chore(deps): update actions/checkout action to v4.3.0 #4820
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - edited | |
| - opened | |
| - ready_for_review | |
| - synchronize | |
| merge_group: | |
| name: Lint shared-workflows | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint-action-yaml: | |
| name: Lint action YAMLs | |
| permissions: | |
| actions: write # for the cache | |
| contents: read | |
| runs-on: ubuntu-latest | |
| container: | |
| image: mikefarah/yq:4.47.1@sha256:b9285dd3b0bea3c34d0c54415dd48d767dabd9644d489bd6e253660847b58419 | |
| # https://github.com/actions/checkout/issues/956 | |
| options: --user root | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| persist-credentials: false | |
| - name: Install dependencies | |
| run: | | |
| # tar is needed to save/restore the schema cache | |
| apk add --no-cache curl github-cli tar | |
| - name: Restore github-action.json schema | |
| id: restore-schema | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: | | |
| github-action.json | |
| github-action.json-etag | |
| key: github-action-schema | |
| # Doesn't matter if we save/restore the schema from different OSes | |
| enableCrossOsArchive: true | |
| - name: Download github-action.json schema | |
| id: download-schema | |
| # Download failures are non-fatal if we have a cache hit, because we can | |
| # use the cached schema | |
| continue-on-error: ${{ steps.restore-schema.outputs.cache-hit == 'true' }} | |
| run: | | |
| response_code=$(curl \ | |
| --write-out '%{response_code}' \ | |
| --verbose \ | |
| --retry 5 \ | |
| --remote-time \ | |
| --remote-name \ | |
| --time-cond github-action.json \ | |
| --etag-save github-action.json-etag \ | |
| --etag-compare github-action.json-etag \ | |
| https://www.schemastore.org/github-action.json); | |
| curl_exit_code="${?}"; | |
| if [[ "${curl_exit_code}" -ne 0 ]]; then | |
| exit "${curl_exit_code}"; | |
| fi | |
| # If the schema has changed (200 vs. 304 if it's not changed), we need | |
| # to update the cache. | |
| echo "schema-changed=$([ "${response_code}" -eq 200 ] && echo true || echo false)" >> "${GITHUB_OUTPUT}" | |
| # Caches can't be overwritten, so we need to delete the previous cache if | |
| # the schema has changed | |
| - name: Delete Previous Cache | |
| if: steps.restore-schema.conclusion == 'success' && steps.restore-schema.outputs.cache-hit == 'true' && steps.download-schema.outputs.schema-changed == 'true' | |
| run: | | |
| gh extension install actions/gh-actions-cache | |
| gh actions-cache delete --repo "${{ github.repository }}" "github-action-schema" --confirm | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Save github-action.json schema to cache | |
| uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| if: steps.restore-schema.conclusion == 'success' && steps.download-schema.outputs.schema-changed == 'true' | |
| with: | |
| path: | | |
| github-action.json | |
| github-action.json-etag | |
| key: github-action-schema | |
| # Doesn't matter if we save/restore the schema from different OSes | |
| enableCrossOsArchive: true | |
| - name: Convert action YAMLS to JSON | |
| id: convert-action-yaml-to-json | |
| run: | | |
| set -ex | |
| find . -name 'action.yaml' -o -name 'action.yml' | while read -r file; do | |
| JSON_FILE="${file%.*}.json" | |
| yq eval -o=j "$file" > "${JSON_FILE}" | |
| # Save converted filenames to a file | |
| echo "${JSON_FILE}" >> converted-files.txt | |
| done | |
| echo "Converted: $(tr '\n' ' ' < converted-files.txt)" | |
| # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-of-a-multiline-string | |
| { | |
| echo 'converted-files<<EOF' | |
| cat converted-files.txt | |
| echo 'EOF' | |
| } >> "${GITHUB_OUTPUT}" | |
| - name: Validate action definitions | |
| uses: ScratchAddons/validate-json-action@8f71e0683221310e32661c1b1634399858bde75f | |
| with: | |
| schema: github-action.json | |
| jsons: ${{ steps.convert-action-yaml-to-json.outputs.converted-files }} |