diff --git a/.github/workflows/automatic-issue-responses.yml b/.github/workflows/automatic-issue-responses.yml index 970532ab1..c07b8f15f 100644 --- a/.github/workflows/automatic-issue-responses.yml +++ b/.github/workflows/automatic-issue-responses.yml @@ -14,7 +14,7 @@ jobs: # Feature request - if: github.event.label.name == 'feature-request' name: Feature request - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626 # v3.0.1 with: comment: | We use GitHub issues as a place to track bugs and other development related issues. The [Bitwarden Community Forums](https://community.bitwarden.com/) has a [Feature Requests](https://community.bitwarden.com/c/feature-requests) section for submitting, voting for, and discussing requests like this one. @@ -25,7 +25,7 @@ jobs: # Intended behavior - if: github.event.label.name == 'intended-behavior' name: Intended behaviour - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626 # v3.0.1 with: comment: | Your issue appears to be describing the intended behavior of the software. If you want this to be changed, it would be a feature request. @@ -38,7 +38,7 @@ jobs: # Customer support request - if: github.event.label.name == 'customer-support' name: Customer Support request - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626 # v3.0.1 with: comment: | We use GitHub issues as a place to track bugs and other development related issues. Your issue appears to be a support request, or would otherwise be better handled by our dedicated Customer Success team. @@ -49,14 +49,14 @@ jobs: # Resolved - if: github.event.label.name == 'resolved' name: Resolved - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626 # v3.0.1 with: comment: | We’ve closed this issue, as it appears the original problem has been resolved. If this happens again or continues to be an problem, please respond to this issue with any additional detail to assist with reproduction and root cause analysis. # Stale - if: github.event.label.name == 'stale' name: Stale - uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515 # v2.0.0 + uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626 # v3.0.1 with: comment: | As we haven’t heard from you about this problem in some time, this issue will now be closed. diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 99ac13f0f..452fe72b8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up CLOC run: | @@ -36,7 +36,7 @@ jobs: hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }} steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: submodules: 'true' @@ -67,12 +67,12 @@ jobs: variant: ["prod", "qa"] steps: - name: Setup NuGet - uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6 + uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0 with: nuget-version: 5.9.0 - name: Set up MSBuild - uses: microsoft/setup-msbuild@ab534842b4bdf384b8aaf93765dc6f721d9f5fab + uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1 - name: Setup Windows builder run: choco install checksum --no-progress @@ -105,7 +105,7 @@ jobs: echo "GitHub event: $GITHUB_EVENT" - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: fetch-depth: 0 - name: Decrypt secrets @@ -157,7 +157,7 @@ jobs: shell: pwsh - name: Report test results - uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 + uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 if: always() with: name: Test Results @@ -232,7 +232,7 @@ jobs: shell: pwsh - name: Upload Prod .aab artifact if: ${{ matrix.variant == 'prod' }} - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: com.x8bit.bitwarden.aab path: ./com.x8bit.bitwarden.aab @@ -240,7 +240,7 @@ jobs: - name: Upload Prod .apk artifact if: ${{ matrix.variant == 'prod' }} - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: com.x8bit.bitwarden.apk path: ./com.x8bit.bitwarden.apk @@ -248,7 +248,7 @@ jobs: - name: Upload Other .apk artifact if: ${{ matrix.variant != 'prod' }} - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: com.x8bit.bitwarden.${{ matrix.variant }}.apk path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk @@ -268,7 +268,7 @@ jobs: - name: Upload .apk sha file for prod if: ${{ matrix.variant == 'prod' }} - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: bw-android-apk-sha256.txt path: ./bw-android-apk-sha256.txt @@ -276,7 +276,7 @@ jobs: - name: Upload .apk sha file for other if: ${{ matrix.variant != 'prod' }} - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: bw-android-${{ matrix.variant }}-apk-sha256.txt path: ./bw-android-${{ matrix.variant }}-apk-sha256.txt @@ -303,12 +303,12 @@ jobs: runs-on: windows-2022 steps: - name: Setup NuGet - uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6 + uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0 with: nuget-version: 5.9.0 - name: Set up MSBuild - uses: microsoft/setup-msbuild@ab534842b4bdf384b8aaf93765dc6f721d9f5fab + uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1 - name: Setup Windows builder run: choco install checksum --no-progress @@ -342,7 +342,7 @@ jobs: echo "GitHub event: $GITHUB_EVENT" - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Decrypt secrets env: @@ -477,7 +477,7 @@ jobs: shell: pwsh - name: Upload F-Droid .apk artifact - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: com.x8bit.bitwarden-fdroid.apk path: ./com.x8bit.bitwarden-fdroid.apk @@ -489,7 +489,7 @@ jobs: -t sha256 | Out-File -Encoding ASCII ./bw-fdroid-apk-sha256.txt - name: Upload F-Droid sha file - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: bw-fdroid-apk-sha256.txt path: ./bw-fdroid-apk-sha256.txt @@ -502,7 +502,7 @@ jobs: needs: setup steps: - name: Setup NuGet - uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6 + uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0 with: nuget-version: 5.9.0 @@ -515,12 +515,12 @@ jobs: echo "GitHub event: $GITHUB_EVENT" - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: submodules: 'true' - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -698,7 +698,7 @@ jobs: shell: bash - name: Upload App Store .ipa & dSYMs artifacts - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: Bitwarden iOS path: | @@ -771,10 +771,10 @@ jobs: _CROWDIN_PROJECT_ID: "269690" steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -793,7 +793,7 @@ jobs: done - name: Upload Sources - uses: crowdin/github-action@9237b4cb361788dfce63feb2e2f15c09e2fe7415 + uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49 # v1.4.9 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} @@ -840,7 +840,7 @@ jobs: fi - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 if: failure() with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -861,7 +861,7 @@ jobs: done - name: Notify Slack on failure - uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index 47fb6bf32..36aaaa9ab 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -15,22 +15,22 @@ jobs: _CROWDIN_PROJECT_ID: "269690" steps: - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Login to Azure - CI Subscription - uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f with: keyvault: "bitwarden-ci" secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase" - name: Download translations - uses: crowdin/github-action@12143a68c213f3c6d9913c9e5023224f7231face + uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49 # v1.4.9 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/enforce-labels.yml b/.github/workflows/enforce-labels.yml index 9f321cece..417e34e9b 100644 --- a/.github/workflows/enforce-labels.yml +++ b/.github/workflows/enforce-labels.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Enforce Label - uses: yogevbd/enforce-label-action@8d1e1709b1011e6d90400a0e6cf7c0b77aa5efeb + uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # v2.2.2 with: BANNED_LABELS: "hold,needs-qa" BANNED_LABELS_DESCRIPTION: "PRs with the hold or needs-qa labels cannot be merged" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 41cc4e4d2..f1e57bbe9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,11 +38,11 @@ jobs: fi - name: Checkout repo - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Check Release Version id: version - uses: bitwarden/gh-actions/release-version-check@8f055ef543c7433c967a1b9b04a0f230923233bb + uses: bitwarden/gh-actions/release-version-check@34ecb67b2a357795dc893549df0795e7383ff50f with: release-type: ${{ github.event.inputs.release_type }} project-type: xamarin @@ -56,7 +56,7 @@ jobs: - name: Create GitHub deployment if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48 + uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' @@ -104,7 +104,7 @@ jobs: - name: Update deployment status to Success if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 + uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'success' @@ -112,7 +112,7 @@ jobs: - name: Update deployment status to Failure if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 + uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'failure' @@ -126,7 +126,7 @@ jobs: if: inputs.fdroid_publish steps: - name: Checkout repo - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Download F-Droid .apk artifact if: ${{ github.event.inputs.release_type != 'Dry Run' }} diff --git a/.github/workflows/version-auto-bump.yml b/.github/workflows/version-auto-bump.yml index 3bc26d84a..5e2d17fb9 100644 --- a/.github/workflows/version-auto-bump.yml +++ b/.github/workflows/version-auto-bump.yml @@ -14,7 +14,7 @@ jobs: version_number: ${{ steps.version.outputs.new-version }} steps: - name: Checkout Branch - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Calculate bumped version id: version diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index f0f6590fc..bac7c2227 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -22,22 +22,22 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout Branch - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Login to Azure - CI Subscription - uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f with: keyvault: "bitwarden-ci" secrets: "github-gpg-private-key, github-gpg-private-key-passphrase" - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@c8bb57c57e8df1be8c73ff3d59deab1dbc00e0d1 + uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 with: gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} @@ -48,31 +48,31 @@ jobs: run: git switch -c version_bump_${{ github.event.inputs.version_number }} - name: Bump Version - Android XML - uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f with: version: ${{ github.event.inputs.version_number }} file_path: "./src/Android/Properties/AndroidManifest.xml" - name: Bump Version - iOS.Autofill - uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f with: version: ${{ github.event.inputs.version_number }} file_path: "./src/iOS.Autofill/Info.plist" - name: Bump Version - iOS.Extension - uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f with: version: ${{ github.event.inputs.version_number }} file_path: "./src/iOS.Extension/Info.plist" - name: Bump Version - iOS.ShareExtension - uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f with: version: ${{ github.event.inputs.version_number }} file_path: "./src/iOS.ShareExtension/Info.plist" - name: Bump Version - iOS - uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f with: version: ${{ github.event.inputs.version_number }} file_path: "./src/iOS/Info.plist" diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index 9fda2eee0..9db5d644a 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -8,4 +8,4 @@ on: jobs: call-workflow: - uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@master + uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@34ecb67b2a357795dc893549df0795e7383ff50f