UID2-6742: upgrade Node.js 20 actions to Node.js 24-compatible versions

.github/actions/build_ami/action.yaml

@@ -56,7 +56,7 @@ runs:
         GITHUB_CONTEXT: ${{ toJson(github) }}
 
     - name: Checkout full history
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: Get EIF for Release ${{ inputs.operator_release }}
       uses: ./.github/actions/download_release_artifact
@@ -71,7 +71,7 @@ runs:
 
     - name: Get EIF for Run ${{ inputs.operator_run_number }}
       id: get_eif_for_run
-      uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
+      uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
       if: ${{ inputs.operator_release == '' }}
       with:
         name: 'aws-${{ inputs.identity_scope }}-deployment-files-.*'
@@ -94,14 +94,14 @@ runs:
         ls ./scripts/aws/uid2-operator-ami/artifacts/ -al
 
     - name: Configure UID2 AWS credentials
-      uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4
+      uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
       if: ${{ inputs.identity_scope == 'uid2' }}
       with:
         aws-region: ${{ inputs.uid2_aws_region }}
         role-to-assume: ${{ inputs.uid2_aws_role }}
 
     - name: Configure EUID AWS credentials
-      uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4
+      uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
       if: ${{ inputs.identity_scope == 'euid' }}
       with:
         aws-region: ${{ inputs.euid_aws_region }}
@@ -190,7 +190,7 @@ runs:
         ls -al
 
     - name: Upload artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
       with:
         name: ${{ inputs.identity_scope }}_AMI_measurement
         path: ./scripts/aws/uid2-operator-ami/${{ inputs.identity_scope }}_AMI_measurement.txt

.github/actions/build_aws_eif/action.yaml

@@ -31,7 +31,7 @@ runs:
 
   steps:
     - name: Checkout full history at commit sha ${{ inputs.commit_sha }}
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       with:
         ref: ${{ inputs.commit_sha }}
         # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout.

.github/actions/build_eks_docker_image/action.yaml

@@ -39,7 +39,7 @@ runs:
 
   steps:
     - name: Checkout repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: Make output dir
       shell: bash
@@ -59,7 +59,7 @@ runs:
 
     - name: Get EIF for Run ${{ inputs.operator_run_number }}
       id: get_eif_for_run
-      uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
+      uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
       if: ${{ inputs.operator_release == '' }}
       with:
         name: 'aws-${{ inputs.identity_scope }}-deployment-files-.*'
@@ -112,22 +112,22 @@ runs:
         df -h
 
     - name: Log in to the Docker container registry
-      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+      uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ inputs.github_token }}
 
     - name: Extract metadata (tags, labels) for Docker
       id: meta
-      uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+      uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
       with:
         images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-eks-${{ inputs.identity_scope }}
         tags: |
           type=raw,value=${{ steps.versionNumber.outputs.VERSION_NUMBER }}.${{ github.run_number }}
 
     - name: Build and export to Docker
-      uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
+      uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
       with:
         context: ${{ inputs.artifacts_output_dir }}
         load: true
@@ -140,7 +140,7 @@ runs:
 
     - name: Push to Docker
       id: push-to-docker
-      uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
+      uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
       with:
         context: ${{ inputs.artifacts_output_dir }}
         push: true

.github/actions/download_release_artifact/action.yaml

@@ -27,7 +27,7 @@ runs:
   steps:
     - name: Get Artifact Ids
       id: get_asset_id
-      uses: actions/github-script@v7
+      uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0
       with:
         github-token: ${{ inputs.github_token }}
         result-encoding: string

.github/actions/update_operator_version/action.yaml

@@ -65,14 +65,14 @@ runs:
         IS_RELEASE: ${{ steps.checkRelease.outputs.is_release }}
 
     - name: Checkout full history on Main
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       if: ${{ inputs.version_number_input == '' }}
       with:
         # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout.
         fetch-depth: 0
 
     - name: Checkout full history at tag v${{ inputs.version_number_input }}
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       if: ${{ inputs.version_number_input != '' }}
       with:
         ref: v${{ inputs.version_number_input }}

.github/workflows/build-uid2-ami.yaml

@@ -38,7 +38,7 @@ jobs:
       enclave_id: ${{ steps.buildAMI.outputs.enclave_id }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Build UID2 Operator AMI
         id: buildAMI
@@ -78,7 +78,7 @@ jobs:
         enclave_id: ${{ steps.buildAMI.outputs.enclave_id }}
       steps:
         - name: Checkout repo
-          uses: actions/checkout@v4
+          uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
         - name: Pre-cleanup
           shell: bash
@@ -123,13 +123,13 @@ jobs:
     needs: [buildUID2, testUID2Ami, testEUIDAmi]
     steps:
       - name: Download UID2 artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: uid2_AMI_measurement
           path: ./artifacts
 
       - name: Download EUID artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: euid_AMI_measurement
           path: ./artifacts
@@ -142,7 +142,7 @@ jobs:
             euid_AMI_measurement
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: aws-ami-ids-${{ needs.buildUID2.outputs.version_number }}
           path: ./artifacts/

.github/workflows/check-stable-dependency.yaml

@@ -3,5 +3,5 @@
 
 jobs:
   check_dependency:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v2
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v3
     secrets: inherit

.github/workflows/publish-all-operators.yaml

@@ -65,7 +65,7 @@ jobs:
           release_type: ${{ inputs.release_type }}
 
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
@@ -156,54 +156,54 @@ jobs:
     needs: [start, buildPublic, buildGCP, buildAzure, buildAWS, buildAMI]
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
       - name: Download public manifest
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: public-image-*
           path: ./manifests/public_operator
 
       - name: Download GCP manifest
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: gcp-oidc-enclave-ids-*
           path: ./manifests/gcp_oidc_operator
 
       - name: Download Azure CC manifest
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: azure-cc-enclave-id-*
           path: ./manifests/azure_cc_operator
 
       - name: Download Azure AKS manifest
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: azure-aks-enclave-id-*
           path: ./manifests/azure_aks_operator
 
       - name: Download EIF manifest
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: 'aws-eif-enclave-ids-*'
           path: ./manifests/aws_eif
 
       - name: Download AWS AMI manifest
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: 'aws-ami-ids-*'
           path: ./manifests/aws_ami
 
       - name: Download Deployment Files
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: '*-deployment-files-*'
           path: ./deployment
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: uid2-operator-release-${{ needs.start.outputs.new_version }}-manifests
           path: ./manifests
@@ -231,7 +231,7 @@ jobs:
           (cd manifests && zip -r ../uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip .)
 
       - name: Create draft release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
         with:
           name: v${{ needs.start.outputs.new_version }}
           body: ${{ steps.changelog.outputs.changelog }}
@@ -255,4 +255,4 @@ jobs:
             SLACK_MESSAGE: ':x: Operator Pipeline failed'
             SLACK_TITLE: Pipeline Failed in ${{ github.workflow }}
             SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
-          uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2
+          uses: rtCamp/action-slack-notify@cdf0a2130cbcdfd82ba5fcac8e076370bf381b36 # v2

.github/workflows/publish-aws-eks-nitro-enclave-docker.yaml

@@ -37,7 +37,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Build Docker Image for EKS Pod
         id: build_docker_image_uid
@@ -65,7 +65,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Build Docker Image for EKS Pod
         id: build_docker_image_euid
@@ -128,7 +128,7 @@ jobs:
           echo "Enclave ID (maybe shared by other images): " ${{ needs.buildEUIDImage.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.image_tag }}.txt
 
       - name: Save Manifests as build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: aws-eks-enclave-ids-${{ needs.buildUID2Image.outputs.image_tag }}
           path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests

.github/workflows/publish-aws-nitro-eif.yaml

@@ -50,7 +50,7 @@ jobs:
           GITHUB_CONTEXT: ${{ toJson(github) }}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Update Operator Version
         id: update_version
@@ -74,7 +74,7 @@ jobs:
     needs: start
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Build UID2 AWS EIF
         id: build_uid2_eif
@@ -93,7 +93,7 @@ jobs:
           df -h
 
       - name: Save UID2 eif artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: aws-uid2-deployment-files-${{ needs.start.outputs.new_version }}
           path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2
@@ -113,7 +113,7 @@ jobs:
     needs: start
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Build EUID AWS EIF
         id: build_euid_eif
@@ -132,7 +132,7 @@ jobs:
           df -h
 
       - name: Save EUID eif artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: aws-euid-deployment-files-${{ needs.start.outputs.new_version }}
           path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid
@@ -157,12 +157,12 @@ jobs:
           df -h  
 
       - name: Download UID2 artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2
 
       - name: Download EUID artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid
 
@@ -173,7 +173,7 @@ jobs:
           echo ${{ needs.buildEUIDEIF.outputs.euid_enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-euid-enclave-id-${{ needs.start.outputs.new_version }}.txt
 
       - name: Save Manifests as build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: aws-eif-enclave-ids-${{ needs.start.outputs.new_version }}
           path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests
@@ -194,7 +194,7 @@ jobs:
 
       - name: Create release
         if: ${{ inputs.version_number_input == '' && needs.start.outputs.is_release == 'true' }}
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
         with:
           name: ${{ needs.start.outputs.new_version }}
           body: ${{ steps.github_release.outputs.changelog }}