diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..3bad94f9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" \ No newline at end of file diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 049ae040..de5b3afd 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -36,7 +36,7 @@ jobs: private-key: ${{ secrets.APP_PRIVATE_KEY }} skip-token-revoke: true - name: Create in progress check - uses: LouisBrunner/checks-action@v1.6.1 + uses: LouisBrunner/checks-action@v2.0.0 with: token: ${{ steps.app-token.outputs.token }} sha: ${{ env.COMMIT_SHA }} @@ -48,7 +48,7 @@ jobs: - name: Build and run PR timeout-minutes: 60 id: build-and-run - uses: SegmentLinking/TrackLooper-actions/standalone@v1 + uses: SegmentLinking/TrackLooper-actions/standalone@main with: pr-number: ${{ github.event.issue.number }} - name: Upload plots to archival repo @@ -60,7 +60,7 @@ jobs: SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_PRIVATE_KEY }} TARGET_DIR: ${{ steps.build-and-run.outputs.archive-dir }} - name: Comment on PR - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: script: | github.rest.issues.createComment({ @@ -71,7 +71,7 @@ jobs: }) - name: Comment on PR if job failed. if: failure() - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: script: | github.rest.issues.createComment({ @@ -88,7 +88,7 @@ jobs: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Create completed check - uses: LouisBrunner/checks-action@v1.6.1 + uses: LouisBrunner/checks-action@v2.0.0 if: always() with: token: ${{ steps.app-token-end.outputs.token }} @@ -122,7 +122,7 @@ jobs: private-key: ${{ secrets.APP_PRIVATE_KEY }} skip-token-revoke: true - name: Create in progress check - uses: LouisBrunner/checks-action@v1.6.1 + uses: LouisBrunner/checks-action@v2.0.0 with: token: ${{ steps.app-token.outputs.token }} sha: ${{ env.COMMIT_SHA }} @@ -143,10 +143,6 @@ jobs: # Check if there is a branch after "/run cmssw" words=($line) cmssw_branch="${words[2]}" - # Validate the extracted branch to avoid code injection - if [ -n "$cmssw_branch" ]; then - cmssw_branch=$(git check-ref-format --branch $cmssw_branch || echo "default") - fi fi done <<< "$COMMENT_BODY" if [ -z "$cmssw_branch" ]; then @@ -157,7 +153,7 @@ jobs: - name: Build and run PR timeout-minutes: 200 id: build-and-run - uses: SegmentLinking/TrackLooper-actions/cmssw@v1 + uses: SegmentLinking/TrackLooper-actions/cmssw@main with: pr-number: ${{ github.event.issue.number }} cmssw-branch: ${{ env.cmssw-branch }} @@ -170,7 +166,7 @@ jobs: SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_PRIVATE_KEY }} TARGET_DIR: ${{ steps.build-and-run.outputs.archive-dir }} - name: Comment on PR - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: script: | github.rest.issues.createComment({ @@ -181,7 +177,7 @@ jobs: }) - name: Comment on PR if job failed. if: failure() - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: script: | github.rest.issues.createComment({ @@ -198,7 +194,7 @@ jobs: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Create completed check - uses: LouisBrunner/checks-action@v1.6.1 + uses: LouisBrunner/checks-action@v2.0.0 if: always() with: token: ${{ steps.app-token-end.outputs.token }}