Update all GitHub Actions to the latest versions

[prayanshchh]

What kind of change does this PR introduce?
Updates Github actions to the laterst versions

Issue Number:
#2678

Fixes #

Did you add tests for your changes?
No

Snapshots/Videos:

If relevant, did you update the documentation?
No

Summary
Updates github actions to latest version in .yml files

Does this PR introduce a breaking change?
No

Other information

Have you read the contributing guide?
Yes

Summary by CodeRabbit

• Chores
  • Updated various GitHub Actions workflows to utilize newer versions of actions, enhancing performance and reliability.
    • actions/checkout upgraded to v4.2.2.
    • auto-label updated to v3.1.0.
    • first-interaction updated to v1.3.0.
    • actions/comment-pull-request updated to v3.0.1.
    • actions/stale updated to v9.0.0.
    • tj-actions/changed-files updated to v45.0.4.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (1)

• dev-postgres

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The pull request consists of updates to several GitHub Actions workflow files, primarily involving the upgrade of various action versions. The actions updated include actions/checkout, auto-label, first-interaction, and actions/stale, among others. These changes affect the workflows for code scanning, issue management, pull requests, and handling stale issues. The overall structure and logic of the workflows remain unchanged, with no new jobs added or existing jobs removed.

Changes

File Path	Change Summary
.github/workflows/codeql-codescan.yml	Updated actions/checkout from v4 to v4.2.2.
.github/workflows/issue.yml	Updated auto-label from v2.3.0 to v3.1.0 and first-interaction from v1 to v1.3.0.
.github/workflows/pull-request-target.yml	Updated thollander/actions-comment-pull-request from v2 to v3.0.1 and first-interaction from v1 to v1.3.0.
.github/workflows/pull-request.yml	Updated actions/checkout from v4 to v4.2.2 in multiple jobs and tj-actions/changed-files from v45 to v45.0.4.
.github/workflows/stale.yml	Updated actions/stale from v8 to v9.0.0.

Possibly related PRs

• update pull-request.yml to ignore github actions when label "ignore-protected-files-pr" is added #2626: This PR modifies the .github/workflows/pull-request.yml file, which is directly related to the main PR's changes in the same file, specifically regarding the GitHub Actions workflow configuration.

Suggested reviewers

• varshith257
• palisadoes

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Our Pull Request Approval Process

We have these basic policies to make the approval process smoother for our volunteer team.

Testing Your Code

Please make sure your code passes all tests. Our test code coverage system will fail if these conditions occur:

1. The overall code coverage drops below the target threshold of the repository
2. Any file in the pull request has code coverage levels below the repository threshold
3. Merge conflicts

The process helps maintain the overall reliability of the code base and is a prerequisite for getting your PR approved. Assigned reviewers regularly review the PR queue and tend to focus on PRs that are passing.

Reviewers

Do not assign reviewers. Our Queue Monitors will review your PR and assign them.
When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

1. comments in this PR or
2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

1. arbitrators of future discussions with other contributors about the validity of your changes
2. point of contact for evaluating the validity of your work
3. person who verifies matching issues by others that should be closed.
4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

1. PRs with issues not assigned to you will be closed by the reviewer
2. Fix the first comment in the PR so that each issue listed automatically closes

Other

1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
2. Read the CONTRIBUTING.md file make

[varshith257]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range comments (1)

.github/workflows/codeql-codescan.yml (1)

Update CodeQL actions to the latest v3 version

The workflow currently uses v2 of the CodeQL actions, but v3 is now available and stable with the latest version being v3.27.4. All three actions should be updated:

• Update github/codeql-action/init@v2 to github/codeql-action/init@v3
• Update github/codeql-action/autobuild@v2 to github/codeql-action/autobuild@v3
• Update github/codeql-action/analyze@v2 to github/codeql-action/analyze@v3

🔗 Analysis chain

Line range hint 42-52: Verify if newer versions are available for CodeQL actions

While updating action versions, let's verify if there are newer stable versions available for the CodeQL actions currently using v2.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the latest versions of CodeQL actions

# Get the latest releases for CodeQL actions
echo "Latest releases for github/codeql-action:"
gh api repos/github/codeql-action/releases --paginate | jq -r '.[].tag_name' | head -n 5

# Get current marketplace versions
echo -e "\nMarketplace versions for CodeQL actions:"
gh api graphql -f query='
{
  search(query: "topic:actions codeql-action", type: REPOSITORY, first: 10) {
    nodes {
      ... on Repository {
        name
        releases(first: 5, orderBy: {field: CREATED_AT, direction: DESC}) {
          nodes {
            tagName
            createdAt
          }
        }
      }
    }
  }
}' | jq -r '.data.search.nodes[].releases.nodes[] | "\(.tagName) (\(.createdAt))"'

Length of output: 1019

🧰 Tools

🪛 yamllint

[error] 38-38: wrong indentation: expected 6 but found 4

(indentation)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE

📥 Commits

Reviewing files that changed from the base of the PR and between 670da15 and 7ff2240.

📒 Files selected for processing (5)

• .github/workflows/codeql-codescan.yml (1 hunks)
• .github/workflows/issue.yml (2 hunks)
• .github/workflows/pull-request-target.yml (2 hunks)
• .github/workflows/pull-request.yml (6 hunks)
• .github/workflows/stale.yml (1 hunks)

🧰 Additional context used

🪛 yamllint

.github/workflows/stale.yml

[error] 28-28: wrong indentation: expected 6 but found 4

(indentation)

🔇 Additional comments (7)

.github/workflows/codeql-codescan.yml (1)

39-39: LGTM! Safe version update for checkout action

The update from v4 to v4.2.2 for actions/checkout is a patch version update that maintains backward compatibility while incorporating bug fixes.

.github/workflows/issue.yml (2)

31-31: LGTM: Safe version bump for first-interaction action

The update from v1 to v1.3.0 is a minor version bump within the same major version, maintaining backward compatibility. The configuration remains valid.

---

21-21: Verify compatibility with [email protected]

The update includes a major version bump (v2.3.0 -> v3.1.0) which might introduce breaking changes.

Let's verify the changelog and compatibility:

✅ Verification successful

The previous output shows the version history but we need to verify the current configuration against v3 requirements. Let's examine the workflow file and any related configuration to ensure compatibility.

---

Update to [email protected] is compatible

The current configuration is compatible with v3.1.0 as it:

• Uses the correct token configuration with repo-token
• Properly configures default labels using the supported default-labels parameter
• Correctly uses the ignore-comments flag
• Maintains a simple labeling workflow that hasn't changed across versions

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check release notes and recent issues for breaking changes

# Fetch latest releases and their dates
gh release list --repo Renato66/auto-label

# Check for recent issues mentioning breaking changes or v3
gh search issues "repo:Renato66/auto-label breaking changes v3" --state all --json title,url,state

# Verify current usage in other workflow files
rg "Renato66/auto-label@" .github/workflows/

Length of output: 3636

---

Script:

#!/bin/bash
# Let's check the current configuration and compare with v3 requirements

# Check current workflow configuration
cat .github/workflows/issue.yml

# Check for any configuration files referenced
fd "auto-label" --type f

# Search for label-related configuration
rg -l "labels:" .github

Length of output: 1624

.github/workflows/pull-request-target.yml (2)

70-70: LGTM: Safe version update of first-interaction action

The update to actions/[email protected] is a minor version bump from an official GitHub action, which follows semantic versioning. This should be backward compatible and includes security updates.

---

22-22: Verify breaking changes in actions-comment-pull-request v3.0.1

The major version bump (v2 → v3) might introduce breaking changes. Let's verify the changes:

.github/workflows/pull-request.yml (2)

72-72: Verify if v45.0.4 is the latest stable version of tj-actions/changed-files

The changed-files action has been updated to v45.0.4 in the check_unauthorized_file_changes job.

✅ Verification successful

The workflow is using the latest stable version v45.0.4 of tj-actions/changed-files

The GitHub API confirms that v45.0.4 is indeed the latest stable release of the tj-actions/changed-files action, matching exactly with the version used in the workflow.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if v45.0.4 is the latest stable version of tj-actions/changed-files

# Fetch the latest release version
LATEST=$(gh api repos/tj-actions/changed-files/releases/latest --jq .tag_name)
echo "Latest stable version: $LATEST"
echo "Current version in workflow: v45.0.4"

# Compare versions
if [ "$LATEST" != "v45.0.4" ]; then
  echo "Warning: A newer version is available"
fi

Length of output: 273

---

28-28: Verify if v4.2.2 is the latest stable version of actions/checkout

The checkout action has been consistently updated to v4.2.2 across all jobs.

Also applies to: 38-38, 48-48, 58-58, 69-69, 98-98

✅ Verification successful

✓ The workflow is using the latest stable version of actions/[email protected]

The verification confirms that v4.2.2 is indeed the latest stable release of actions/checkout, matching exactly with the version used in the workflow.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if v4.2.2 is the latest stable version of actions/checkout

# Fetch the latest release version
LATEST=$(gh api repos/actions/checkout/releases/latest --jq .tag_name)
echo "Latest stable version: $LATEST"
echo "Current version in workflow: v4.2.2"

# Compare versions
if [ "$LATEST" != "v4.2.2" ]; then
  echo "Warning: A newer version is available"
fi

Length of output: 258

[prayanshchh]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[JiyaGupta-cs]

@varshith257 All upgraded versions pins to a specific version, rather it should pin to major version
It will automatically use the latest minor and patch version and this provides automatic bug fixes and minor improvements

[varshith257]

Makes sense! Patch it up

[JiyaGupta-cs]

@prayanshchh Are you fixing it ?

[prayanshchh]

yes

[prayanshchh]

shall I create new PR @varshith257

[varshith257]

Yes

…

On Tue, 19 Nov, 2024, 1:54 pm prayansh_chhablani, ***@***.***> wrote: shall I create new PR @varshith257 <https://github.com/varshith257> — Reply to this email directly, view it on GitHub <#2690 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A4BF3HE2GY3XJ4UPP6S6LBD2BLYTPAVCNFSM6AAAAABR6WWKQ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBVGAYTAOJQGE> . You are receiving this because you were mentioned.Message ID: ***@***.***>