Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[No QA] Use Node 20 for all JavaScript GitHub Actions #31501

Merged
merged 2 commits into from
Nov 17, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ inputs:
description: If provided, this action will only wait for a deploy matching this tag.
required: false
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/bumpVersion/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ outputs:
NEW_VERSION:
description: The new semver version of the application, updated in the JS and native layers.
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ outputs:
HAS_DEPLOY_BLOCKERS:
description: A true/false indicating whether or not a deploy blocker was found.
runs:
using: 'node16'
using: 'node20'
main: 'index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ inputs:
description: The new NPM version of the StagingDeployCash issue.
required: false
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@ outputs:
PR_LIST:
description: Array of pull request numbers
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/getPreviousVersion/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ outputs:
PREVIOUS_VERSION:
description: The previous semver version of the application, according to the SEMVER_LEVEL provided
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,5 @@ outputs:
FORKED_REPO_URL:
description: 'Output forked repo URL if PR includes changes from a fork'
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/getReleaseBody/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ outputs:
RELEASE_BODY:
description: String body of a production release.
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ outputs:
NUMBER:
description: StagingDeployCash issue number
runs:
using: 'node16'
using: 'node20'
main: 'index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,5 @@ inputs:
description: "Web job result ('success', 'failure', 'cancelled', or 'skipped')"
required: true
runs:
using: "node16"
using: "node20"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NAB but would be nice to standardize on ' or "

Suggested change
using: "node20"
using: 'node20'

main: "./index.js"
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,5 @@ inputs:
description: "Link for the web build"
required: false
runs:
using: "node16"
using: "node20"
main: "./index.js"
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ inputs:
description: The comment string we want to leave on the issue after we reopen it.
required: true
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/reviewerChecklist/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@ inputs:
description: Auth token for New Expensify Github
required: true
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ inputs:
description: Refers to the results obtained from regression tests `.reassure/output.json`.
required: true
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ inputs:
required: false

runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/workflows/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ git fetch origin tag 1.0.1-0 --no-tags --shallow-exclude=1.0.0-0 # This will fet

## Security Rules 🔐
1. Do **not** use `pull_request_target` trigger unless an external fork needs access to secrets, or a _write_ `GITHUB_TOKEN`.
1. Do **not ever** write a `pull_request_target` trigger with an explicit PR checkout, e.g. using `actions/checkout@v2`. This is [discussed further here](https://securitylab.github.com/research/github-actions-preventing-pwn-requests)
1. Do **not ever** write a `pull_request_target` trigger with an explicit PR checkout, e.g. using `actions/checkout@v4`. This is [discussed further here](https://securitylab.github.com/research/github-actions-preventing-pwn-requests)
1. **Do use** the `pull_request` trigger as it does not send internal secrets and only grants a _read_ `GITHUB_TOKEN`.
1. If an untrusted (i.e: not maintained by GitHub) external action needs access to any secret (`GITHUB_TOKEN` or internal secret), use the commit hash of the workflow to prevent a modification of underlying source code at that version. For example:
1. **Bad:** `hmarr/[email protected]` Relies on the tag
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/authorChecklist.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
if: github.actor != 'OSBotify' && github.actor != 'imgbot[bot]'
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- name: authorChecklist.js
uses: ./.github/actions/javascript/authorChecklist
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ jobs:
if: github.ref == 'refs/heads/staging'
steps:
- name: Checkout staging branch
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4
with:
ref: staging
token: ${{ secrets.OS_BOTIFY_TOKEN }}

- uses: Expensify/App/.github/actions/composite/setupGitForOSBotifyApp@8c19d6da4a3d7ce3b15c9cd89a802187d208ecab
id: setupGitForOSBotify
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deployExpensifyHelp.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4

- name: Setup NodeJS
uses: Expensify/App/.github/actions/composite/setupNode@main
Expand Down
10 changes: 4 additions & 6 deletions .github/workflows/testBuild.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ jobs:
steps:
- name: Checkout
if: ${{ github.event_name == 'workflow_dispatch' }}
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4

- name: Check if pull request number is correct
if: ${{ github.event_name == 'workflow_dispatch' }}
Expand All @@ -70,9 +70,8 @@ jobs:
env:
PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }}
steps:
# This action checks-out the repository, so the workflow can access it.
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || needs.getBranchRef.outputs.REF }}

Expand Down Expand Up @@ -135,9 +134,8 @@ jobs:
PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }}
runs-on: macos-13-xlarge
steps:
# This action checks-out the repository, so the workflow can access it.
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || needs.getBranchRef.outputs.REF }}

Expand Down Expand Up @@ -302,7 +300,7 @@ jobs:
PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }}
steps:
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4
if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }}
with:
ref: ${{ github.event.pull_request.head.sha || needs.getBranchRef.outputs.REF }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/updateHelpDotRedirects.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4

- name: Create help dot redirect
env:
Expand Down
Loading