff --git a/.github/actions/prepare_breeze_and_image/action.yml
b/.github/actions/prepare_breeze_and_image/action.yml
index c1677502f1f..6e6c4efd205 100644
--- a/.github/actions/prepare_breeze_and_image/action.yml
+++ b/.github/actions/prepare_breeze_and_image/action.yml
@@ -57,7 +57,7 @@ runs:
echo "Checking free space!"
df -H
- name: "Restore ${{ inputs.image-type }} docker image ${{ inputs.platform
}}:${{ inputs.python }}"
- uses:
apache/infrastructure-actions/stash/restore@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/restore@49df447b39b18354895520e0a63731b7cad7cbec
with:
key: ${{ inputs.image-type }}-image-save-v3-${{ inputs.platform }}-${{
inputs.python }}
path: "/mnt/"
diff --git a/.github/actions/prepare_single_ci_image/action.yml
b/.github/actions/prepare_single_ci_image/action.yml
index f8046de085b..1ebfdbd474a 100644
--- a/.github/actions/prepare_single_ci_image/action.yml
+++ b/.github/actions/prepare_single_ci_image/action.yml
@@ -36,7 +36,7 @@ runs:
using: "composite"
steps:
- name: "Restore CI docker images ${{ inputs.platform }}:${{ inputs.python
}}"
- uses:
apache/infrastructure-actions/stash/restore@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/restore@49df447b39b18354895520e0a63731b7cad7cbec
with:
key: ci-image-save-v3-${{ inputs.platform }}-${{ inputs.python }}
path: "/mnt/"
diff --git a/.github/workflows/additional-ci-image-checks.yml
b/.github/workflows/additional-ci-image-checks.yml
index 6a33cea24a9..92fcf817d9d 100644
--- a/.github/workflows/additional-ci-image-checks.yml
+++ b/.github/workflows/additional-ci-image-checks.yml
@@ -135,7 +135,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
diff --git a/.github/workflows/additional-prod-image-tests.yml
b/.github/workflows/additional-prod-image-tests.yml
index 03a94c84179..7823b285ef8 100644
--- a/.github/workflows/additional-prod-image-tests.yml
+++ b/.github/workflows/additional-prod-image-tests.yml
@@ -127,7 +127,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 2
persist-credentials: false
@@ -165,7 +165,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 2
persist-credentials: false
@@ -196,7 +196,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 2
persist-credentials: false
@@ -309,7 +309,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 2
persist-credentials: false
diff --git a/.github/workflows/airflow-distributions-tests.yml
b/.github/workflows/airflow-distributions-tests.yml
index 53692b5d873..2ab786b290a 100644
--- a/.github/workflows/airflow-distributions-tests.yml
+++ b/.github/workflows/airflow-distributions-tests.yml
@@ -90,7 +90,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ matrix.python-version }}"
diff --git a/.github/workflows/airflow-e2e-tests.yml
b/.github/workflows/airflow-e2e-tests.yml
index cee6f855dc8..276909286cf 100644
--- a/.github/workflows/airflow-e2e-tests.yml
+++ b/.github/workflows/airflow-e2e-tests.yml
@@ -100,7 +100,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 2
persist-credentials: false
@@ -123,7 +123,7 @@ jobs:
cd ./airflow-e2e-tests && zip -r logs.zip logs
if: always()
- name: "Upload logs"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: "e2e-test-logs-${{ inputs.e2e_test_mode }}"
path: './airflow-e2e-tests/logs.zip'
diff --git a/.github/workflows/registry-tests.yml
b/.github/workflows/asf-allowlist-check.yml
similarity index 50%
copy from .github/workflows/registry-tests.yml
copy to .github/workflows/asf-allowlist-check.yml
index 38143ab8a6b..026751755c4 100644
--- a/.github/workflows/registry-tests.yml
+++ b/.github/workflows/asf-allowlist-check.yml
@@ -14,45 +14,21 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-#
---
-name: Registry Tests
-on: # yamllint disable-line rule:truthy
+name: "ASF Allowlist Check"
+"on":
pull_request:
- branches: [main]
- paths:
- - 'dev/registry/**'
- - 'registry/**'
- - 'providers/*/provider.yaml'
- - 'providers/*/*/provider.yaml'
- - '.github/workflows/registry-tests.yml'
+ paths: [".github/**"]
push:
- branches: [main]
- paths:
- - 'dev/registry/**'
-
+ branches: ['chart/v[0-9]+-[0-9]x+-test']
+ paths: [".github/**"]
permissions:
contents: read
-
-concurrency:
- group: registry-tests-${{ github.event.pull_request.number || github.ref }}
- cancel-in-progress: true
-
jobs:
- registry-tests:
- name: "Registry extraction tests"
+ asf-allowlist-check:
runs-on: ubuntu-latest
- timeout-minutes: 5
steps:
- - name: "Checkout repository"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
-
- - name: "Install uv"
- uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 #
v7.6.0
- with:
- python-version: "3.12"
-
- - name: "Run registry extraction tests"
- run: cd dev/registry && uv run --group dev pytest tests/ -v
+ - uses:
apache/infrastructure-actions/allowlist-check@4e9c961f587f72b170874b6f5cd4ac15f7f26eb8
# main
diff --git a/.github/workflows/automatic-backport.yml
b/.github/workflows/automatic-backport.yml
index 2abe2b8f382..afe20ce780d 100644
--- a/.github/workflows/automatic-backport.yml
+++ b/.github/workflows/automatic-backport.yml
@@ -45,7 +45,7 @@ jobs:
- name: Find PR information
id: pr-info
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
# v8.0.0
+ uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
# v9.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
diff --git a/.github/workflows/backport-cli.yml
b/.github/workflows/backport-cli.yml
index 9ed750a5fbc..46fbe0cae6f 100644
--- a/.github/workflows/backport-cli.yml
+++ b/.github/workflows/backport-cli.yml
@@ -53,7 +53,7 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
id: checkout-for-backport
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: true
fetch-depth: 0
diff --git a/.github/workflows/basic-tests.yml
b/.github/workflows/basic-tests.yml
index dfa988fb9c6..4e850ff8c61 100644
--- a/.github/workflows/basic-tests.yml
+++ b/.github/workflows/basic-tests.yml
@@ -91,7 +91,7 @@ jobs:
- name: "Cleanup repo"
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
# Need to fetch all history for selective checks tests
fetch-depth: 0
@@ -110,7 +110,7 @@ jobs:
- name: "Cleanup repo"
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 0
persist-credentials: false
@@ -119,7 +119,7 @@ jobs:
- name: "Install SVN"
run: sudo apt-get update && sudo apt-get install -y subversion
- name: "Install Java (for Apache RAT)"
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
+ uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 #
v5.4.0
with:
distribution: 'temurin'
java-version: '17'
@@ -138,7 +138,7 @@ jobs:
runs-on: ${{ fromJSON(inputs.runners) }}
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 1
persist-credentials: false
@@ -156,7 +156,7 @@ jobs:
if: inputs.run-scripts-tests == 'true'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 1
persist-credentials: false
@@ -178,22 +178,22 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: Setup pnpm
- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #
v5.0.0
+ uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 #
v6.0.9
with:
version: 9
run_install: false
- name: "Setup node"
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #
v6.3.0
+ uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #
v6.4.0
with:
node-version: 24
cache: 'pnpm'
cache-dependency-path: 'airflow-core/src/airflow/**/pnpm-lock.yaml'
- name: "Restore eslint cache (ui)"
- uses:
apache/infrastructure-actions/stash/restore@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/restore@49df447b39b18354895520e0a63731b7cad7cbec
with:
path: airflow-core/src/airflow/ui/node_modules/
# yamllint disable-line rule:line-length
@@ -204,7 +204,7 @@ jobs:
env:
FORCE_COLOR: 2
- name: "Save eslint cache (ui)"
- uses:
apache/infrastructure-actions/stash/save@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/save@49df447b39b18354895520e0a63731b7cad7cbec
with:
path: airflow-core/src/airflow/ui/node_modules/
key: cache-ui-node-modules-v1-${{ runner.os }}-${{
hashFiles('airflow/ui/**/pnpm-lock.yaml') }}
@@ -212,7 +212,7 @@ jobs:
retention-days: '2'
if: steps.restore-eslint-cache-ui.outputs.stash-hit != 'true'
- name: "Restore eslint cache (simple auth manager UI)"
- uses:
apache/infrastructure-actions/stash/restore@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/restore@49df447b39b18354895520e0a63731b7cad7cbec
with:
path:
airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/node_modules/
key: >
@@ -224,7 +224,7 @@ jobs:
env:
FORCE_COLOR: 2
- name: "Save eslint cache (ui)"
- uses:
apache/infrastructure-actions/stash/save@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/save@49df447b39b18354895520e0a63731b7cad7cbec
with:
path:
airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/node_modules/
key: >
@@ -240,7 +240,7 @@ jobs:
runs-on: ${{ fromJSON(inputs.runners) }}
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
@@ -261,7 +261,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
@@ -275,7 +275,7 @@ jobs:
platform: ${{ inputs.platform }}
save-cache: true
- name: Fetch incoming commit ${{ github.sha }} with its parent
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
ref: ${{ github.sha }}
fetch-depth: 2
@@ -296,7 +296,7 @@ jobs:
runs-on: ["windows-2025"]
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 2
persist-credentials: false
@@ -313,7 +313,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
@@ -400,7 +400,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
@@ -447,7 +447,7 @@ jobs:
FORCE_COLOR: 1
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install uv"
diff --git a/.github/workflows/ci-amd-arm.yml b/.github/workflows/ci-amd-arm.yml
index fef5615c381..9f09ae7087d 100644
--- a/.github/workflows/ci-amd-arm.yml
+++ b/.github/workflows/ci-amd-arm.yml
@@ -149,11 +149,11 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: Fetch incoming commit ${{ github.sha }} with its parent
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
ref: ${{ github.sha }}
fetch-depth: 2
@@ -226,7 +226,7 @@ jobs:
timeout-minutes: 10
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install uv"
@@ -843,12 +843,12 @@ jobs:
VERBOSE: "true"
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
# keep this in sync with go.mod in go-sdk/
- name: Setup Go
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #
v6.3.0
+ uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 #
v6.5.0
with:
go-version: 1.24
cache-dependency-path: go-sdk/go.sum
@@ -947,7 +947,7 @@ jobs:
runs-on: ["ubuntu-22.04"]
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Get failing jobs"
@@ -980,7 +980,7 @@ jobs:
CURRENT_FAILURES: "${{ steps.get-failures.outputs.failed-jobs }}"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Upload notification state"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: "slack-state-tests-${{ github.ref_name }}"
path: ./slack-state/
@@ -988,7 +988,7 @@ jobs:
overwrite: true
- name: "Notify Slack (new/changed failures)"
if: steps.notification.outputs.action == 'notify_new'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
@@ -1004,7 +1004,7 @@ jobs:
# yamllint enable rule:line-length
- name: "Notify Slack (still not fixed)"
if: steps.notification.outputs.action == 'notify_reminder'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
@@ -1020,7 +1020,7 @@ jobs:
# yamllint enable rule:line-length
- name: "Notify Slack (all tests passing)"
if: steps.notification.outputs.action == 'notify_recovery'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
@@ -1060,7 +1060,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Free up disk space"
@@ -1081,7 +1081,7 @@ jobs:
--pattern "**/warnings-*.txt" \
--output ./files
- name: "Upload artifact for summarized warnings"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: "test-summarized-warnings"
path: ./files/warn-summary-*.txt
diff --git a/.github/workflows/ci-image-build.yml
b/.github/workflows/ci-image-build.yml
index d1415ed53fc..b381836f5ac 100644
--- a/.github/workflows/ci-image-build.yml
+++ b/.github/workflows/ci-image-build.yml
@@ -118,7 +118,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout target branch"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Free up disk space"
@@ -131,7 +131,7 @@ jobs:
- name: "Install Breeze"
uses: ./.github/actions/breeze
- name: "Restore ci-cache mount image ${{ inputs.platform }}:${{
env.PYTHON_MAJOR_MINOR_VERSION }}"
- uses:
apache/infrastructure-actions/stash/restore@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/restore@49df447b39b18354895520e0a63731b7cad7cbec
with:
key: "ci-cache-mount-save-v3-${{ inputs.platform }}-${{
env.PYTHON_MAJOR_MINOR_VERSION }}"
path: "/tmp/"
@@ -188,7 +188,7 @@ jobs:
run: breeze ci-image save --platform "${PLATFORM}" --image-file-dir
"/mnt"
if: inputs.upload-image-artifact == 'true'
- name: "Stash CI docker image ${{ env.PYTHON_MAJOR_MINOR_VERSION }}"
- uses:
apache/infrastructure-actions/stash/save@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/save@49df447b39b18354895520e0a63731b7cad7cbec
with:
key: ci-image-save-v3-${{ inputs.platform }}-${{
env.PYTHON_MAJOR_MINOR_VERSION }}
path: "/mnt/ci-image-save-*-${{ env.PYTHON_MAJOR_MINOR_VERSION
}}.tar"
@@ -203,7 +203,7 @@ jobs:
--cache-file
/tmp/ci-cache-mount-save-v3-${PYTHON_MAJOR_MINOR_VERSION}.tar.gz
if: inputs.upload-mount-cache-artifact == 'true'
- name: "Stash cache mount ${{ inputs.platform }}:${{
env.PYTHON_MAJOR_MINOR_VERSION }}"
- uses:
apache/infrastructure-actions/stash/save@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/save@49df447b39b18354895520e0a63731b7cad7cbec
with:
key: "ci-cache-mount-save-v3-${{ inputs.platform }}-${{
env.PYTHON_MAJOR_MINOR_VERSION }}"
path: "/tmp/ci-cache-mount-save-v3-${{
env.PYTHON_MAJOR_MINOR_VERSION }}.tar.gz"
diff --git a/.github/workflows/ci-image-checks.yml
b/.github/workflows/ci-image-checks.yml
index 9d21ad2f92c..967bcc28228 100644
--- a/.github/workflows/ci-image-checks.yml
+++ b/.github/workflows/ci-image-checks.yml
@@ -138,7 +138,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ inputs.default-python-version }}"
@@ -186,7 +186,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Free up disk space"
@@ -240,7 +240,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ inputs.default-python-version }}"
@@ -251,7 +251,7 @@ jobs:
use-uv: ${{ inputs.use-uv }}
make-mnt-writeable-and-cleanup: true
- name: "Restore docs inventory cache"
- uses:
apache/infrastructure-actions/stash/restore@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/restore@49df447b39b18354895520e0a63731b7cad7cbec
with:
path: ./generated/_inventory_cache/
key: cache-docs-inventory-v1
@@ -310,7 +310,7 @@ jobs:
always() &&
inputs.canary-run == 'true' &&
matrix.flag == '--docs-only'
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: "slack-state-inventory-${{ inputs.branch }}"
path: ./slack-state/
@@ -321,7 +321,7 @@ jobs:
inputs.canary-run == 'true' &&
matrix.flag == '--docs-only' &&
steps.inventory-notification.outputs.action == 'notify_new'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
@@ -337,7 +337,7 @@ jobs:
inputs.canary-run == 'true' &&
matrix.flag == '--docs-only' &&
steps.inventory-notification.outputs.action == 'notify_reminder'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
@@ -353,7 +353,7 @@ jobs:
inputs.canary-run == 'true' &&
matrix.flag == '--docs-only' &&
steps.inventory-notification.outputs.action == 'notify_recovery'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
@@ -365,7 +365,7 @@ jobs:
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
- name: "Save docs inventory cache"
- uses:
apache/infrastructure-actions/stash/save@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/save@49df447b39b18354895520e0a63731b7cad7cbec
with:
path: ./generated/_inventory_cache/
key: cache-docs-inventory-v1
@@ -375,7 +375,7 @@ jobs:
# to be responsible for updating it.
https://github.com/actions/upload-artifact/issues/506
if: steps.restore-docs-inventory-cache.outputs.stash-hit != 'true' &&
matrix.flag == '--docs-only'
- name: "Upload build docs"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: airflow-docs
path: './generated/_build'
@@ -406,7 +406,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ inputs.default-python-version }}"
@@ -496,7 +496,7 @@ jobs:
inputs.canary-run == 'true' &&
(github.event_name == 'schedule' || github.event_name ==
'workflow_dispatch')
- name: Configure AWS credentials
- uses:
aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
# v6.0.0
+ uses:
aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b
# v6.2.1
with:
aws-access-key-id: ${{ secrets.DOCS_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOCS_AWS_SECRET_ACCESS_KEY }}
@@ -531,12 +531,12 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 2
persist-credentials: false
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
repository: "apache/airflow-client-python"
fetch-depth: 1
diff --git a/.github/workflows/ci-notification.yml
b/.github/workflows/ci-notification.yml
index bfb1b32e4f8..b0d71e7e078 100644
--- a/.github/workflows/ci-notification.yml
+++ b/.github/workflows/ci-notification.yml
@@ -41,7 +41,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
@@ -68,7 +68,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Upload notification state"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: "slack-state-ci-${{ matrix.branch }}-${{ matrix.workflow-id }}"
path: ./slack-state/
@@ -77,7 +77,7 @@ jobs:
- name: "Send Slack notification (new/changed failures)"
if: steps.notification.outputs.action == 'notify_new'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
@@ -98,7 +98,7 @@ jobs:
- name: "Send Slack notification (still not fixed)"
if: steps.notification.outputs.action == 'notify_reminder'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
@@ -119,7 +119,7 @@ jobs:
- name: "Send Slack notification (all passing)"
if: steps.notification.outputs.action == 'notify_recovery'
- uses:
slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+ uses:
slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
with:
method: chat.postMessage
token: ${{ env.SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml
b/.github/workflows/codeql-analysis.yml
index 0c21c6e43d6..a657062427d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -47,20 +47,20 @@ jobs:
security-events: write
steps:
- name: Checkout repository
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: Initialize CodeQL
- uses:
github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+ uses:
github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: ${{ matrix.language }}
- name: Autobuild
- uses:
github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 #
v4.32.6
+ uses:
github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e #
v4.36.2
- name: Perform CodeQL Analysis
- uses:
github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+ uses:
github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
# Provide more context to the SARIF output (shows up in
run.automationDetails.id field)
category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/finalize-tests.yml
b/.github/workflows/finalize-tests.yml
index 9229c99b83d..2d0d42a2727 100644
--- a/.github/workflows/finalize-tests.yml
+++ b/.github/workflows/finalize-tests.yml
@@ -99,7 +99,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
# Needed to perform push action
persist-credentials: false
@@ -107,7 +107,7 @@ jobs:
id: constraints-branch
run: ./scripts/ci/constraints/ci_branch_constraints.sh >>
${GITHUB_OUTPUT}
- name: Checkout ${{ steps.constraints-branch.outputs.branch }}
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
path: "constraints"
ref: ${{ steps.constraints-branch.outputs.branch }}
@@ -139,7 +139,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ matrix.python-version }}"
diff --git a/.github/workflows/generate-constraints.yml
b/.github/workflows/generate-constraints.yml
index 83ba64e2967..74f823b7853 100644
--- a/.github/workflows/generate-constraints.yml
+++ b/.github/workflows/generate-constraints.yml
@@ -77,7 +77,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install prek"
@@ -132,7 +132,7 @@ jobs:
--answer yes --python "${PYTHON_VERSION}"
if: inputs.generate-pypi-constraints == 'true'
- name: "Upload constraint artifacts"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: constraints-${{ matrix.python-version }}
path: ./files/constraints-${{ matrix.python-version
}}/constraints-*.txt
diff --git a/.github/workflows/helm-tests.yml b/.github/workflows/helm-tests.yml
index 5af7e3dab4d..e16cb36fd6c 100644
--- a/.github/workflows/helm-tests.yml
+++ b/.github/workflows/helm-tests.yml
@@ -76,7 +76,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ inputs.default-python-version }}"
@@ -107,7 +107,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
@@ -145,7 +145,7 @@ jobs:
breeze release-management generate-issue-content-helm-chart
--limit-pr-count 2
--previous-release helm-chart/1.15.0 --current-release
helm-chart/1.16.0 --verbose
- name: "Upload Helm artifacts"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: Helm artifacts
path: ./dist/airflow-*
diff --git a/.github/workflows/integration-system-tests.yml
b/.github/workflows/integration-system-tests.yml
index 1772ecfac6b..ad371f40d65 100644
--- a/.github/workflows/integration-system-tests.yml
+++ b/.github/workflows/integration-system-tests.yml
@@ -98,7 +98,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ inputs.default-python-version }}"
@@ -149,7 +149,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ inputs.default-python-version }}"
@@ -194,7 +194,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Prepare breeze & CI image: ${{ inputs.default-python-version }}"
diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml
index ac86ac2ee44..93e50c8f86c 100644
--- a/.github/workflows/k8s-tests.yml
+++ b/.github/workflows/k8s-tests.yml
@@ -81,7 +81,7 @@ jobs:
echo "PYTHON_MAJOR_MINOR_VERSION=${KUBERNETES_COMBO}" | sed
's/-.*//' >> $GITHUB_ENV
echo "KUBERNETES_VERSION=${KUBERNETES_COMBO}" | sed 's/=[^-]*-/=/'
>> $GITHUB_ENV
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Free up disk space"
@@ -120,7 +120,7 @@ jobs:
- name: "\
Upload KinD logs ${{ matrix.executor }}-${{ matrix.kubernetes-combo
}}-\
${{ matrix.use-standard-naming }}"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: "\
kind-logs-${{ matrix.kubernetes-combo }}-${{ matrix.executor }}-\
diff --git a/.github/workflows/milestone-tag-assistant.yml
b/.github/workflows/milestone-tag-assistant.yml
index dd902b8e17d..b8413489fe6 100644
--- a/.github/workflows/milestone-tag-assistant.yml
+++ b/.github/workflows/milestone-tag-assistant.yml
@@ -50,7 +50,7 @@ jobs:
- name: Find PR information
id: pr-info
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
# v8.0.0
+ uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
# v9.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
@@ -99,7 +99,7 @@ jobs:
steps:
- name: "Checkout repository"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
# Always checkout main to ensure Breeze with set-milestone command
is available
diff --git a/.github/workflows/prod-image-build.yml
b/.github/workflows/prod-image-build.yml
index dd1e5284b8f..07717f375f9 100644
--- a/.github/workflows/prod-image-build.yml
+++ b/.github/workflows/prod-image-build.yml
@@ -125,7 +125,7 @@ jobs:
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
if: inputs.upload-package-artifact == 'true'
- name: "Checkout target branch"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Make /mnt writeable"
@@ -180,7 +180,7 @@ jobs:
breeze release-management prepare-airflow-ctl-distributions
--distribution-format wheel
if: inputs.upload-package-artifact == 'true'
- name: "Upload prepared packages as artifacts"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: prod-packages
path: ./dist
@@ -220,7 +220,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout target branch"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Make /mnt writeable"
@@ -284,7 +284,7 @@ jobs:
breeze prod-image save --platform "${PLATFORM}" --image-file-dir
"/mnt"
if: inputs.upload-image-artifact == 'true'
- name: "Stash PROD docker image ${{ env.PYTHON_MAJOR_MINOR_VERSION }}"
- uses:
apache/infrastructure-actions/stash/save@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/save@49df447b39b18354895520e0a63731b7cad7cbec
with:
key: prod-image-save-v3-${{ inputs.platform }}-${{
env.PYTHON_MAJOR_MINOR_VERSION }}
path: "/mnt/prod-image-save-*-${{ env.PYTHON_MAJOR_MINOR_VERSION
}}.tar"
diff --git a/.github/workflows/publish-docs-to-s3.yml
b/.github/workflows/publish-docs-to-s3.yml
index 165774c57ab..661d0e3e6b0 100644
--- a/.github/workflows/publish-docs-to-s3.yml
+++ b/.github/workflows/publish-docs-to-s3.yml
@@ -198,7 +198,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout current version first to clean-up stuff"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
path: current-version
@@ -215,7 +215,7 @@ jobs:
# This will take longer as we need to rebuild CI image and it will not
use cache
# but it will build the CI image from the version of Airflow that is
used to check out things
- name: "Checkout ${{ inputs.ref }} "
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
ref: ${{ inputs.ref }}
@@ -259,7 +259,7 @@ jobs:
-t ghcr.io/apache/airflow/main/ci/python3.9:latest --target main .
-f Dockerfile.ci --platform linux/amd64
- name: "Restore docs inventory cache"
- uses:
apache/infrastructure-actions/stash/restore@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/restore@49df447b39b18354895520e0a63731b7cad7cbec
with:
path: ./generated/_inventory_cache/
key: cache-docs-inventory-v1
@@ -272,7 +272,7 @@ jobs:
run: >
breeze build-docs ${INCLUDE_DOCS} --docs-only ${FAIL_ON_INVENTORIES}
- name: "Save docs inventory cache"
- uses:
apache/infrastructure-actions/stash/save@1c35b5ccf8fba5d4c3fdf25a045ca91aa0cbc468
+ uses:
apache/infrastructure-actions/stash/save@49df447b39b18354895520e0a63731b7cad7cbec
if: steps.restore-docs-inventory-cache.outputs.stash-hit != 'true'
with:
path: ./generated/_inventory_cache/
@@ -293,7 +293,7 @@ jobs:
exit 1
fi
- name: "Upload build docs"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: airflow-docs
path: /mnt/_build
@@ -325,7 +325,7 @@ jobs:
# but it will build the CI image from the version of Airflow that is
used to check out things
# We also fetch the whole history to be able to prepare SBOM files
- name: "Checkout current version with all history for SBOM"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
fetch-depth: 0
@@ -397,7 +397,7 @@ jobs:
sudo /tmp/aws/install --update
rm -rf /tmp/aws/
- name: Configure AWS credentials
- uses:
aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
# v6.0.0
+ uses:
aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b
# v6.2.1
with:
aws-access-key-id: ${{ secrets.DOCS_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOCS_AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/push-image-cache.yml
b/.github/workflows/push-image-cache.yml
index bffe2e9575d..422fc3c9782 100644
--- a/.github/workflows/push-image-cache.yml
+++ b/.github/workflows/push-image-cache.yml
@@ -114,7 +114,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Free up disk space"
@@ -184,7 +184,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Free up disk space"
diff --git a/.github/workflows/recheck-old-bug-report.yml
b/.github/workflows/recheck-old-bug-report.yml
index 907f2fda1c1..a322f9b945d 100644
--- a/.github/workflows/recheck-old-bug-report.yml
+++ b/.github/workflows/recheck-old-bug-report.yml
@@ -28,7 +28,7 @@ jobs:
recheck-old-bug-report:
runs-on: ["ubuntu-22.04"]
steps:
- - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
+ - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
with:
only-issue-labels: 'kind:bug'
stale-issue-label: 'Stale Bug Report'
diff --git a/.github/workflows/registry-backfill.yml
b/.github/workflows/registry-backfill.yml
index 62483ca8c3d..8581eea65ff 100644
--- a/.github/workflows/registry-backfill.yml
+++ b/.github/workflows/registry-backfill.yml
@@ -100,7 +100,7 @@ jobs:
]'), github.event.sender.login)
steps:
- name: "Checkout repository"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
fetch-depth: 0
@@ -118,7 +118,7 @@ jobs:
done
- name: "Install uv"
- uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 #
v7.6.0
+ uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 #
v8.2.0
- name: "Install Breeze"
uses: ./.github/actions/breeze
@@ -136,7 +136,7 @@ jobs:
rm -rf /tmp/aws/
- name: "Configure AWS credentials"
- uses:
aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
# v6.0.0
+ uses:
aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b
# v6.2.1
with:
aws-access-key-id: ${{ secrets.DOCS_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOCS_AWS_SECRET_ACCESS_KEY }}
@@ -186,12 +186,12 @@ jobs:
registry/src/_data/modules.json
- name: "Setup pnpm"
- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #
v5.0.0
+ uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 #
v6.0.9
with:
version: 9
- name: "Setup Node.js"
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #
v6.3.0
+ uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #
v6.4.0
with:
node-version: 24
cache: 'pnpm'
@@ -232,7 +232,7 @@ jobs:
name: "Publish versions.json"
steps:
- name: "Checkout repository"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
@@ -252,7 +252,7 @@ jobs:
rm -rf /tmp/aws/
- name: "Configure AWS credentials"
- uses:
aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
# v6.0.0
+ uses:
aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b
# v6.2.1
with:
aws-access-key-id: ${{ secrets.DOCS_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOCS_AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/registry-build.yml
b/.github/workflows/registry-build.yml
index 50ab3dbb874..5e5ff61893f 100644
--- a/.github/workflows/registry-build.yml
+++ b/.github/workflows/registry-build.yml
@@ -112,7 +112,7 @@ jobs:
contents: read
steps:
- name: "Checkout repository"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
@@ -133,7 +133,7 @@ jobs:
rm -rf /tmp/aws/
- name: "Configure AWS credentials"
- uses:
aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
# v6.0.0
+ uses:
aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b
# v6.2.1
with:
aws-access-key-id: ${{ secrets.DOCS_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOCS_AWS_SECRET_ACCESS_KEY }}
@@ -217,12 +217,12 @@ jobs:
fi
- name: "Setup pnpm"
- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #
v5.0.0
+ uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 #
v6.0.9
with:
version: 9
- name: "Setup Node.js"
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #
v6.3.0
+ uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #
v6.4.0
with:
node-version: 24
cache: 'pnpm'
@@ -239,7 +239,7 @@ jobs:
run: pnpm build
- name: "Upload registry artifact"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: registry-site
path: registry/_site
diff --git a/.github/workflows/registry-tests.yml
b/.github/workflows/registry-tests.yml
index 38143ab8a6b..7a0cb3c518e 100644
--- a/.github/workflows/registry-tests.yml
+++ b/.github/workflows/registry-tests.yml
@@ -45,12 +45,12 @@ jobs:
timeout-minutes: 5
steps:
- name: "Checkout repository"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install uv"
- uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 #
v7.6.0
+ uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 #
v8.2.0
with:
python-version: "3.12"
diff --git a/.github/workflows/release_dockerhub_image.yml
b/.github/workflows/release_dockerhub_image.yml
index efedaa8061c..2603ee8471f 100644
--- a/.github/workflows/release_dockerhub_image.yml
+++ b/.github/workflows/release_dockerhub_image.yml
@@ -88,7 +88,7 @@ jobs:
docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
diff --git a/.github/workflows/release_single_dockerhub_image.yml
b/.github/workflows/release_single_dockerhub_image.yml
index 1bae1312ecb..cf1965e266b 100644
--- a/.github/workflows/release_single_dockerhub_image.yml
+++ b/.github/workflows/release_single_dockerhub_image.yml
@@ -77,7 +77,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
@@ -145,7 +145,7 @@ jobs:
shell: bash
run: find ./dist -name '*.json'
- name: "Upload metadata artifact ${{ env.ARTIFACT_NAME }}"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: ${{ env.ARTIFACT_NAME }}
path: ./dist/metadata-*
@@ -171,7 +171,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Install Breeze"
diff --git a/.github/workflows/run-unit-tests.yml
b/.github/workflows/run-unit-tests.yml
index 88329017298..c5038576bfe 100644
--- a/.github/workflows/run-unit-tests.yml
+++ b/.github/workflows/run-unit-tests.yml
@@ -183,7 +183,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Make /mnt writeable"
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index eb4ec4c4999..41d0ea52050 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -30,7 +30,7 @@ jobs:
runs-on: ["ubuntu-22.04"]
steps:
# Handle all PRs (45-day stale) and pending-response issues (14-day
stale)
- - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
+ - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
with:
stale-pr-message: >
This pull request has been automatically marked as stale because
it has not had
@@ -50,7 +50,7 @@ jobs:
close-issue-message: >
This issue has been closed because it has not received response
from the issue author.
# Handle PRs with pending-response label (7-day stale, faster response
expected)
- - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
+ - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
with:
only-pr-labels: 'pending-response'
days-before-pr-stale: 7
diff --git a/.github/workflows/test-providers.yml
b/.github/workflows/test-providers.yml
index d6c268db849..e674f11b2b6 100644
--- a/.github/workflows/test-providers.yml
+++ b/.github/workflows/test-providers.yml
@@ -89,7 +89,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Free up disk space"
@@ -198,7 +198,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Free up disk space"
diff --git a/.github/workflows/ui-e2e-tests.yml
b/.github/workflows/ui-e2e-tests.yml
index fe4e3603552..e057cf5f844 100644
--- a/.github/workflows/ui-e2e-tests.yml
+++ b/.github/workflows/ui-e2e-tests.yml
@@ -103,7 +103,7 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
fetch-depth: 2
persist-credentials: false
@@ -121,12 +121,12 @@ jobs:
uses: ./.github/actions/breeze
if: github.event_name == 'workflow_dispatch'
- name: "Setup pnpm"
- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #
v5.0.0
+ uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 #
v6.0.9
with:
version: 9
run_install: false
- name: "Setup node"
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #
v6.3.0
+ uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #
v6.4.0
with:
node-version: 24
- name: "Compile UI assets (for image build fallback)"
@@ -148,7 +148,7 @@ jobs:
env:
DOCKER_IMAGE: "${{ inputs.docker-image-tag || '' }}"
- name: "Upload test results"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
with:
name: "playwright-report-${{ env.BROWSER }}"
path: |
diff --git a/.github/workflows/update-constraints-on-push.yml
b/.github/workflows/update-constraints-on-push.yml
index 3dcd806c3ae..12fa399018e 100644
--- a/.github/workflows/update-constraints-on-push.yml
+++ b/.github/workflows/update-constraints-on-push.yml
@@ -49,11 +49,11 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: Fetch incoming commit ${{ github.sha }} with its parent
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
ref: ${{ github.sha }}
fetch-depth: 2
@@ -119,14 +119,14 @@ jobs:
shell: bash
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
- name: "Set constraints branch name"
id: constraints-branch
run: ./scripts/ci/constraints/ci_branch_constraints.sh >>
${GITHUB_OUTPUT}
- name: Checkout ${{ steps.constraints-branch.outputs.branch }}
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
path: "constraints"
ref: ${{ steps.constraints-branch.outputs.branch }}