diff --git a/.github/workflows/auto_release.yml b/.github/workflows/auto_release.yml index 07d1d03..7b451e3 100644 --- a/.github/workflows/auto_release.yml +++ b/.github/workflows/auto_release.yml @@ -12,9 +12,11 @@ jobs: steps: - name: Lookup default branch name id: lookup_default_branch - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes result-encoding: string script: | const repo = await github.rest.repos.get({ @@ -28,9 +30,11 @@ jobs: - name: Lookup HEAD commit on default branch id: lookup_default_branch_head - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes result-encoding: string script: | const branch = await github.rest.repos.getBranch({ @@ -50,9 +54,11 @@ jobs: steps: - name: Check for 'no_release' label on PR id: check_for_norelease_label - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | const labels = await github.rest.issues.listLabelsOnIssue({ owner: context.payload.repository.owner.login, @@ -91,9 +97,11 @@ jobs: steps: - name: Get Open PRs id: get_open_pr_list - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes # find all open PRs that are targetting the default branch (i.e. main/master) # return their titles, so they can parsed later to determine if they are # Dependabot PRs and whether we should wait for them to be auto-merged before @@ -115,9 +123,11 @@ jobs: - name: Get 'pending_release' PRs id: get_release_pending_pr_list - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | const repoWithOwner = `${context.payload.repository.owner.login}/${context.payload.repository.name}`; const pulls = await github.rest.search.issuesAndPullRequests({ @@ -148,7 +158,7 @@ jobs: EOF echo "is_release_pending : ${{ steps.get_release_pending_pr_list.outputs.is_release_pending }}" - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 - name: Read pr-autoflow configuration id: get_pr_autoflow_config uses: endjin/pr-autoflow/actions/read-configuration@v4 @@ -157,8 +167,10 @@ jobs: - name: Check Human PR id: is_human_pr - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | return context.payload.pull_request.user.login != 'dependabot[bot]' && context.payload.pull_request.user.login != 'dependjinbot[bot]' @@ -173,8 +185,10 @@ jobs: - name: Set Ready for Release id: set_ready_for_release - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | return ( '${{ steps.is_human_pr.outputs.result }}' == 'true' || '${{ steps.watch_dependabot_prs.outputs.is_complete }}' == 'True') && '${{ steps.get_release_pending_pr_list.outputs.is_release_pending }}' == 'true' @@ -193,11 +207,11 @@ jobs: if: | needs.check_ready_to_release.outputs.ready_to_release == 'true' steps: - - uses: actions/setup-dotnet@v1 + - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 with: dotnet-version: '6.x' - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 with: # ensure we are creating the release tag on the default branch ref: ${{ needs.lookup_default_branch.outputs.branch_name }} @@ -214,15 +228,17 @@ jobs: - name: Generate token id: generate_token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58 # v1.9 with: app_id: ${{ secrets.ENDJIN_BOT_APP_ID }} private_key: ${{ secrets.ENDJIN_BOT_PRIVATE_KEY }} - name: Create SemVer tag - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ steps.generate_token.outputs.token }} + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | const uri_path = '/repos/' + context.payload.repository.owner.login + '/' + context.payload.repository.name + '/git/refs' const tag = await github.request(('POST ' + uri_path), { @@ -234,9 +250,11 @@ jobs: - name: Remove 'release_pending' label from PRs id: remove_pending_release_labels - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: '${{ steps.generate_token.outputs.token }}' + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | core.info('PRs to unlabel: ${{ needs.check_ready_to_release.outputs.pending_release_pr_list }}') const pr_list = JSON.parse('${{ needs.check_ready_to_release.outputs.pending_release_pr_list }}') diff --git a/.github/workflows/dependabot_approve_and_label.yml b/.github/workflows/dependabot_approve_and_label.yml index ae1838d..4bf96f3 100644 --- a/.github/workflows/dependabot_approve_and_label.yml +++ b/.github/workflows/dependabot_approve_and_label.yml @@ -23,7 +23,7 @@ jobs: is_auto_release_candidate: ${{ steps.parse_dependabot_pr_autorelease.outputs.is_interesting_package }} semver_increment: ${{ steps.parse_dependabot_pr_automerge.outputs.semver_increment }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 - name: Read pr-autoflow configuration id: get_pr_autoflow_config uses: endjin/pr-autoflow/actions/read-configuration@v4 @@ -79,9 +79,11 @@ jobs: if: | needs.evaluate_dependabot_pr.outputs.is_auto_merge_candidate == 'True' && (needs.evaluate_dependabot_pr.outputs.semver_increment == 'minor' || needs.evaluate_dependabot_pr.outputs.semver_increment == 'patch') - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: '${{ secrets.GITHUB_TOKEN }}' + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | await github.rest.pulls.update({ owner: context.payload.repository.owner.login, @@ -97,9 +99,11 @@ jobs: steps: - name: Check for 'no_release' label on PR id: check_for_norelease_label - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | const labels = await github.rest.issues.listLabelsOnIssue({ owner: context.payload.repository.owner.login, @@ -129,7 +133,7 @@ jobs: # the usual 'Action' secrets as this workflow is triggered by Dependabot. - name: Generate token id: generate_token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58 # v1.9 with: app_id: ${{ secrets.DEPENDJINBOT_APP_ID }} private_key: ${{ secrets.DEPENDJINBOT_PRIVATE_KEY }} @@ -150,9 +154,11 @@ jobs: (github.actor != 'dependabot[bot]' && github.actor != 'dependjinbot[bot]') || needs.evaluate_dependabot_pr.outputs.is_auto_release_candidate == 'True' ) - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: '${{ secrets.GITHUB_TOKEN }}' + retries: 6 # final retry should wait 64 seconds + retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes script: | await github.rest.issues.addLabels({ owner: context.payload.repository.owner.login,