diff --git a/.github/skills/tool-version-upgrade/SKILL.md b/.github/skills/tool-version-upgrade/SKILL.md index 8ed1cddb629..453e774eb96 100644 --- a/.github/skills/tool-version-upgrade/SKILL.md +++ b/.github/skills/tool-version-upgrade/SKILL.md @@ -1,10 +1,11 @@ --- name: tool-version-upgrade description: >- - **WORKFLOW SKILL** — Upgrades bundled CLI tool versions (GitHub CLI or Bicep CLI) in azd. - Fetches the latest release from the upstream repo, compares with the current pinned version, - confirms with the user, creates a tracking issue, updates version references in source code - and CI workflows, and opens a PR. + **WORKFLOW SKILL** — Upgrades bundled CLI tool versions (GitHub CLI or Bicep CLI) and pinned tool versions to the latest stable upstream release in azd. + Supported targets: GitHub CLI (Go source), Bicep CLI (Go source + lint workflow), and GitHub Actions referenced in `.github/workflows/*.yml` (audit + bulk bump). + Fetches the latest release(s) upstream, compares with the current pinned version(s), + confirms with the user, creates a tracking issue, updates the references in source code, GitHub Action workflows, and CI workflows, + and opens a PR. INVOKES: GitHub MCP tools, gh CLI, git CLI, go build, ask_user. @@ -12,7 +13,12 @@ description: >- upgrade gh to latest, bump gh cli, gh cli update, update gh tool version, upgrade bicep cli, update bicep cli, update bicep version, upgrade bicep to latest, bump bicep, bicep cli update, update bicep tool version, - upgrade tool version, update tool version. + upgrade tool version, update tool version, + upgrade github actions, update github actions, bump github actions, + audit github actions versions, update workflow actions, check actions versions, + upgrade actions/checkout, upgrade actions/setup-node, upgrade actions/setup-python, + upgrade actions/setup-go, upgrade actions/github-script, upgrade golangci-lint-action, + refresh workflow action versions, gh actions version bump. DO NOT USE FOR: code review (use code-review), changelog generation (use changelog-generation), deploying releases, publishing extensions to registry. @@ -26,14 +32,14 @@ INVOKES: GitHub MCP tools, `gh` CLI, `git` CLI, `go build`, `ask_user`. ## Supported Tools -| Parameter | GitHub CLI | Bicep CLI | -|-----------|-----------|-----------| -| Tool name | GitHub CLI | Bicep CLI | -| Tool slug | `gh-cli` | `bicep-cli` | -| Upstream repo | `cli/cli` | `Azure/bicep` | -| Go version file | `cli/azd/pkg/tools/github/github.go` | `cli/azd/pkg/tools/bicep/bicep.go` | -| Version variable | `var Version semver.Version = semver.MustParse("{version}")` | same | -| Files to update | 1 file (see below) | 2 files (see below) | +| Parameter | GitHub CLI | Bicep CLI | GitHub Actions (workflows) | +|-----------|-----------|-----------|----------------------------| +| Tool name | GitHub CLI | Bicep CLI | GitHub Actions | +| Tool slug | `gh-cli` | `bicep-cli` | `gh-actions` | +| Upstream repo | `cli/cli` | `Azure/bicep` | (per-action; e.g. `actions/checkout`, `actions/setup-node`, `golangci/golangci-lint-action`) | +| Go version file | `cli/azd/pkg/tools/github/github.go` | `cli/azd/pkg/tools/bicep/bicep.go` | n/a | +| Version variable | `var Version semver.Version = semver.MustParse("{version}")` | same | n/a — versions are pinned per `uses:` line in YAML | +| Files to update | 1 file (see below) | 2 files (see below) | every `.github/workflows/*.yml` containing an outdated `uses:` reference (see below) | ### GitHub CLI — Files to Update @@ -60,6 +66,29 @@ Only **one file**: > **⚠️ Important** (Bicep only): Both files must be updated together to keep Go code and CI workflow > in sync. Forgetting the workflow file is a common mistake — always verify both are changed. +### GitHub Actions (workflows) — Files to Update + +**N files** — every `.github/workflows/*.yml` containing an outdated `uses:` reference. Scope is +limited to that directory; do not edit local actions, reusable workflows in this repo, or +devcontainer feature definitions. + +For each `uses: owner/repo@ref` line, classify and act: + +| Bucket | Pattern | Action | +|--------|---------|--------| +| Major-tag pin | `uses: owner/repo@vN` (N is an integer) | Bump to latest stable major (`@vM`). | +| Exact-version pin | `uses: owner/repo@vX.Y.Z` or `@X.Y.Z` | Bump to latest stable major tag (`@vM`). | +| SHA pin | `uses: owner/repo@<40-hex-sha> # vN` | Resolve the SHA the latest major tag points to, replace **both** the SHA and the trailing `# vN` comment so they stay paired. **Never** demote a SHA pin to a bare tag. | +| Branch ref | `uses: owner/repo@main` (or any non-version ref) | **Skip**, list as warning. Branch refs are usually intentional. | +| Local action | `uses: ./...` | **Skip** silently. | +| Local reusable workflow | `uses: ./.github/workflows/...` | **Skip** silently. | + +> **⚠️ Important** (GitHub Actions only): one run produces **one tracking issue and one PR** +> covering every outdated reference, grouped by action. Do not open one PR per action. + +> **⚠️ Supply-chain hardening**: SHA-pinned references exist on purpose — typically for workflows +> that gate releases or extension approvals (e.g., `approval-ext-azure-ai-agents.yml`). + ## Workflow ### Step 1 — Identify Tool @@ -71,8 +100,9 @@ If the user's request doesn't specify which tool, ask via `ask_user`: Choices: - **GitHub CLI** - **Bicep CLI** +- **GitHub Actions (workflow files)** -Use the corresponding row from the **Supported Tools** table for all subsequent steps. +Use the corresponding column from the **Supported Tools** table for all subsequent steps. ### Step 2 — Fetch Latest Release @@ -321,6 +351,232 @@ Present a summary to the user: --- +## GitHub Actions (workflows) — Step Overrides + +When the selected tool is **GitHub Actions**, Steps 2, 3, 4, 6, 7, and 8 differ from the +single-tool flow above. Steps 1 (Identify Tool) and 5 (Final Confirmation Gate) work the +same way. The branch slug is `gh-actions-versions` (no version suffix, since this run +covers many actions at once). + +### Step 2 (override) — Inventory References + +Scan every workflow file: + +```bash +git grep -nE '^\s*uses:\s+[^ ]+' -- '.github/workflows/*.yml' +``` + +Parse each line into one of the buckets in **GitHub Actions (workflows) — Files to Update**. +Deduplicate by `(owner/repo, current_ref)` so each unique reference is fetched only once. + +### Step 3 (override) — Fetch Latest Stable Major per Action + +For each unique `owner/repo`: + +```bash +gh release view --repo {owner}/{repo} --json tagName,name,publishedAt,isPrerelease +``` + +Treat the leading integer of `tagName` as the latest **major** (e.g., `v6.0.1` → `v6`). +If the latest release is a pre-release (`isPrerelease: true`), fall back to: + +```bash +gh release list --repo {owner}/{repo} --limit 20 --json tagName,isPrerelease \ + | jq -r '[.[] | select(.isPrerelease==false)][0].tagName' +``` + +If the tag does not match `v[0-9]+(\.[0-9]+\.[0-9]+)?`, **skip** this action and add it +to the warnings list — do not guess. + +For SHA-pinned references, additionally resolve the commit SHA the major tag currently +points to: + +```bash +gh api repos/{owner}/{repo}/git/refs/tags/v{major} --jq '.object.sha' +``` + +If `.object.type == "tag"` (annotated tag), follow once: + +```bash +gh api repos/{owner}/{repo}/git/tags/{sha} --jq '.object.sha' +``` + +### Step 4 (override) — Compute Diff & Compare + +For each parsed reference, compute the desired new value per the buckets table. If +`new == current`, drop from the change list. + +If the change list is **empty** after this step, inform the user and **stop** — no +issue, branch, or PR needed: + +> ✅ All GitHub Actions references are already at the latest stable major. No updates needed. + +If any reference has a cross-major jump (e.g., `v4 → v6` skipping `v5`), record a +**breaking-change advisory** for the Step 5 confirmation prompt so the user can +spot-check release notes before approving. + +### Step 5 (Final Confirmation Gate — adapted) + +Use the standard gate, but the summary must show: + +- Outdated references grouped by action with `current → new` and the affected file count. +- Skipped entries (branch refs, unparseable tags, pre-release-only repos). +- Cross-major-jump advisories. +- The full list of files that will be modified. + +Example summary body: + +> **GitHub Actions upgrade — ready to apply** +> +> | Action | Current | New | Files | +> |---|---|---|---| +> | actions/checkout | v4 | v6 | 14 | +> | actions/setup-node | v4 | v6 | 7 | +> | actions/github-script | v7 (SHA-pinned) | v9 (SHA-pinned) | 1 | +> +> Skipped (branch refs): `actions/stale@main` in `stale-issues.yml` +> +> ⚠️ Cross-major jumps: `actions/checkout v4 → v6` (skips v5). + +### Step 6 (override) — Branch & Apply Edits + +Use the standard clean-branch flow but with a fixed slug: + +```bash +git fetch origin main +git branch -D update/gh-actions-versions 2>/dev/null || true +git checkout -b update/gh-actions-versions origin/main +git --no-pager log --oneline origin/main..HEAD # must be empty +``` + +Apply edits with these constraints: + +- Replace **only** on the parsed `uses:` lines. Never use a project-wide find-and-replace. +- For SHA-pinned references, replace **both** the SHA and the trailing `# vN` comment in + a single edit so they stay paired. +- Preserve indentation and surrounding YAML exactly. + +After all edits, sanity-check the diff for accidental SHA-pin demotion: + +```bash +git --no-pager diff -- '.github/workflows/*.yml' | grep -E '^[-+].*uses:' +``` + +If a `-uses: owner/repo@ # vN` line appears paired with a `+uses: owner/repo@vM` +**without** an SHA, **abort** and report. + +### Step 7 (override) — Validation & Staging + +There is no Go build for workflow-only edits. Validate YAML parses: + +```bash +for f in .github/workflows/*.yml; do + python -c "import sys, yaml; yaml.safe_load(open(sys.argv[1]))" "$f" +done +``` + +If any file fails to parse, **abort and revert** the edits to that file. If every +file fails, abort the whole run. + +If `actionlint` happens to be installed locally, run it as an extra check: + +```bash +actionlint .github/workflows/*.yml || true +``` + +Do NOT install `actionlint` automatically — the project's own lint workflows will +catch issues on the PR. + +Stage explicitly — never `git add -A`: + +```bash +git add .github/workflows/*.yml +git --no-pager diff --cached --stat +``` + +The diff stat must contain ONLY paths under `.github/workflows/`. If anything else +is staged, **abort**. + +### Step 8 (override) — Issue, Commit & PR + +**Issue title:** `Update GitHub Actions to latest stable versions` + +**Issue body:** + +```markdown +Audit and bump GitHub Actions referenced in `.github/workflows/*.yml` to the latest +stable major versions. + +### Upgrades + +{table_of_action_to_current_to_new_to_file_count} + +### Skipped + +{list_of_skipped_branch_refs_or_unparseable_tags} + +### Files modified + +{bullet_list_of_workflow_files} +``` + +**Commit & push:** + +```bash +git commit -m "Update GitHub Actions to latest stable versions" \ + -m "Fixes #{issue_number}" +git push -u origin update/gh-actions-versions +gh pr create \ + --repo Azure/azure-dev \ + --title "Update GitHub Actions to latest stable versions" \ + --body "{pr_body}" \ + --base main +``` + +**PR body:** + +```markdown +Bump all GitHub Actions referenced in workflow files to their latest stable major versions. + +Fixes #{issue_number} + +## Upgrades + +{table_of_action_to_current_to_new_to_file_count} + +## Notes + +- Major-tag pins (`@vN`) preserved. +- SHA pins (`@ # vN`) preserved as SHA pins, with both the SHA and the `# vN` + comment updated together to stay in sync. +- Branch refs (e.g., `@main`) intentionally skipped. +- Cross-major jumps (where applicable) called out below; release notes should be + reviewed before merge. + +{breaking_change_callouts_if_any} +``` + +### Post-Creation (GitHub Actions) + +> ✅ Done! +> - Issue: #{issue_number} — {issue_url} +> - PR: #{pr_number} — {pr_url} +> - Actions bumped: {count} +> - Files modified: {file_count} + +### Out of Scope (GitHub Actions) + +- Pinning previously unpinned actions to SHAs. (Use the existing convention: bare + major tags by default; SHAs only where the file already SHA-pins.) +- Bumping the Go toolchain inside `setup-go` `with: go-version:` — that's a separate + workflow (`validate-go-version`). +- Bumping Node / Python / Bicep tool *runtime* versions inside `setup-*` `with:` blocks. +- Updating actions used outside `.github/workflows/` (e.g., devcontainer features). + +If the user asks for any of the above, tell them this skill does not cover it. + +--- + ## Error Handling - `gh release view` fails → fall back to `gh api repos/{upstream_repo}/releases/latest` @@ -330,3 +586,13 @@ Present a summary to the user: - Version mismatch between `bicep.go` and `lint-bicep.yml` before upgrade → warn user, ask which to use as baseline - Unexpected files staged → abort, report what was found - Issue or PR creation fails → report error, provide manual commands +- **GitHub Actions only** — `gh release view` fails for an action → fall back to + `gh release list` and pick the newest non-prerelease; if still none, skip the action + and add it to warnings +- **GitHub Actions only** — YAML parse failure after edits → revert that file, drop + it from the change list, continue with the rest. If every file fails, abort the run. +- **GitHub Actions only** — a SHA pin demoted to a bare tag pin detected in the diff + → abort, report the file/line, do not commit +- **GitHub Actions only** — a major tag (e.g., `@v3`) no longer exists upstream because + the action was renamed/archived → skip and add to warnings; never silently rewrite to + a different `owner/repo` diff --git a/.github/workflows/approval-ext-azure-ai-agents.yml b/.github/workflows/approval-ext-azure-ai-agents.yml index 59974c97a35..77e4c4fe916 100644 --- a/.github/workflows/approval-ext-azure-ai-agents.yml +++ b/.github/workflows/approval-ext-azure-ai-agents.yml @@ -59,10 +59,10 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Check for required team approval - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@v9 with: script: | const script = require('./.github/scripts/approval-ext-azure-ai-agents.js'); diff --git a/.github/workflows/cli-ci.yml b/.github/workflows/cli-ci.yml index fcb9fcd038c..9b1544d04eb 100644 --- a/.github/workflows/cli-ci.yml +++ b/.github/workflows/cli-ci.yml @@ -26,8 +26,8 @@ jobs: cspell-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-node@v6 with: node-version: "20" - run: npm install -g cspell@8.13.1 @@ -38,7 +38,7 @@ jobs: Copyright-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Copyright check run: ./eng/scripts/copyright-check.sh ./cli/azd diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 68f100507d3..5639025bc5b 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: # Fetch full history for writing changelogs fetch-depth: 0 @@ -41,7 +41,7 @@ jobs: go-version-file: cli/azd/go.mod - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: "20" diff --git a/.github/workflows/cspell-ext.yml b/.github/workflows/cspell-ext.yml index d436f538c04..d4d3535326f 100644 --- a/.github/workflows/cspell-ext.yml +++ b/.github/workflows/cspell-ext.yml @@ -22,8 +22,8 @@ jobs: cspell-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-node@v6 with: node-version: "20" - run: npm install -g cspell@8.13.1 diff --git a/.github/workflows/cspell-misc.yml b/.github/workflows/cspell-misc.yml index ca97973a812..aa0d1df9cad 100644 --- a/.github/workflows/cspell-misc.yml +++ b/.github/workflows/cspell-misc.yml @@ -16,8 +16,8 @@ jobs: cspell-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-node@v6 with: node-version: "20" - run: npm install -g cspell@8.13.1 diff --git a/.github/workflows/devcontainer-feature-release.yml b/.github/workflows/devcontainer-feature-release.yml index bd030edee68..59a47764e5e 100644 --- a/.github/workflows/devcontainer-feature-release.yml +++ b/.github/workflows/devcontainer-feature-release.yml @@ -23,7 +23,7 @@ jobs: environment: name: deploy-devcontainer-feature steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: "Publish Features" uses: devcontainers/action@v1 diff --git a/.github/workflows/devcontainer-feature-test.yml b/.github/workflows/devcontainer-feature-test.yml index d3a3ba79743..e7d4cce9a8f 100644 --- a/.github/workflows/devcontainer-feature-test.yml +++ b/.github/workflows/devcontainer-feature-test.yml @@ -25,7 +25,7 @@ jobs: "mcr.microsoft.com/devcontainers/base:debian", ] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: "Install latest devcontainer CLI" run: npm install -g @devcontainers/cli @@ -37,7 +37,7 @@ jobs: test-scenarios: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: "Install latest devcontainer CLI" run: npm install -g @devcontainers/cli @@ -49,7 +49,7 @@ jobs: test-global: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: "Install latest devcontainer CLI" run: npm install -g @devcontainers/cli diff --git a/.github/workflows/devops-ext-ci.yml b/.github/workflows/devops-ext-ci.yml index dde85d2cce5..103df6a3e13 100644 --- a/.github/workflows/devops-ext-ci.yml +++ b/.github/workflows/devops-ext-ci.yml @@ -21,8 +21,8 @@ jobs: build-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-node@v6 with: node-version: "20" - name: Install dependencies diff --git a/.github/workflows/eval-unit.yml b/.github/workflows/eval-unit.yml index e76d13330db..a4231775ab8 100644 --- a/.github/workflows/eval-unit.yml +++ b/.github/workflows/eval-unit.yml @@ -16,13 +16,13 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@v6 with: go-version-file: "cli/azd/go.mod" - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version: "22" @@ -41,7 +41,7 @@ jobs: # Waza YAML validation is local-only (run `npm run waza:validate` locally). # waza CLI is not available in CI. - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.12" diff --git a/.github/workflows/ext-registry-ci.yml b/.github/workflows/ext-registry-ci.yml index ad26d9aaad2..3a3608af9a2 100644 --- a/.github/workflows/ext-registry-ci.yml +++ b/.github/workflows/ext-registry-ci.yml @@ -22,7 +22,7 @@ jobs: run: working-directory: cli/azd steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Go uses: actions/setup-go@v6 diff --git a/.github/workflows/lint-bicep.yml b/.github/workflows/lint-bicep.yml index ea530df58c9..d25e560afc0 100644 --- a/.github/workflows/lint-bicep.yml +++ b/.github/workflows/lint-bicep.yml @@ -13,7 +13,7 @@ jobs: bicep-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Upgrade bicep run: | which bicep diff --git a/.github/workflows/lint-go.yml b/.github/workflows/lint-go.yml index 77f0d101c38..801dfcfa593 100644 --- a/.github/workflows/lint-go.yml +++ b/.github/workflows/lint-go.yml @@ -29,12 +29,12 @@ jobs: matrix: os: [ubuntu-latest, windows-latest] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/setup-go@v6 with: go-version-file: ${{ inputs.go-version-file }} - name: golangci-lint - uses: golangci/golangci-lint-action@v8 + uses: golangci/golangci-lint-action@v9 with: version: ${{ inputs.golangci-lint-version }} args: -v --timeout 10m0s @@ -43,7 +43,7 @@ jobs: go-fix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/setup-go@v6 with: go-version-file: ${{ inputs.go-version-file }} diff --git a/.github/workflows/pr-governance.yml b/.github/workflows/pr-governance.yml index 502358b5879..4100c43573c 100644 --- a/.github/workflows/pr-governance.yml +++ b/.github/workflows/pr-governance.yml @@ -21,11 +21,11 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Check linked issue id: issue-check - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const script = require('./.github/scripts/pr-governance-issue-check.js'); @@ -33,7 +33,7 @@ jobs: - name: Check issue priority if: steps.issue-check.outputs.skipped != 'true' && steps.issue-check.outcome == 'success' - uses: actions/github-script@v7 + uses: actions/github-script@v9 env: PROJECT_TOKEN: ${{ secrets.PROJECT_READ_TOKEN }} ISSUE_NUMBERS: ${{ steps.issue-check.outputs.issue_numbers }} diff --git a/.github/workflows/schema-ci.yml b/.github/workflows/schema-ci.yml index e5f5365de86..687156dd976 100644 --- a/.github/workflows/schema-ci.yml +++ b/.github/workflows/schema-ci.yml @@ -13,8 +13,8 @@ jobs: schema-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-node@v6 with: node-version: "20" - run: npm install -g jsonlint @@ -22,7 +22,7 @@ jobs: run: jsonlint schemas/**/*.json -c # NOTE: Using jsonschema2md here to ensure the schemas are valid for documentation generation. # Since we use jsonschema2md for CI pipelines, any changes to the schemas should make sure to keep the tool happy. - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v6 with: python-version: '3.x' - run: pip install jsonschema2md==1.5.2 diff --git a/.github/workflows/validate-go-version.yml b/.github/workflows/validate-go-version.yml index 4a0888937f9..15d1b08eedd 100644 --- a/.github/workflows/validate-go-version.yml +++ b/.github/workflows/validate-go-version.yml @@ -17,7 +17,7 @@ jobs: check-go-version-consistency: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Validate Go version consistency run: | diff --git a/.github/workflows/vscode-ci.yml b/.github/workflows/vscode-ci.yml index 1db232155a5..e52fd336e8f 100644 --- a/.github/workflows/vscode-ci.yml +++ b/.github/workflows/vscode-ci.yml @@ -21,8 +21,8 @@ jobs: cspell-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-node@v6 with: node-version: "22" - run: npm install -g cspell@8.13.1 @@ -40,10 +40,10 @@ jobs: upload-artifact: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: ${{ matrix.node-version }} @@ -51,7 +51,7 @@ jobs: # `azure-dev-.vsix` - name: Set package additional arguments id: package-arguments - uses: actions/github-script@v5 + uses: actions/github-script@v9 with: result-encoding: string script: |