diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a091d70..9b040fa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: has-changesets: ${{ steps.check.outputs.has-changesets }} steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.sha }} fetch-depth: 0 @@ -55,14 +55,14 @@ jobs: source-sha: ${{ steps.candidate.outputs.source-sha }} steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.sha }} fetch-depth: 0 persist-credentials: false - name: Setup pnpm and Node.js - uses: pnpm/setup@f7d0e5f4b1b3089d2799ef9722859e7ba314c4c8 # v1 + uses: pnpm/setup@5d160c5bc68a09337ad0d5654e237e03253b5879 # v1.0.0 with: # pnpm/setup installs runtimes via pnpm runtime, which requires pnpm >=11.1.0. version: 11.7.0 @@ -127,7 +127,7 @@ jobs: echo "Release candidate $new_version prepared from $source_sha with patch sha256 $patch_sha256" - name: Upload release candidate patch - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: release-candidate-${{ steps.candidate.outputs.source-sha }} path: release.patch @@ -144,14 +144,14 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ needs.prepare-release-candidate.outputs.source-sha }} fetch-depth: 0 persist-credentials: false - name: Download release candidate patch - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: release-candidate-${{ needs.prepare-release-candidate.outputs.source-sha }} path: release-candidate @@ -205,7 +205,7 @@ jobs: check_missing "git tag" gh api "repos/$REPOSITORY/git/ref/tags/$EXPECTED_VERSION" - name: Set up PHP 8.4 - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: 8.4 tools: composer @@ -217,7 +217,7 @@ jobs: name: Notify Slack - Approval Needed needs: [check-changesets, prepare-release-candidate, verify-release-candidate] if: needs.check-changesets.outputs.has-changesets == 'true' && needs.prepare-release-candidate.result == 'success' && needs.verify-release-candidate.result == 'success' - uses: posthog/.github/.github/workflows/notify-approval-needed.yml@5fc4680761e8ac29a61b212756230eba0e276d8c + uses: posthog/.github/.github/workflows/notify-approval-needed.yml@cb0979b67dcd585828b61ac45927eef4da8f6287 # main with: slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }} slack_user_group_id: ${{ vars.GROUP_CLIENT_LIBRARIES_SLACK_GROUP_ID }} @@ -236,14 +236,14 @@ jobs: contents: read steps: - name: Checkout approved source revision - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ needs.prepare-release-candidate.outputs.source-sha }} fetch-depth: 0 persist-credentials: false - name: Download verified release candidate patch - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: release-candidate-${{ needs.prepare-release-candidate.outputs.source-sha }} path: release-candidate @@ -290,7 +290,7 @@ jobs: - name: Commit version bump id: commit-version-bump - uses: planetscale/ghcommit-action@25309d8005ac7c3bcd61d3fe19b69e0fe47dbdde # v0.2.20 + uses: planetscale/ghcommit-action@a6b150b81dca5dd027baa898604418eec9e11465 # v0.2.22 with: commit_message: "chore: release ${{ needs.prepare-release-candidate.outputs.new-version }} [version bump] [skip ci]" repo: ${{ github.repository }} @@ -316,7 +316,7 @@ jobs: if: always() && needs.release.result == 'success' && needs.notify-approval-needed.outputs.slack_ts != '' steps: - name: Notify Slack - Released - uses: posthog/.github/.github/actions/slack-thread-reply@5fc4680761e8ac29a61b212756230eba0e276d8c + uses: posthog/.github/.github/actions/slack-thread-reply@cb0979b67dcd585828b61ac45927eef4da8f6287 # main with: slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }} slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }} @@ -359,7 +359,7 @@ jobs: - name: Send failure event to PostHog if: steps.check-failure.outputs.was_rejected != 'true' continue-on-error: true - uses: PostHog/posthog-github-action@58dea254b598fb5d469c0699c98af8288a7f7650 # v1.2.0 + uses: PostHog/posthog-github-action@9a6a19d360820ab4d95ecc4a5a7564062c895f84 # v1.3.0 with: posthog-token: "${{ secrets.POSTHOG_PROJECT_API_KEY }}" event: "posthog-php-github-release-workflow-failure" @@ -373,7 +373,7 @@ jobs: - name: Notify Slack - Failed if: steps.check-failure.outputs.was_rejected != 'true' - uses: posthog/.github/.github/actions/slack-thread-reply@5fc4680761e8ac29a61b212756230eba0e276d8c + uses: posthog/.github/.github/actions/slack-thread-reply@cb0979b67dcd585828b61ac45927eef4da8f6287 # main with: slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }} slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }} @@ -384,7 +384,7 @@ jobs: - name: Notify Slack - Rejected if: steps.check-failure.outputs.was_rejected == 'true' continue-on-error: true - uses: PostHog/.github/.github/actions/slack-thread-reply@5fc4680761e8ac29a61b212756230eba0e276d8c + uses: PostHog/.github/.github/actions/slack-thread-reply@cb0979b67dcd585828b61ac45927eef4da8f6287 # main with: slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }} slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }}