diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 723ad427c3..9b1310be0a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -52,7 +52,7 @@ jobs: ref: ${{ steps.check.outputs.ref || (github.ref_type == 'tag' && github.ref_name) || (github.event_name == 'workflow_dispatch' && inputs.version) || '' }} base_fingerprint: ${{ steps.check.outputs.base_fingerprint }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 persist-credentials: false @@ -117,7 +117,7 @@ jobs: run: echo "sanitized_platform=${PLATFORM//\//-}" >> "${GITHUB_OUTPUT}" env: PLATFORM: ${{ matrix.platform }} - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: ref: ${{ needs.prepare.outputs.ref }} persist-credentials: false @@ -257,7 +257,7 @@ jobs: METADATA: ${{ needs.prepare.outputs.metadata }} TARGET: ${{ matrix.target }} VARIANT: ${{ matrix.variant }} - - uses: actions/attest@v4 + - uses: actions/attest@v4.1.0 with: # docker.io/ prefix is required: actions/attest splits subject-name # on the first '/' to find the registry. We only push to Docker Hub. diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 7a4f83a0c9..bc436533ee 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9743d17ffb..366da6ebf6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -49,7 +49,7 @@ jobs: with: app-id: ${{ vars.RELEASE_APP_ID }} private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }} - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/sanitizers.yaml b/.github/workflows/sanitizers.yaml index f6b43b90f2..72aafd44e3 100644 --- a/.github/workflows/sanitizers.yaml +++ b/.github/workflows/sanitizers.yaml @@ -41,7 +41,7 @@ jobs: steps: - name: Remove local PHP run: sudo apt-get remove --purge --autoremove 'php*' 'libmemcached*' - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: ./.github/actions/setup-go @@ -53,7 +53,7 @@ jobs: echo archive="$(jq -r '.[] .source[] | select(.filename |endswith(".xz")) | "https://www.php.net/distributions/" + .filename' version.json)" >> "$GITHUB_OUTPUT" - name: Cache PHP id: cache-php - uses: actions/cache@v5 + uses: actions/cache@v5.0.5 with: path: php/target key: php-sanitizers-${{ matrix.sanitizer }}-${{ runner.arch }}-${{ steps.determine-php-version.outputs.version }} diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml index f4b7dc5f94..07f79af3ae 100644 --- a/.github/workflows/static.yaml +++ b/.github/workflows/static.yaml @@ -63,7 +63,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} REF: ${{ (github.ref_type == 'tag' && github.ref_name) || (github.event_name == 'workflow_dispatch' && inputs.version) || '' }} - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: ref: ${{ steps.check.outputs.ref }} persist-credentials: false @@ -110,7 +110,7 @@ jobs: run: echo "sanitized_platform=${PLATFORM//\//-}" >> "${GITHUB_OUTPUT}" env: PLATFORM: ${{ matrix.platform }} - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: ref: ${{ needs.prepare.outputs.ref }} persist-credentials: false @@ -202,7 +202,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} REF: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }} - if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') - uses: actions/attest@v4 + uses: actions/attest@v4.1.0 with: subject-path: ${{ github.workspace }}/frankenphp-linux-* - name: Run sanity checks @@ -265,7 +265,7 @@ jobs: run: echo "sanitized_platform=${PLATFORM//\//-}" >> "${GITHUB_OUTPUT}" env: PLATFORM: ${{ matrix.platform }} - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: ref: ${{ needs.prepare.outputs.ref }} persist-credentials: false @@ -360,7 +360,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} REF: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }} - if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') - uses: actions/attest@v4 + uses: actions/attest@v4.1.0 with: subject-path: ${{ github.workspace }}/gh-output/frankenphp-linux-*-gnu - name: Run sanity checks @@ -449,7 +449,7 @@ jobs: env: HOMEBREW_NO_AUTO_UPDATE: 1 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: ref: ${{ needs.prepare.outputs.ref }} persist-credentials: false @@ -471,7 +471,7 @@ jobs: path: dist/static-php-cli/log name: static-php-cli-log-${{ matrix.platform }}-${{ github.sha }} - if: needs.prepare.outputs.ref || github.ref_type == 'tag' - uses: actions/attest@v4 + uses: actions/attest@v4.1.0 with: subject-path: ${{ github.workspace }}/dist/frankenphp-mac-* - name: Upload artifact diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index e2b341e414..4bdf5a588d 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -38,7 +38,7 @@ jobs: LIBRARY_PATH: ${{ github.workspace }}/watcher/target/lib GOFLAGS: "-tags=nobadger,nomysql,nopgx" steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: ./.github/actions/setup-go @@ -103,7 +103,7 @@ jobs: env: XCADDY_GO_BUILD_FLAGS: "-tags=nobadger,nomysql,nopgx" steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: ./.github/actions/setup-go @@ -136,7 +136,7 @@ jobs: HOMEBREW_NO_AUTO_UPDATE: 1 GOFLAGS: "-tags=nowatcher,nobadger,nomysql,nopgx" steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: ./.github/actions/setup-go diff --git a/.github/workflows/translate.yaml b/.github/workflows/translate.yaml index c8bf52b099..11e4dbc908 100644 --- a/.github/workflows/translate.yaml +++ b/.github/workflows/translate.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: fetch-depth: 0 # zizmor: ignore[artipacked] diff --git a/.github/workflows/windows.yaml b/.github/workflows/windows.yaml index fd82a69ee3..755671451a 100644 --- a/.github/workflows/windows.yaml +++ b/.github/workflows/windows.yaml @@ -66,7 +66,7 @@ jobs: git config --global core.eol lf - name: Checkout Code - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: ref: ${{ env.REF || '' }} path: frankenphp @@ -216,7 +216,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: ${{ env.REF }} - uses: actions/attest@v4 + uses: actions/attest@v4.1.0 with: subject-path: ${{ github.workspace }}\${{ env.DIR_NAME }}.zip