diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index 4cfe981c..852f693f 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -29,13 +29,13 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: recursive persist-credentials: false - name: Install Foundry - uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de # v1.4.0 + uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e # v1.5.0 with: version: nightly @@ -43,7 +43,7 @@ jobs: uses: hrishikesh-kadam/setup-lcov@6c1aa0cc9e1c02f9f58f01ac599f1064ccc83470 # v1 - name: Install Node.js 18 - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '18' @@ -84,7 +84,7 @@ jobs: run : lcov --rc branch_coverage=1 --remove ./lcov.info -o ./lcov.info.pruned 'src/mocks/*' 'src/test/*' 'scripts/*' 'node_modules/*' 'lib/*' --ignore-errors unused,unused - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: @@ -98,13 +98,13 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: recursive persist-credentials: false - name: Install Node.js 18 - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '18' @@ -147,25 +147,25 @@ jobs: security-events: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: recursive persist-credentials: false - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version: '18' - run: yarn install --frozen-lockfile - - uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de # v1.4.0 + - uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e # v1.5.0 with: version: nightly - name: Build contracts run: forge build --build-info --out out --evm-version cancun - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: '3.11' @@ -186,7 +186,7 @@ jobs: --json slither-report.json \ --markdown-root slither-report.md - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v5 with: name: slither-static-analysis path: | diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 87a30ea8..910ff605 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true persist-credentials: false @@ -24,20 +24,21 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Setup Node.js environment - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '21' + package-manager-cache: false - name: Install dependencies run: npm install - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 with: cache-binary: false - name: Login to Dockerhub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #v3.4.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef #v3.6.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -46,7 +47,7 @@ jobs: id: build_deploy_image env: REPOSITORY: scrolltech/scroll-stack-contracts - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64,linux/arm64 push: true @@ -59,7 +60,7 @@ jobs: id: build_gen_image env: REPOSITORY: scrolltech/scroll-stack-contracts - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64,linux/arm64 push: true diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index edb79258..fff3b69d 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -18,12 +18,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1 + uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2 - name: Run zizmor run: uvx zizmor --format sarif . > results.sarif @@ -31,7 +31,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: results.sarif category: zizmor