diff --git a/.github/workflows/homebrew.yml b/.github/workflows/homebrew.yml index 8b009a369e7..94592a268f2 100644 --- a/.github/workflows/homebrew.yml +++ b/.github/workflows/homebrew.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Set up Homebrew id: set-up-homebrew - uses: Homebrew/actions/setup-homebrew@266845213695c3047d210b2e8fbc42ecdaf45802 # master + uses: Homebrew/actions/setup-homebrew@6eaeff80e7e5c43087c0e5eb5aa82120399e9c91 # master with: test-bot: false @@ -39,7 +39,7 @@ jobs: run: brew tap homebrew/homebrew-cask --force - name: Configure Git user - uses: Homebrew/actions/git-user-config@266845213695c3047d210b2e8fbc42ecdaf45802 # master + uses: Homebrew/actions/git-user-config@6eaeff80e7e5c43087c0e5eb5aa82120399e9c91 # master with: username: 'insomnia-infra' @@ -49,17 +49,17 @@ jobs: # Update Homebrew's Inso(mnia) formulae # https://github.com/Homebrew/actions/tree/master/bump-formulae - name: Bump Inso (Beta) Formula - uses: Homebrew/actions/bump-packages@266845213695c3047d210b2e8fbc42ecdaf45802 # master + uses: Homebrew/actions/bump-packages@6eaeff80e7e5c43087c0e5eb5aa82120399e9c91 # master with: token: ${{ secrets.HOMEBREW_PR_GH_TOKEN }} casks: inso@beta - name: Bump Inso Formula - uses: Homebrew/actions/bump-packages@266845213695c3047d210b2e8fbc42ecdaf45802 # master + uses: Homebrew/actions/bump-packages@6eaeff80e7e5c43087c0e5eb5aa82120399e9c91 # master with: token: ${{ secrets.HOMEBREW_PR_GH_TOKEN }} casks: inso - name: Bump Insomnia Formula - uses: Homebrew/actions/bump-packages@266845213695c3047d210b2e8fbc42ecdaf45802 # master + uses: Homebrew/actions/bump-packages@6eaeff80e7e5c43087c0e5eb5aa82120399e9c91 # master with: token: ${{ secrets.HOMEBREW_PR_GH_TOKEN }} # Bump only these formulae if outdated diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 517333012e8..a657869cc51 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -128,7 +128,7 @@ jobs: # smctl will be used in the next step for signing - name: Setup Software Trust Manager if: runner.os == 'Windows' - uses: digicert/code-signing-software-trust-action@9b30180369343eb1ce0dcbebb933cfa3e17b6cc8 # v1.0.0 + uses: digicert/code-signing-software-trust-action@fae23a455ba4bde62b64fd7cb2f81ade788f5a95 # v1.2.1 with: simple-signing-mode: true env: @@ -168,7 +168,7 @@ jobs: # this installs smctl as well - name: Code-sign unpacked .exe (Windows only) if: runner.os == 'Windows' - uses: digicert/code-signing-software-trust-action@9b30180369343eb1ce0dcbebb933cfa3e17b6cc8 # v1.0.0 + uses: digicert/code-signing-software-trust-action@fae23a455ba4bde62b64fd7cb2f81ade788f5a95 # v1.2.1 with: simple-signing-mode: true # If the below 2 parameters are supplied, then smctl executable is invoked to attempt the signing. @@ -246,7 +246,7 @@ jobs: - name: Code-sign inso exe (Windows only) if: runner.os == 'Windows' - uses: digicert/code-signing-software-trust-action@9b30180369343eb1ce0dcbebb933cfa3e17b6cc8 # v1.0.0 + uses: digicert/code-signing-software-trust-action@fae23a455ba4bde62b64fd7cb2f81ade788f5a95 # v1.2.1 with: simple-signing-mode: true # If the below 2 parameters are supplied, then smctl executable is invoked to attempt the signing. @@ -277,30 +277,39 @@ jobs: - name: Notarize Inso CLI installer (macOS only) if: runner.os == 'macOS' - uses: lando/notarize-action@b5c3ef16cf2fbcf2af26dc58c90255ec242abeed # v2.0.2 - with: - product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg - primary-bundle-id: com.insomnia.inso - appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }} - appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }} - appstore-connect-team-id: FX44YY62GV - verbose: true + env: + APPLE_ID: ${{ secrets.DESIGNER_APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }} + run: | + xcrun notarytool submit \ + "./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg" \ + --apple-id "$APPLE_ID" \ + --password "$APPLE_ID_PASSWORD" \ + --team-id FX44YY62GV \ + --verbose \ + --wait - name: Staple Inso CLI installer (macOS only) if: runner.os == 'macOS' - uses: BoundfoxStudios/action-xcode-staple@1e2200b448c6ed4dd44b963ff17d3e340fc6b064 # v1 - with: - product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg + run: | + xcrun stapler staple \ + "./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg" - name: Notarize Inso CLI binary (macOS only) if: runner.os == 'macOS' - uses: lando/notarize-action@b5c3ef16cf2fbcf2af26dc58c90255ec242abeed # v2.0.2 - with: - product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/binaries/inso - primary-bundle-id: com.insomnia.inso-binary - appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }} - appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }} - appstore-connect-team-id: FX44YY62GV + env: + APPLE_ID: ${{ secrets.DESIGNER_APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }} + # notarytool requires the binary to be packaged in a zip, dmg, or pkg. + run: | + BIN_PATH="./packages/${{ env.INSO_PACKAGE_NAME }}/binaries/inso" + ZIP_PATH="$(mktemp -d)/inso.zip" + ditto -c -k --keepParent "$BIN_PATH" "$ZIP_PATH" + xcrun notarytool submit "$ZIP_PATH" \ + --apple-id "$APPLE_ID" \ + --password "$APPLE_ID_PASSWORD" \ + --team-id FX44YY62GV \ + --wait - name: Create Inso zip/tar/gz artifacts run: npm run artifacts -w insomnia-inso @@ -375,9 +384,10 @@ jobs: BRANCH: ${{ github.ref_name }} - name: update-pull-request - uses: kt3k/update-pr-description@fef8b17c6648e0daa550d2ed6b5cf140d282574e # v2.0.0 - with: - pr_body: | + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO: ${{ github.repository }} + PR_BODY: | # WARNING: Do not merge this PR. Use the "Publish" workflow. ## Publish workflow: @@ -423,5 +433,10 @@ jobs: git push ``` - destination_branch: develop - github_token: ${{ secrets.GITHUB_TOKEN }} + run: | + PR_NUMBER=$(gh pr list --repo "$REPO" --base develop --head "$GITHUB_REF_NAME" --state open --json number -q '.[0].number') + if [ -z "$PR_NUMBER" ]; then + echo "No open PR found from $GITHUB_REF_NAME into develop; skipping body update." + exit 0 + fi + gh pr edit "$PR_NUMBER" --repo "$REPO" --body "$PR_BODY" diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index 36885fa20c3..b2f6d8ce554 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -115,7 +115,7 @@ jobs: path: ${{ env.ELECTRON_ARTIFACT_BASE64_FILE }} - name: Create Tag and Release - uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1 + uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0 id: core_tag_and_release with: tag: ${{ env.RELEASE_CORE_TAG }} @@ -128,7 +128,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload artifacts to release - uses: xresloader/upload-to-github-release@d29300fdff9f0fcd7c3eb960c490b2a6640fbf50 # v1 + uses: xresloader/upload-to-github-release@7c5757a90c0bcf0c0e1741da8f2abd7b85e675d0 # v1.6.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -165,7 +165,7 @@ jobs: - name: Docker meta for Inso CLI Docker Image id: inso_docker_meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ${{ env.INSO_DOCKER_IMAGE }} tags: | @@ -247,13 +247,15 @@ jobs: - name: Upload x64 Linux snap to snapcraft (beta and stable only) if: ${{ !contains(github.event.inputs.version, 'alpha') }} - uses: canonical/action-publish@214b86e5ca036ead1668c79afb81e550e6c54d40 # v1 env: SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN_FILE_NEW }} - with: - # TODO-ARM64: Replace to *-amd64.snap when we have ARM64 build from insomnia-ee - snap: artifacts/Linux-X64-artifacts/insomnia/dist/Insomnia.Core-${{ env.RELEASE_VERSION }}.snap - release: ${{ contains(github.event.inputs.version, 'beta') && 'beta' || 'stable' }} + SNAP_CHANNEL: ${{ contains(github.event.inputs.version, 'beta') && 'beta' || 'stable' }} + # TODO-ARM64: Replace to *-amd64.snap when we have ARM64 build from insomnia-ee + run: | + sudo snap install snapcraft --classic + snapcraft upload \ + --release="$SNAP_CHANNEL" \ + "artifacts/Linux-X64-artifacts/insomnia/dist/Insomnia.Core-${{ env.RELEASE_VERSION }}.snap" # TODO: also release for aarch64 Linux? - name: Upload .deb to pulp and/or cloudsmith (stable only) diff --git a/.github/workflows/release-start.yml b/.github/workflows/release-start.yml index 7e4889c7be2..6642069df56 100644 --- a/.github/workflows/release-start.yml +++ b/.github/workflows/release-start.yml @@ -81,7 +81,7 @@ jobs: echo "RELEASE_BRANCH=release/$MAJOR_MINOR" >> $GITHUB_ENV - name: Create Branch # Create a branch if it doesn't exist - uses: peterjgrainger/action-create-branch@c2800a3a9edbba2218da6861fa46496cf8f3195a # v2.2.0 + uses: peterjgrainger/action-create-branch@4b81ce657e255acd677cc6c55c9c763654be3aef # v4.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -95,7 +95,7 @@ jobs: - name: Configure Git user id: configure_git_user - uses: Homebrew/actions/git-user-config@266845213695c3047d210b2e8fbc42ecdaf45802 # master + uses: Homebrew/actions/git-user-config@6eaeff80e7e5c43087c0e5eb5aa82120399e9c91 # master with: username: ${{ (github.event_name == 'workflow_dispatch' && github.actor) || 'insomnia-infra' }} diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml index 7087c9795e5..1994847da4d 100644 --- a/.github/workflows/update-changelog.yml +++ b/.github/workflows/update-changelog.yml @@ -30,7 +30,7 @@ jobs: release-notes: ${{ github.event.release.body }} - name: Commit updated CHANGELOG - uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5 + uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0 with: branch: ${{ github.event.release.target_commitish }} commit_message: Update CHANGELOG