diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1c67e191f94..070070cc5b9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -40,7 +40,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 + uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - name: Cache Gradle files uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 @@ -62,13 +62,13 @@ jobs: ${{ runner.os }}-build- - name: Configure JDK - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} - name: Configure Ruby - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 + uses: ruby/setup-ruby@540484a3c0f308b08619664ec40bf6c371d172c3 # v1.205.0 with: bundler-cache: true @@ -85,7 +85,7 @@ jobs: run: bundle exec fastlane assembleDebugApks - name: Upload test reports on failure - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 if: failure() with: name: test-reports @@ -106,7 +106,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure Ruby - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 + uses: ruby/setup-ruby@540484a3c0f308b08619664ec40bf6c371d172c3 # v1.205.0 with: bundler-cache: true @@ -157,7 +157,7 @@ jobs: --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 + uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - name: Cache Gradle files uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 @@ -179,7 +179,7 @@ jobs: ${{ runner.os }}-build- - name: Configure JDK - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} @@ -253,7 +253,7 @@ jobs: - name: Upload release Play Store .aab artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.aab path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab @@ -261,7 +261,7 @@ jobs: - name: Upload beta Play Store .aab artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.beta.aab path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab @@ -269,7 +269,7 @@ jobs: - name: Upload release .apk artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.apk path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk @@ -277,7 +277,7 @@ jobs: - name: Upload beta .apk artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.beta.apk path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk @@ -286,7 +286,7 @@ jobs: # When building variants other than 'prod' - name: Upload debug .apk artifact if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.${{ matrix.variant }}.apk path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk @@ -324,7 +324,7 @@ jobs: - name: Upload .apk SHA file for release if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.apk-sha256.txt path: ./com.x8bit.bitwarden.apk-sha256.txt @@ -332,7 +332,7 @@ jobs: - name: Upload .apk SHA file for beta if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.beta.apk-sha256.txt path: ./com.x8bit.bitwarden.beta.apk-sha256.txt @@ -340,7 +340,7 @@ jobs: - name: Upload .aab SHA file for release if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.aab-sha256.txt path: ./com.x8bit.bitwarden.aab-sha256.txt @@ -348,7 +348,7 @@ jobs: - name: Upload .aab SHA file for beta if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.beta.aab-sha256.txt path: ./com.x8bit.bitwarden.beta.aab-sha256.txt @@ -356,7 +356,7 @@ jobs: - name: Upload .apk SHA file for debug if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt @@ -405,7 +405,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure Ruby - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 + uses: ruby/setup-ruby@540484a3c0f308b08619664ec40bf6c371d172c3 # v1.205.0 with: bundler-cache: true @@ -442,7 +442,7 @@ jobs: --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 + uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - name: Cache Gradle files uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 @@ -464,7 +464,7 @@ jobs: ${{ runner.os }}-build- - name: Configure JDK - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} @@ -515,7 +515,7 @@ jobs: keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}" - name: Upload F-Droid .apk artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden-fdroid.apk path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk @@ -527,14 +527,14 @@ jobs: > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt - name: Upload F-Droid SHA file - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden-fdroid.apk-sha256.txt path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt if-no-files-found: error - name: Upload F-Droid Beta .apk artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.beta-fdroid.apk path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk @@ -546,7 +546,7 @@ jobs: > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt - name: Upload F-Droid Beta SHA file - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index 18864bb64c0..203d2125b82 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -29,14 +29,14 @@ jobs: secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase" - name: Generate GH App token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 id: app-token with: app-id: ${{ secrets.BW_GHAPP_ID }} private-key: ${{ secrets.BW_GHAPP_KEY }} - name: Download translations - uses: crowdin/github-action@a9ffb7d5ac46eca1bb1f06656bf888b39462f161 # v2.4.0 + uses: crowdin/github-action@8dfaf9c206381653e3767e3cb5ea5f08b45f02bf # v2.5.0 env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/crowdin-push.yml b/.github/workflows/crowdin-push.yml index 6438a61e63a..5944ba9baeb 100644 --- a/.github/workflows/crowdin-push.yml +++ b/.github/workflows/crowdin-push.yml @@ -29,7 +29,7 @@ jobs: secrets: "crowdin-api-token" - name: Upload sources - uses: crowdin/github-action@a9ffb7d5ac46eca1bb1f06656bf888b39462f161 # v2.4.0 + uses: crowdin/github-action@8dfaf9c206381653e3767e3cb5ea5f08b45f02bf # v2.5.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml index 3455242dcdd..f0c7fd6bfd0 100644 --- a/.github/workflows/github-release.yml +++ b/.github/workflows/github-release.yml @@ -95,7 +95,7 @@ jobs: - name: Create Release id: create_release - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: tag_name: "v${{ inputs.version-name }}" name: "${{ inputs.version-name }} (${{ inputs.version-number }})" diff --git a/.github/workflows/scan-ci.yml b/.github/workflows/scan-ci.yml index 49a15ecae2b..bf1175ffa35 100644 --- a/.github/workflows/scan-ci.yml +++ b/.github/workflows/scan-ci.yml @@ -21,7 +21,7 @@ jobs: fetch-depth: 0 - name: Scan with Checkmarx - uses: checkmarx/ast-github-action@b74e8d514feae4ad5ad2b43e72590935bd2daf5f # 2.0.39 + uses: checkmarx/ast-github-action@629a9fac14369bf2898d583b22bf8c40a5caf8e9 # 2.0.40 with: project_name: ${{ github.repository }} cx_tenant: ${{ secrets.CHECKMARX_TENANT }} @@ -34,7 +34,7 @@ jobs: --output-path . - name: Upload Checkmarx results to GitHub - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: cx_result.sarif diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 82becaecea1..de498579f3d 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Scan with Checkmarx - uses: checkmarx/ast-github-action@b74e8d514feae4ad5ad2b43e72590935bd2daf5f # 2.0.39 + uses: checkmarx/ast-github-action@629a9fac14369bf2898d583b22bf8c40a5caf8e9 # 2.0.40 env: INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}" with: @@ -43,7 +43,7 @@ jobs: --output-path . ${{ env.INCREMENTAL }} - name: Upload Checkmarx results to GitHub - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: cx_result.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b68c5c407f3..5929d6cda71 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 + uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - name: Cache Gradle files uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 @@ -52,12 +52,12 @@ jobs: ${{ runner.os }}-build- - name: Configure Ruby - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 + uses: ruby/setup-ruby@540484a3c0f308b08619664ec40bf6c371d172c3 # v1.205.0 with: bundler-cache: true - name: Configure JDK - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} @@ -73,13 +73,13 @@ jobs: bundle exec fastlane check - name: Upload test reports on failure - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 if: failure() with: name: test-reports path: app/build/reports/tests/ - name: Upload to codecov.io - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 with: files: app/build/reports/kover/reportStandardDebug.xml