From bf1091a1ee15eccc13fd0341973afcf4921dc896 Mon Sep 17 00:00:00 2001 From: Trenton H <797416+stumpylog@users.noreply.github.com> Date: Fri, 13 Feb 2026 09:00:43 -0800 Subject: [PATCH] Updates actions to the most specific version released --- .github/workflows/ci-backend.yml | 14 ++++---- .github/workflows/ci-docker.yml | 4 +-- .github/workflows/ci-docs.yml | 12 +++---- .github/workflows/ci-frontend.yml | 44 ++++++++++++------------- .github/workflows/ci-release.yml | 26 +++++++-------- .github/workflows/codeql-analysis.yml | 6 ++-- .github/workflows/crowdin.yml | 4 +-- .github/workflows/pr-bot.yml | 8 ++--- .github/workflows/project-actions.yml | 2 +- .github/workflows/repo-maintenance.yml | 10 +++--- .github/workflows/translate-strings.yml | 14 ++++---- 11 files changed, 72 insertions(+), 72 deletions(-) diff --git a/.github/workflows/ci-backend.yml b/.github/workflows/ci-backend.yml index 85d1fe3a9..d99b506b2 100644 --- a/.github/workflows/ci-backend.yml +++ b/.github/workflows/ci-backend.yml @@ -35,18 +35,18 @@ jobs: fail-fast: false steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Start containers run: | docker compose --file docker/compose/docker-compose.ci-test.yml pull --quiet docker compose --file docker/compose/docker-compose.ci-test.yml up --detach - name: Set up Python id: setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: "${{ matrix.python-version }}" - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v7.3.0 with: version: ${{ env.DEFAULT_UV_VERSION }} enable-cache: true @@ -83,13 +83,13 @@ jobs: pytest - name: Upload test results to Codecov if: always() - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v5.5.2 with: flags: backend-python-${{ matrix.python-version }} files: junit.xml report_type: test_results - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v5.5.2 with: flags: backend-python-${{ matrix.python-version }} files: coverage.xml @@ -106,14 +106,14 @@ jobs: DEFAULT_PYTHON: "3.12" steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: Set up Python id: setup-python uses: actions/setup-python@v6.2.0 with: python-version: "${{ env.DEFAULT_PYTHON }}" - name: Install uv - uses: astral-sh/setup-uv@v7.2.1 + uses: astral-sh/setup-uv@v7.3.0 with: version: ${{ env.DEFAULT_UV_VERSION }} enable-cache: true diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml index 3fa5a6870..53b0c26c9 100644 --- a/.github/workflows/ci-docker.yml +++ b/.github/workflows/ci-docker.yml @@ -41,7 +41,7 @@ jobs: ref-name: ${{ steps.ref.outputs.name }} steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: Determine ref name id: ref run: | @@ -130,7 +130,7 @@ jobs: type=semver,pattern={{major}}.{{minor}} - name: Build and push by digest id: build - uses: docker/build-push-action@v6.18.0 + uses: docker/build-push-action@v6.19.2 with: context: . file: ./Dockerfile diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml index 9496037f4..c27d552ae 100644 --- a/.github/workflows/ci-docs.yml +++ b/.github/workflows/ci-docs.yml @@ -33,16 +33,16 @@ jobs: name: Build Documentation runs-on: ubuntu-24.04 steps: - - uses: actions/configure-pages@v5 + - uses: actions/configure-pages@v5.0.0 - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Set up Python id: setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: ${{ env.DEFAULT_PYTHON_VERSION }} - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v7.3.0 with: version: ${{ env.DEFAULT_UV_VERSION }} enable-cache: true @@ -58,7 +58,7 @@ jobs: --frozen \ zensical build --clean - name: Upload GitHub Pages artifact - uses: actions/upload-pages-artifact@v4 + uses: actions/upload-pages-artifact@v4.0.0 with: path: site name: github-pages-${{ github.run_id }}-${{ github.run_attempt }} @@ -72,7 +72,7 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} steps: - name: Deploy GitHub Pages - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@v4.0.5 id: deployment with: artifact_name: github-pages-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/.github/workflows/ci-frontend.yml b/.github/workflows/ci-frontend.yml index 1b64c8251..02135c80d 100644 --- a/.github/workflows/ci-frontend.yml +++ b/.github/workflows/ci-frontend.yml @@ -22,20 +22,20 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@v4.2.0 with: version: 10 - name: Use Node.js 24 - uses: actions/setup-node@v6 + uses: actions/setup-node@v6.2.0 with: node-version: 24.x cache: 'pnpm' cache-dependency-path: 'src-ui/pnpm-lock.yaml' - name: Cache frontend dependencies id: cache-frontend-deps - uses: actions/cache@v5 + uses: actions/cache@v5.0.3 with: path: | ~/.pnpm-store @@ -49,19 +49,19 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@v4.2.0 with: version: 10 - name: Use Node.js 24 - uses: actions/setup-node@v6 + uses: actions/setup-node@v6.2.0 with: node-version: 24.x cache: 'pnpm' cache-dependency-path: 'src-ui/pnpm-lock.yaml' - name: Cache frontend dependencies - uses: actions/cache@v5 + uses: actions/cache@v5.0.3 with: path: | ~/.pnpm-store @@ -83,19 +83,19 @@ jobs: shard-count: [4] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@v4.2.0 with: version: 10 - name: Use Node.js 24 - uses: actions/setup-node@v6 + uses: actions/setup-node@v6.2.0 with: node-version: 24.x cache: 'pnpm' cache-dependency-path: 'src-ui/pnpm-lock.yaml' - name: Cache frontend dependencies - uses: actions/cache@v5 + uses: actions/cache@v5.0.3 with: path: | ~/.pnpm-store @@ -107,13 +107,13 @@ jobs: run: cd src-ui && pnpm run test --max-workers=2 --shard=${{ matrix.shard-index }}/${{ matrix.shard-count }} - name: Upload test results to Codecov if: always() - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v5.5.2 with: flags: frontend-node-${{ matrix.node-version }} directory: src-ui/ report_type: test_results - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v5.5.2 with: flags: frontend-node-${{ matrix.node-version }} directory: src-ui/coverage/ @@ -133,19 +133,19 @@ jobs: shard-count: [2] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@v4.2.0 with: version: 10 - name: Use Node.js 24 - uses: actions/setup-node@v6 + uses: actions/setup-node@v6.2.0 with: node-version: 24.x cache: 'pnpm' cache-dependency-path: 'src-ui/pnpm-lock.yaml' - name: Cache frontend dependencies - uses: actions/cache@v5 + uses: actions/cache@v5.0.3 with: path: | ~/.pnpm-store @@ -163,19 +163,19 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@v4.2.0 with: version: 10 - name: Use Node.js 24 - uses: actions/setup-node@v6 + uses: actions/setup-node@v6.2.0 with: node-version: 24.x cache: 'pnpm' cache-dependency-path: 'src-ui/pnpm-lock.yaml' - name: Cache frontend dependencies - uses: actions/cache@v5 + uses: actions/cache@v5.0.3 with: path: | ~/.pnpm-store diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 11b90f713..28a13cb6d 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -28,14 +28,14 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 # ---- Frontend Build ---- - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@v4.2.0 with: version: 10 - name: Use Node.js 24 - uses: actions/setup-node@v6 + uses: actions/setup-node@v6.2.0 with: node-version: 24.x cache: 'pnpm' @@ -47,11 +47,11 @@ jobs: # ---- Backend Setup ---- - name: Set up Python id: setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: ${{ env.DEFAULT_PYTHON_VERSION }} - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v7.3.0 with: version: ${{ env.DEFAULT_UV_VERSION }} enable-cache: true @@ -118,7 +118,7 @@ jobs: sudo chown -R 1000:1000 paperless-ngx/ tar -cJf paperless-ngx.tar.xz paperless-ngx/ - name: Upload release artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v6.0.0 with: name: release path: dist/paperless-ngx.tar.xz @@ -133,7 +133,7 @@ jobs: version: ${{ steps.get-version.outputs.version }} steps: - name: Download release artifact - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v7.0.0 with: name: release path: ./ @@ -148,7 +148,7 @@ jobs: fi - name: Create release and changelog id: create-release - uses: release-drafter/release-drafter@v6 + uses: release-drafter/release-drafter@v6.2.0 with: name: Paperless-ngx ${{ steps.get-version.outputs.version }} tag: ${{ steps.get-version.outputs.version }} @@ -159,7 +159,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload release archive - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@v1.9.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} upload_url: ${{ steps.create-release.outputs.upload_url }} @@ -176,16 +176,16 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 with: ref: main - name: Set up Python id: setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: ${{ env.DEFAULT_PYTHON_VERSION }} - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v7.3.0 with: version: ${{ env.DEFAULT_UV_VERSION }} enable-cache: true @@ -218,7 +218,7 @@ jobs: git commit -am "Changelog ${{ needs.publish-release.outputs.version }} - GHA" git push origin ${{ needs.publish-release.outputs.version }}-changelog - name: Create pull request - uses: actions/github-script@v8 + uses: actions/github-script@v8.0.0 with: script: | const { repo, owner } = context.repo; diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 941d83648..1462e1967 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -34,10 +34,10 @@ jobs: # Learn more about CodeQL language support at https://git.io/codeql-language-support steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@v4.32.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -45,4 +45,4 @@ jobs: # Prefix the list here with "+" to use these queries and those in the config file. # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@v4.32.3 diff --git a/.github/workflows/crowdin.yml b/.github/workflows/crowdin.yml index 29fb4c181..16c5f0b0a 100644 --- a/.github/workflows/crowdin.yml +++ b/.github/workflows/crowdin.yml @@ -13,11 +13,11 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 with: token: ${{ secrets.PNGX_BOT_PAT }} - name: crowdin action - uses: crowdin/github-action@v2 + uses: crowdin/github-action@v2.14.0 with: upload_translations: false download_translations: true diff --git a/.github/workflows/pr-bot.yml b/.github/workflows/pr-bot.yml index 8e3b7951d..7f3b97a1e 100644 --- a/.github/workflows/pr-bot.yml +++ b/.github/workflows/pr-bot.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Label PR by file path or branch name # see .github/labeler.yml for the labeler config - uses: actions/labeler@v6 + uses: actions/labeler@v6.0.1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Label by size @@ -26,7 +26,7 @@ jobs: fail_if_xl: 'false' excluded_files: /\.lock$/ /\.txt$/ ^src-ui/pnpm-lock\.yaml$ ^src-ui/messages\.xlf$ ^src/locale/en_US/LC_MESSAGES/django\.po$ - name: Label by PR title - uses: actions/github-script@v8 + uses: actions/github-script@v8.0.0 with: script: | const pr = context.payload.pull_request; @@ -52,7 +52,7 @@ jobs: } - name: Label bot-generated PRs if: ${{ contains(github.actor, 'dependabot') || contains(github.actor, 'crowdin-bot') }} - uses: actions/github-script@v8 + uses: actions/github-script@v8.0.0 with: script: | const pr = context.payload.pull_request; @@ -77,7 +77,7 @@ jobs: } - name: Welcome comment if: ${{ !contains(github.actor, 'bot') }} - uses: actions/github-script@v8 + uses: actions/github-script@v8.0.0 with: script: | const pr = context.payload.pull_request; diff --git a/.github/workflows/project-actions.yml b/.github/workflows/project-actions.yml index ed27a0255..289a83115 100644 --- a/.github/workflows/project-actions.yml +++ b/.github/workflows/project-actions.yml @@ -19,6 +19,6 @@ jobs: if: github.event_name == 'pull_request_target' && (github.event.action == 'opened' || github.event.action == 'reopened') && github.event.pull_request.user.login != 'dependabot' steps: - name: Label PR with release-drafter - uses: release-drafter/release-drafter@v6 + uses: release-drafter/release-drafter@v6.2.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/repo-maintenance.yml b/.github/workflows/repo-maintenance.yml index 342165476..8a85ee5f3 100644 --- a/.github/workflows/repo-maintenance.yml +++ b/.github/workflows/repo-maintenance.yml @@ -15,7 +15,7 @@ jobs: if: github.repository_owner == 'paperless-ngx' runs-on: ubuntu-24.04 steps: - - uses: actions/stale@v10 + - uses: actions/stale@v10.1.1 with: days-before-stale: 7 days-before-close: 14 @@ -37,7 +37,7 @@ jobs: if: github.repository_owner == 'paperless-ngx' runs-on: ubuntu-24.04 steps: - - uses: dessant/lock-threads@v6 + - uses: dessant/lock-threads@v6.0.0 with: issue-inactive-days: '30' pr-inactive-days: '30' @@ -57,7 +57,7 @@ jobs: if: github.repository_owner == 'paperless-ngx' runs-on: ubuntu-24.04 steps: - - uses: actions/github-script@v8 + - uses: actions/github-script@v8.0.0 with: script: | function sleep(ms) { @@ -114,7 +114,7 @@ jobs: if: github.repository_owner == 'paperless-ngx' runs-on: ubuntu-24.04 steps: - - uses: actions/github-script@v8 + - uses: actions/github-script@v8.0.0 with: script: | function sleep(ms) { @@ -206,7 +206,7 @@ jobs: if: github.repository_owner == 'paperless-ngx' runs-on: ubuntu-24.04 steps: - - uses: actions/github-script@v8 + - uses: actions/github-script@v8.0.0 with: script: | function sleep(ms) { diff --git a/.github/workflows/translate-strings.yml b/.github/workflows/translate-strings.yml index 4cf4d2b5b..5c4a9dceb 100644 --- a/.github/workflows/translate-strings.yml +++ b/.github/workflows/translate-strings.yml @@ -11,7 +11,7 @@ jobs: contents: write steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 env: GH_REF: ${{ github.ref }} # sonar rule:githubactions:S7630 - avoid injection with: @@ -19,13 +19,13 @@ jobs: ref: ${{ env.GH_REF }} - name: Set up Python id: setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 - name: Install system dependencies run: | sudo apt-get update -qq sudo apt-get install -qq --no-install-recommends gettext - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v7.3.0 with: enable-cache: true - name: Install backend python dependencies @@ -36,18 +36,18 @@ jobs: - name: Generate backend translation strings run: cd src/ && uv run manage.py makemessages -l en_US -i "samples*" - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@v4.2.0 with: version: 10 - name: Use Node.js 24 - uses: actions/setup-node@v6 + uses: actions/setup-node@v6.2.0 with: node-version: 24.x cache: 'pnpm' cache-dependency-path: 'src-ui/pnpm-lock.yaml' - name: Cache frontend dependencies id: cache-frontend-deps - uses: actions/cache@v5 + uses: actions/cache@v5.0.3 with: path: | ~/.pnpm-store @@ -63,7 +63,7 @@ jobs: cd src-ui pnpm run ng extract-i18n - name: Commit changes - uses: stefanzweifel/git-auto-commit-action@v7 + uses: stefanzweifel/git-auto-commit-action@v7.1.0 with: file_pattern: 'src-ui/messages.xlf src/locale/en_US/LC_MESSAGES/django.po' commit_message: "Auto translate strings"