From 59c0b23833152132305a4d4224107ce24d7ced09 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 11:10:41 +0000 Subject: [PATCH 1/4] chore(deps): bump actions/create-github-app-token in the release group Bumps the release group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `actions/create-github-app-token` from 2 to 3 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: release ... Signed-off-by: dependabot[bot] --- .github/workflows/gptchangelog.yml | 2 +- .github/workflows/helm-update-chart.yml | 2 +- .github/workflows/release-notification.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/typescript-release.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gptchangelog.yml b/.github/workflows/gptchangelog.yml index 180b8bf3..e6561afc 100644 --- a/.github/workflows/gptchangelog.yml +++ b/.github/workflows/gptchangelog.yml @@ -252,7 +252,7 @@ jobs: steps: - name: Create GitHub App Token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 id: app-token with: app-id: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_APP_ID }} diff --git a/.github/workflows/helm-update-chart.yml b/.github/workflows/helm-update-chart.yml index 20cf0747..72f1f214 100644 --- a/.github/workflows/helm-update-chart.yml +++ b/.github/workflows/helm-update-chart.yml @@ -100,7 +100,7 @@ jobs: steps: - name: Generate GitHub App Token id: app-token - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} diff --git a/.github/workflows/release-notification.yml b/.github/workflows/release-notification.yml index d025a589..8a0a12ba 100644 --- a/.github/workflows/release-notification.yml +++ b/.github/workflows/release-notification.yml @@ -114,7 +114,7 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} steps: - name: Create GitHub App token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 id: app-token with: app-id: ${{ secrets.APP_ID }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a26472c7..4b6e573a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -103,7 +103,7 @@ jobs: gpg_fingerprint: ${{ steps.import_gpg.outputs.fingerprint }} steps: - - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-token with: app-id: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_APP_ID }} diff --git a/.github/workflows/typescript-release.yml b/.github/workflows/typescript-release.yml index 92704d1e..4cea8eac 100644 --- a/.github/workflows/typescript-release.yml +++ b/.github/workflows/typescript-release.yml @@ -114,7 +114,7 @@ jobs: gpg_fingerprint: ${{ steps.import_gpg.outputs.fingerprint }} steps: - - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-token with: app-id: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_APP_ID }} From efc030b0be1a095551f47a4b204afb6532929bc4 Mon Sep 17 00:00:00 2001 From: Lucas Bedatty Date: Mon, 6 Apr 2026 11:22:41 -0300 Subject: [PATCH 2/4] fix(deps): pin create-github-app-token to SHA for v3 tag --- .github/workflows/gptchangelog.yml | 2 +- .github/workflows/release-notification.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gptchangelog.yml b/.github/workflows/gptchangelog.yml index e6561afc..9415e571 100644 --- a/.github/workflows/gptchangelog.yml +++ b/.github/workflows/gptchangelog.yml @@ -252,7 +252,7 @@ jobs: steps: - name: Create GitHub App Token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 id: app-token with: app-id: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_APP_ID }} diff --git a/.github/workflows/release-notification.yml b/.github/workflows/release-notification.yml index 8a0a12ba..5c3c8d01 100644 --- a/.github/workflows/release-notification.yml +++ b/.github/workflows/release-notification.yml @@ -114,7 +114,7 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} steps: - name: Create GitHub App token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 id: app-token with: app-id: ${{ secrets.APP_ID }} From 2e856c86113d070a80d5920a14ca1b7dd8c8081e Mon Sep 17 00:00:00 2001 From: Lucas Bedatty Date: Mon, 6 Apr 2026 11:27:09 -0300 Subject: [PATCH 3/4] fix(deps): pin all remaining actions to commit SHA --- .github/workflows/gptchangelog.yml | 12 ++++++------ .github/workflows/release-notification.yml | 6 +++--- .github/workflows/release.yml | 8 ++++---- .github/workflows/typescript-release.yml | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/gptchangelog.yml b/.github/workflows/gptchangelog.yml index 9415e571..b09fbe62 100644 --- a/.github/workflows/gptchangelog.yml +++ b/.github/workflows/gptchangelog.yml @@ -62,7 +62,7 @@ jobs: is_stable: ${{ steps.check-tag.outputs.is_stable }} steps: - name: Checkout for branch check - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -139,14 +139,14 @@ jobs: - name: Checkout repository if: steps.check-tag.outputs.is_stable == 'true' || inputs.stable_releases_only == false - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Get changed paths (monorepo) if: (steps.check-tag.outputs.is_stable == 'true' || inputs.stable_releases_only == false) && inputs.filter_paths != '' id: changed-paths - uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 with: filter-paths: ${{ inputs.filter_paths }} shared-paths: ${{ inputs.shared_paths }} @@ -259,7 +259,7 @@ jobs: private-key: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_PRIVATE_KEY }} - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} @@ -279,7 +279,7 @@ jobs: fi - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v7 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7 id: import_gpg with: gpg_private_key: ${{ secrets.LERIAN_CI_CD_USER_GPG_KEY }} @@ -733,7 +733,7 @@ jobs: runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - name: Send Slack notification for sync PR - uses: slackapi/slack-github-action@v1.24.0 + uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 with: payload: | { diff --git a/.github/workflows/release-notification.yml b/.github/workflows/release-notification.yml index 5c3c8d01..88ec3806 100644 --- a/.github/workflows/release-notification.yml +++ b/.github/workflows/release-notification.yml @@ -121,7 +121,7 @@ jobs: private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Fetch latest release tag id: release @@ -162,7 +162,7 @@ jobs: - name: Discord notification if: ${{ env.DISCORD_WEBHOOK_URL != '' }} - uses: LerianStudio/github-actions-shared-workflows/src/notify/discord-release@v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/notify/discord-release@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 with: webhook-url: ${{ secrets.DISCORD_WEBHOOK_URL }} release-tag: ${{ steps.release.outputs.tag }} @@ -174,7 +174,7 @@ jobs: - name: Slack notification if: ${{ env.SLACK_WEBHOOK_URL != '' && inputs.slack_channel != '' }} - uses: LerianStudio/github-actions-shared-workflows/src/notify/slack-release@v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/notify/slack-release@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 with: webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} channel: ${{ inputs.slack_channel }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4b6e573a..b2b5eb8a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,7 @@ jobs: - name: Get changed paths (monorepo) if: inputs.filter_paths != '' id: changed-paths - uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 with: filter-paths: ${{ inputs.filter_paths }} shared-paths: ${{ inputs.shared_paths }} @@ -150,7 +150,7 @@ jobs: # ----------------- Snapshot tags before release ----------------- - name: Snapshot tags before release id: pre-tags - uses: LerianStudio/github-actions-shared-workflows/src/config/release-tag-snapshot@v1.22.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/release-tag-snapshot@bbb826bf0b2ae2a45ec8c0987b299684ff3287b7 # v1.22.0 - name: Semantic Release uses: cycjimmy/semantic-release-action@b12c8f6015dc215fe37bc154d4ad456dd3833c90 # v6 @@ -174,7 +174,7 @@ jobs: - name: Detect if release was published if: always() && steps.semantic.outcome == 'failure' id: detect-release - uses: LerianStudio/github-actions-shared-workflows/src/config/release-tag-check@v1.21.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/release-tag-check@4851bfec16865b82e94fb310758f35c2a3f8fdc4 # v1.21.0 with: previous-tag: ${{ steps.pre-tags.outputs.latest-tag }} @@ -185,7 +185,7 @@ jobs: steps.semantic.outputs.new_release_published == 'true' || steps.detect-release.outputs.release-published == 'true' ) - uses: LerianStudio/github-actions-shared-workflows/src/config/backmerge-pr@v1.21.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/backmerge-pr@4851bfec16865b82e94fb310758f35c2a3f8fdc4 # v1.21.0 with: github-token: ${{ steps.app-token.outputs.token }} source-branch: ${{ github.ref_name }} diff --git a/.github/workflows/typescript-release.yml b/.github/workflows/typescript-release.yml index 4cea8eac..db3e6205 100644 --- a/.github/workflows/typescript-release.yml +++ b/.github/workflows/typescript-release.yml @@ -69,7 +69,7 @@ jobs: - name: Get changed paths (monorepo) if: inputs.filter_paths != '' id: changed-paths - uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 with: filter-paths: ${{ inputs.filter_paths }} shared-paths: ${{ inputs.shared_paths }} From 60e8872acd8810ca24989d2ff9d372f024bc4347 Mon Sep 17 00:00:00 2001 From: Lucas Bedatty Date: Mon, 6 Apr 2026 11:31:32 -0300 Subject: [PATCH 4/4] fix(deps): revert internal modules back to tags --- .github/workflows/gptchangelog.yml | 2 +- .github/workflows/release-notification.yml | 4 ++-- .github/workflows/release.yml | 8 ++++---- .github/workflows/typescript-release.yml | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/gptchangelog.yml b/.github/workflows/gptchangelog.yml index b09fbe62..88003b24 100644 --- a/.github/workflows/gptchangelog.yml +++ b/.github/workflows/gptchangelog.yml @@ -146,7 +146,7 @@ jobs: - name: Get changed paths (monorepo) if: (steps.check-tag.outputs.is_stable == 'true' || inputs.stable_releases_only == false) && inputs.filter_paths != '' id: changed-paths - uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@v1.18.0 with: filter-paths: ${{ inputs.filter_paths }} shared-paths: ${{ inputs.shared_paths }} diff --git a/.github/workflows/release-notification.yml b/.github/workflows/release-notification.yml index 88ec3806..a2444cef 100644 --- a/.github/workflows/release-notification.yml +++ b/.github/workflows/release-notification.yml @@ -162,7 +162,7 @@ jobs: - name: Discord notification if: ${{ env.DISCORD_WEBHOOK_URL != '' }} - uses: LerianStudio/github-actions-shared-workflows/src/notify/discord-release@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/notify/discord-release@v1.18.0 with: webhook-url: ${{ secrets.DISCORD_WEBHOOK_URL }} release-tag: ${{ steps.release.outputs.tag }} @@ -174,7 +174,7 @@ jobs: - name: Slack notification if: ${{ env.SLACK_WEBHOOK_URL != '' && inputs.slack_channel != '' }} - uses: LerianStudio/github-actions-shared-workflows/src/notify/slack-release@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/notify/slack-release@v1.18.0 with: webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} channel: ${{ inputs.slack_channel }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b2b5eb8a..4b6e573a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,7 @@ jobs: - name: Get changed paths (monorepo) if: inputs.filter_paths != '' id: changed-paths - uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@v1.18.0 with: filter-paths: ${{ inputs.filter_paths }} shared-paths: ${{ inputs.shared_paths }} @@ -150,7 +150,7 @@ jobs: # ----------------- Snapshot tags before release ----------------- - name: Snapshot tags before release id: pre-tags - uses: LerianStudio/github-actions-shared-workflows/src/config/release-tag-snapshot@bbb826bf0b2ae2a45ec8c0987b299684ff3287b7 # v1.22.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/release-tag-snapshot@v1.22.0 - name: Semantic Release uses: cycjimmy/semantic-release-action@b12c8f6015dc215fe37bc154d4ad456dd3833c90 # v6 @@ -174,7 +174,7 @@ jobs: - name: Detect if release was published if: always() && steps.semantic.outcome == 'failure' id: detect-release - uses: LerianStudio/github-actions-shared-workflows/src/config/release-tag-check@4851bfec16865b82e94fb310758f35c2a3f8fdc4 # v1.21.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/release-tag-check@v1.21.0 with: previous-tag: ${{ steps.pre-tags.outputs.latest-tag }} @@ -185,7 +185,7 @@ jobs: steps.semantic.outputs.new_release_published == 'true' || steps.detect-release.outputs.release-published == 'true' ) - uses: LerianStudio/github-actions-shared-workflows/src/config/backmerge-pr@4851bfec16865b82e94fb310758f35c2a3f8fdc4 # v1.21.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/backmerge-pr@v1.21.0 with: github-token: ${{ steps.app-token.outputs.token }} source-branch: ${{ github.ref_name }} diff --git a/.github/workflows/typescript-release.yml b/.github/workflows/typescript-release.yml index db3e6205..4cea8eac 100644 --- a/.github/workflows/typescript-release.yml +++ b/.github/workflows/typescript-release.yml @@ -69,7 +69,7 @@ jobs: - name: Get changed paths (monorepo) if: inputs.filter_paths != '' id: changed-paths - uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@f8da102a7a0ee29c0f67cfd40921690c669811fb # v1.18.0 + uses: LerianStudio/github-actions-shared-workflows/src/config/changed-paths@v1.18.0 with: filter-paths: ${{ inputs.filter_paths }} shared-paths: ${{ inputs.shared_paths }}