From 66c80949e8421e94e7d3672013fac1943e363f67 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Thu, 17 Oct 2024 10:04:19 +0100 Subject: [PATCH] Pin GHA runner versions (#4461) Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .github/workflows/backport.yml | 2 +- .github/workflows/docs-pr-netlify.yaml | 2 +- .github/workflows/notify-downstream.yaml | 2 +- .github/workflows/pull_request.yaml | 8 ++++---- .github/workflows/release-drafter-workflow.yml | 2 +- .github/workflows/release-gitflow.yml | 2 +- .github/workflows/release-make.yml | 6 +++--- .github/workflows/release-npm.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/sonarcloud.yml | 2 +- .github/workflows/static_analysis.yml | 10 +++++----- .github/workflows/tests.yml | 8 ++++---- .github/workflows/triage-incoming.yml | 2 +- 13 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index dd793898e..7252c27b5 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -10,7 +10,7 @@ on: jobs: backport: name: Backport - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 # Only react to merged PRs for security reasons. # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target. if: > diff --git a/.github/workflows/docs-pr-netlify.yaml b/.github/workflows/docs-pr-netlify.yaml index c61834676..94d2f7a83 100644 --- a/.github/workflows/docs-pr-netlify.yaml +++ b/.github/workflows/docs-pr-netlify.yaml @@ -9,7 +9,7 @@ on: jobs: netlify: if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: 📥 Download artifact uses: actions/download-artifact@v4 diff --git a/.github/workflows/notify-downstream.yaml b/.github/workflows/notify-downstream.yaml index 07c3a7297..8f5dc944b 100644 --- a/.github/workflows/notify-downstream.yaml +++ b/.github/workflows/notify-downstream.yaml @@ -15,7 +15,7 @@ jobs: - repo: element-hq/element-web event: element-web-notify - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Notify matrix-react-sdk repo that a new SDK build is on develop so it can CI against it uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 480a7fd2f..7976109ae 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -12,7 +12,7 @@ concurrency: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || gi jobs: changelog: name: Preview Changelog - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: mheap/github-action-required-labels@d25134c992b943fb6ad00c25ea00eb5988c0a9dd # v5 if: github.event_name != 'merge_group' @@ -29,7 +29,7 @@ jobs: prevent-blocked: name: Prevent Blocked - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: pull-requests: read steps: @@ -42,7 +42,7 @@ jobs: community-prs: name: Label Community PRs - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: github.event.action == 'opened' steps: - name: Check membership @@ -69,7 +69,7 @@ jobs: close-if-fork-develop: name: Forbid develop branch fork contributions - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: > github.event.action == 'opened' && github.event.pull_request.head.ref == 'develop' && diff --git a/.github/workflows/release-drafter-workflow.yml b/.github/workflows/release-drafter-workflow.yml index 052d84739..af4a431c7 100644 --- a/.github/workflows/release-drafter-workflow.yml +++ b/.github/workflows/release-drafter-workflow.yml @@ -10,7 +10,7 @@ on: concurrency: release-drafter-action jobs: draft: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: 🧮 Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/release-gitflow.yml b/.github/workflows/release-gitflow.yml index 05e16a6b2..a04f545f5 100644 --- a/.github/workflows/release-gitflow.yml +++ b/.github/workflows/release-gitflow.yml @@ -15,7 +15,7 @@ on: concurrency: ${{ github.workflow }} jobs: merge: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/release-make.yml b/.github/workflows/release-make.yml index 831055a00..387452316 100644 --- a/.github/workflows/release-make.yml +++ b/.github/workflows/release-make.yml @@ -41,7 +41,7 @@ on: jobs: release: name: Release - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 environment: Release steps: - name: Load GPG key @@ -276,7 +276,7 @@ jobs: post-release: name: Post release steps needs: release - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - id: repository run: echo "REPO=${GITHUB_REPOSITORY#*/}" >> $GITHUB_OUTPUT @@ -304,7 +304,7 @@ jobs: bump-downstreams: name: Update npm dependency in downstream projects needs: npm - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: inputs.downstreams strategy: matrix: diff --git a/.github/workflows/release-npm.yml b/.github/workflows/release-npm.yml index 905d9c2bc..cc1aeb1c5 100644 --- a/.github/workflows/release-npm.yml +++ b/.github/workflows/release-npm.yml @@ -11,7 +11,7 @@ on: jobs: npm: name: Publish to npm - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 outputs: id: ${{ steps.npm-publish.outputs.id }} steps: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7e2bf0002..de3e4810c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,7 +34,7 @@ jobs: name: Publish Documentation needs: release if: inputs.docs - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: 🧮 Checkout code uses: actions/checkout@v4 @@ -60,7 +60,7 @@ jobs: environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: docs # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages permissions: diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 7c4ee9368..534632a9f 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -14,7 +14,7 @@ on: description: "Whether to combine multiple LCOV and jest-sonar-report files in coverage artifact" jobs: sonarqube: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: | github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group' diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml index 128626620..a0afd0186 100644 --- a/.github/workflows/static_analysis.yml +++ b/.github/workflows/static_analysis.yml @@ -11,7 +11,7 @@ concurrency: jobs: ts_lint: name: "Typescript Syntax Check" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -38,7 +38,7 @@ jobs: js_lint: name: "ESLint" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -55,7 +55,7 @@ jobs: workflow_lint: name: "Workflow Lint" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -72,7 +72,7 @@ jobs: docs: name: "JSDoc Checker" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -97,7 +97,7 @@ jobs: analyse_dead_code: name: "Analyse Dead Code" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ddca69bd3..9dc700ef0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,7 +13,7 @@ env: jobs: jest: name: "Jest [${{ matrix.specs }}] (Node ${{ matrix.node == '*' && 'latest' || matrix.node }})" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 timeout-minutes: 10 strategy: matrix: @@ -68,7 +68,7 @@ jobs: name: Jest tests needs: jest if: always() - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - if: needs.jest.result != 'skipped' && needs.jest.result != 'success' run: exit 1 @@ -91,7 +91,7 @@ jobs: # we need this so the job is reported properly when run in a merge queue downstream-complement-crypto: name: Downstream Complement Crypto tests - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: always() needs: - complement-crypto @@ -103,7 +103,7 @@ jobs: # and skip sonarcloud coverage within merge queues downstream: name: Downstream tests - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: always() needs: - element-web diff --git a/.github/workflows/triage-incoming.yml b/.github/workflows/triage-incoming.yml index 2535fbfcb..c8c677a85 100644 --- a/.github/workflows/triage-incoming.yml +++ b/.github/workflows/triage-incoming.yml @@ -6,7 +6,7 @@ on: jobs: automate-project-columns-next: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/add-to-project@main with: