From 59b1aabb579d19ab370bcbe5fd6c80f886b009bc Mon Sep 17 00:00:00 2001 From: Paul Newling Date: Thu, 28 May 2026 09:04:28 -0700 Subject: [PATCH 1/2] fix: restore third-party action refs mangled by sed-scope bug MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit merge-beta.sh and fix-beta.sh perform a blanket sed flip of @v4 ↔ @v4-beta across action.yaml and .github/workflows/*.yaml. The intent is to keep self-references (milaboratory/github-ci/...) on the right ref for each branch. The sed pattern is too greedy: it also rewrites third-party action refs that happen to be pinned to @v4 — for example actions/checkout@v4 becomes actions/checkout@v4-beta, a tag that doesn't exist in the upstream repo. Symptom on v4-beta runs: Unable to resolve action `actions/checkout@v4-beta`, unable to find version `v4-beta` This blocks the `get run metadata` and `preflight (require-latest)` jobs in node-simple-pnpm.yaml and similar workflows, cascading skips into downstream jobs (`check for changesets`, `pre-build`, etc.). Caught while canary-testing PR #168 (changeset coverage check). This commit flips back, on v4-beta only, the 107 third-party refs that were incorrectly rewritten across 36 files. Affected action repos: actions/checkout (41 lines) aws-actions/configure-aws-credentials (24) actions/cache (13) actions/download-artifact (12) actions/upload-artifact (8, incl. one /merge subpath) actions/setup-java (3) actions/setup-node (2) pnpm/action-setup (1) azure/setup-kubectl (1) azure/setup-helm (1) milaboratory/github-ci/...@v4-beta self-refs are unchanged. Follow-up: the underlying sed scope in merge-beta.sh / fix-beta.sh should be tightened so this doesn't recur on the next promotion. Tracked separately. --- .github/workflows/0-automerge.yaml | 2 +- .github/workflows/0-build-docker.yaml | 6 +-- .github/workflows/0-merge-beta.yaml | 2 +- .github/workflows/0-scan-containers.yaml | 10 ++-- .github/workflows/0-test.yaml | 2 +- .github/workflows/block-mark-stable.yaml | 6 +-- .github/workflows/deploy-docs.yaml | 6 +-- .github/workflows/docker-github.yaml | 2 +- .github/workflows/java-gradle.yaml | 46 +++++++++---------- .../node-docker-simple-fast-pnpm.yaml | 6 +-- .github/workflows/node-go-simple.yaml | 8 ++-- .github/workflows/node-matrix-pnpm.yaml | 14 +++--- .github/workflows/node-matrix.yaml | 12 ++--- .github/workflows/node-simple-pnpm-k8s.yaml | 8 ++-- .github/workflows/node-simple-pnpm.yaml | 12 ++--- .github/workflows/node-simple.yaml | 6 +-- actions/artifact/create-empty/action.yaml | 4 +- actions/artifact/restore/action.yaml | 2 +- actions/artifact/save/action.yaml | 2 +- actions/aws/cloudfront/action.yaml | 2 +- actions/golang/cache/action.yaml | 6 +-- actions/matrix/read/action.yaml | 2 +- actions/node/cache-pnpm/action.yaml | 2 +- actions/node/cache/action.yaml | 6 +-- actions/node/prepare-pnpm/action.yaml | 4 +- actions/node/prepare/action.yaml | 2 +- actions/python/cache/action.yaml | 2 +- actions/rust/cache/action.yaml | 2 +- blocks/java/build/action.yaml | 6 +-- blocks/java/test/action.yaml | 4 +- blocks/node/build-and-publish/action.yaml | 4 +- blocks/release/registry-bin/action.yaml | 4 +- blocks/release/s3/action.yaml | 4 +- blocks/signing-tools/windows-sign/action.yaml | 2 +- blocks/update-cdn-link/action.yaml | 2 +- blocks/update-s3-latest/action.yaml | 4 +- 36 files changed, 107 insertions(+), 107 deletions(-) diff --git a/.github/workflows/0-automerge.yaml b/.github/workflows/0-automerge.yaml index 18ff8e48..a5d7256b 100644 --- a/.github/workflows/0-automerge.yaml +++ b/.github/workflows/0-automerge.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/0-build-docker.yaml b/.github/workflows/0-build-docker.yaml index cff7d8a9..49710758 100644 --- a/.github/workflows/0-build-docker.yaml +++ b/.github/workflows/0-build-docker.yaml @@ -21,7 +21,7 @@ jobs: IMAGE_NAME: 'hook' steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 - name: Log in to the Container registry uses: docker/login-action@v2 @@ -45,7 +45,7 @@ jobs: IMAGE_NAME: 'git-crypt' steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 - name: Log in to the Container registry uses: docker/login-action@v2 @@ -69,7 +69,7 @@ jobs: IMAGE_NAME: 'nginx-spa' steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 - name: Log in to the Container registry uses: docker/login-action@v2 diff --git a/.github/workflows/0-merge-beta.yaml b/.github/workflows/0-merge-beta.yaml index 14ff7204..8904b284 100644 --- a/.github/workflows/0-merge-beta.yaml +++ b/.github/workflows/0-merge-beta.yaml @@ -30,7 +30,7 @@ jobs: app-id: ${{ secrets.GH_ZEN_APP_ID }} private-key: ${{ secrets.GH_ZEN_APP_PRIVATE_KEY }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: ref: ${{ github.event.inputs.target_branch || 'v4' }} token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/0-scan-containers.yaml b/.github/workflows/0-scan-containers.yaml index 616f85dc..b3045936 100644 --- a/.github/workflows/0-scan-containers.yaml +++ b/.github/workflows/0-scan-containers.yaml @@ -43,7 +43,7 @@ jobs: repository: ${{ github.event.inputs.repository || 'milaboratories/pl-containers' }} concurrency: ${{ github.event.inputs.concurrency || 3 }} - - uses: actions/upload-artifact@v4-beta + - uses: actions/upload-artifact@v4 with: name: 00-scanning-plan path: ${{ steps.plan.outputs.plan-dir }} @@ -63,7 +63,7 @@ jobs: steps: - name: Download plan - uses: actions/download-artifact@v4-beta + uses: actions/download-artifact@v4 with: name: 00-scanning-plan path: "scan-chunks" @@ -87,13 +87,13 @@ jobs: if: always() steps: - name: Download skipped list - uses: actions/download-artifact@v4-beta + uses: actions/download-artifact@v4 with: name: skipped-images path: ./consolidated - name: Download all reports - uses: actions/download-artifact@v4-beta + uses: actions/download-artifact@v4 with: pattern: 'report-*' merge-multiple: true @@ -106,7 +106,7 @@ jobs: summarize-dir: ./consolidated - name: Upload consolidated report - uses: actions/upload-artifact@v4-beta + uses: actions/upload-artifact@v4 with: name: 00-consolidated-report path: ./consolidated diff --git a/.github/workflows/0-test.yaml b/.github/workflows/0-test.yaml index 21bd6046..1bc23225 100644 --- a/.github/workflows/0-test.yaml +++ b/.github/workflows/0-test.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/block-mark-stable.yaml b/.github/workflows/block-mark-stable.yaml index 643051f4..b4d14481 100644 --- a/.github/workflows/block-mark-stable.yaml +++ b/.github/workflows/block-mark-stable.yaml @@ -171,7 +171,7 @@ jobs: needs: init steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -204,11 +204,11 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} - - uses: aws-actions/configure-aws-credentials@v4-beta + - uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ env.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE }} aws-region: ${{ inputs.aws-region }} diff --git a/.github/workflows/deploy-docs.yaml b/.github/workflows/deploy-docs.yaml index d9546500..7184f4cb 100644 --- a/.github/workflows/deploy-docs.yaml +++ b/.github/workflows/deploy-docs.yaml @@ -189,7 +189,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -237,7 +237,7 @@ jobs: mkdocs build - id: artifact - uses: actions/upload-artifact@v4-beta + uses: actions/upload-artifact@v4 with: name: ${{ inputs.app-name-slug }} path: ${{ inputs.dist-archive-path }} @@ -282,7 +282,7 @@ jobs: - id: context uses: milaboratory/github-ci/actions/context@v4-beta - - uses: actions/download-artifact@v4-beta + - uses: actions/download-artifact@v4 with: name: ${{ inputs.app-name-slug }} path: ${{ inputs.app-name-slug }} diff --git a/.github/workflows/docker-github.yaml b/.github/workflows/docker-github.yaml index c646e05e..90076f2e 100644 --- a/.github/workflows/docker-github.yaml +++ b/.github/workflows/docker-github.yaml @@ -191,7 +191,7 @@ jobs: - init steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} diff --git a/.github/workflows/java-gradle.yaml b/.github/workflows/java-gradle.yaml index e68378c8..5058a90d 100644 --- a/.github/workflows/java-gradle.yaml +++ b/.github/workflows/java-gradle.yaml @@ -1058,7 +1058,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -1069,7 +1069,7 @@ jobs: gpg-key-password: ${{ secrets.GIT_CRYPT_KEY_PASSWORD }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.dist-archive-s3-iam-role-to-assume }} aws-region: ${{ inputs.dist-archive-s3-region }} @@ -1132,7 +1132,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -1184,7 +1184,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -1195,7 +1195,7 @@ jobs: gpg-key-password: ${{ secrets.GIT_CRYPT_KEY_PASSWORD }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.test-s3-iam-role-to-assume }} aws-region: ${{ inputs.test-s3-region }} @@ -1295,7 +1295,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -1306,7 +1306,7 @@ jobs: gpg-key-password: ${{ secrets.GIT_CRYPT_KEY_PASSWORD }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.test-s3-iam-role-to-assume }} aws-region: ${{ inputs.test-s3-region }} @@ -1409,7 +1409,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} fetch-depth: 0 @@ -1421,7 +1421,7 @@ jobs: gpg-key-password: ${{ secrets.GIT_CRYPT_KEY_PASSWORD }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.test-s3-iam-role-to-assume }} aws-region: ${{ inputs.test-s3-region }} @@ -1491,7 +1491,7 @@ jobs: echo "Wait random number of second before saving the artifact." sleep "${RAN_SEC}" - - uses: actions/upload-artifact@v4-beta + - uses: actions/upload-artifact@v4 if: steps.verify-changed-files.outputs.files_changed == 'true' with: name: test-regression-${{ matrix.test }} @@ -1524,7 +1524,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: fetch-depth: 0 @@ -1547,14 +1547,14 @@ jobs: - uses: milaboratory/github-ci/actions/artifact/create-empty@v4-beta - id: merged-artifact - uses: actions/upload-artifact/merge@v4-beta + uses: actions/upload-artifact/merge@v4 with: name: test-regression pattern: test-regression-* separate-directories: false delete-merged: true - - uses: actions/download-artifact@v4-beta + - uses: actions/download-artifact@v4 if: steps.merged-artifact.outputs.artifact-id != '' with: name: test-regression @@ -1694,7 +1694,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -1705,7 +1705,7 @@ jobs: gpg-key-password: ${{ secrets.GIT_CRYPT_KEY_PASSWORD }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.dist-archive-s3-iam-role-to-assume }} aws-region: ${{ inputs.dist-archive-s3-region }} @@ -1813,7 +1813,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -1824,7 +1824,7 @@ jobs: gpg-key-password: ${{ secrets.GIT_CRYPT_KEY_PASSWORD }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.dist-archive-s3-iam-role-to-assume }} aws-region: ${{ inputs.dist-archive-s3-region }} @@ -1914,7 +1914,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -1925,7 +1925,7 @@ jobs: gpg-key-password: ${{ secrets.GIT_CRYPT_KEY_PASSWORD }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.dist-library-s3-iam-role-to-assume }} aws-region: ${{ inputs.dist-library-s3-region }} @@ -2023,7 +2023,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -2217,7 +2217,7 @@ jobs: - id: context uses: milaboratory/github-ci/actions/context@v4-beta - - uses: actions/download-artifact@v4-beta + - uses: actions/download-artifact@v4 if: inputs.dist-archive with: name: ${{ inputs.product-name-slug }} @@ -2294,7 +2294,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -2305,7 +2305,7 @@ jobs: gpg-key-password: ${{ secrets.GIT_CRYPT_KEY_PASSWORD }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.release-s3-iam-role-to-assume }} aws-region: ${{ inputs.release-s3-region }} diff --git a/.github/workflows/node-docker-simple-fast-pnpm.yaml b/.github/workflows/node-docker-simple-fast-pnpm.yaml index f3fdc578..e6e9ee50 100644 --- a/.github/workflows/node-docker-simple-fast-pnpm.yaml +++ b/.github/workflows/node-docker-simple-fast-pnpm.yaml @@ -406,7 +406,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -415,7 +415,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -431,7 +431,7 @@ jobs: ghwa_set_output npm-pkg-version "${NPM_PKG_VERSION}" ghwa_set_output pnpm-pkg-version "${PNPM_PKG_VERSION}" - - uses: aws-actions/configure-aws-credentials@v4-beta + - uses: aws-actions/configure-aws-credentials@v4 if: inputs.aws-login-enable with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE || env.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE }} diff --git a/.github/workflows/node-go-simple.yaml b/.github/workflows/node-go-simple.yaml index 07b50176..3005dfda 100644 --- a/.github/workflows/node-go-simple.yaml +++ b/.github/workflows/node-go-simple.yaml @@ -353,7 +353,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -443,7 +443,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -589,7 +589,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -627,7 +627,7 @@ jobs: npmrc-config: ${{ inputs.npmrc-config }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 if: inputs.aws-login-enable && steps.npm-pkg-status.outputs.exist == '0' && steps.context.outputs.is-release == 'true' diff --git a/.github/workflows/node-matrix-pnpm.yaml b/.github/workflows/node-matrix-pnpm.yaml index ade8ee8c..f6b2b9da 100644 --- a/.github/workflows/node-matrix-pnpm.yaml +++ b/.github/workflows/node-matrix-pnpm.yaml @@ -479,7 +479,7 @@ jobs: needs: - init steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -513,7 +513,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} fetch-depth: '0' @@ -575,7 +575,7 @@ jobs: app-id: ${{ secrets.GH_ZEN_APP_ID }} private-key: ${{ secrets.GH_ZEN_APP_PRIVATE_KEY }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} token: ${{ steps.app-token.outputs.token }} @@ -590,7 +590,7 @@ jobs: sudo apt-get install -y build-essential gfortran libopenblas-dev liblapack-dev cmake pkg-config - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ env.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE }} role-duration-seconds: ${{ inputs.aws-login-duration }} @@ -655,7 +655,7 @@ jobs: options: ${{ inputs.ccache-options }} - name: Cache additional paths - uses: actions/cache@v4-beta + uses: actions/cache@v4 if: inputs.cache-paths != '' with: path: ${{ inputs.cache-paths }} @@ -793,7 +793,7 @@ jobs: app-id: ${{ secrets.GH_ZEN_APP_ID }} private-key: ${{ secrets.GH_ZEN_APP_PRIVATE_KEY }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} token: ${{ steps.app-token.outputs.token }} @@ -809,7 +809,7 @@ jobs: sudo apt-get install -y build-essential gfortran libopenblas-dev liblapack-dev cmake pkg-config - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ env.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE }} role-duration-seconds: ${{ inputs.aws-login-duration }} diff --git a/.github/workflows/node-matrix.yaml b/.github/workflows/node-matrix.yaml index 52b986de..a5b67f85 100644 --- a/.github/workflows/node-matrix.yaml +++ b/.github/workflows/node-matrix.yaml @@ -467,7 +467,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -494,7 +494,7 @@ jobs: options: ${{ inputs.ccache-options }} - name: Cache additional paths - uses: actions/cache@v4-beta + uses: actions/cache@v4 if: inputs.cache-paths != '' with: path: ${{ inputs.cache-paths }} @@ -552,7 +552,7 @@ jobs: access-token: ${{ steps.gcp-auth.outputs.access_token }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 if: inputs.aws-login-enable with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} @@ -656,7 +656,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -748,7 +748,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} @@ -784,7 +784,7 @@ jobs: pattern: build-artifacts-* - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 if: inputs.aws-login-enable with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} diff --git a/.github/workflows/node-simple-pnpm-k8s.yaml b/.github/workflows/node-simple-pnpm-k8s.yaml index 72400087..fb68598a 100644 --- a/.github/workflows/node-simple-pnpm-k8s.yaml +++ b/.github/workflows/node-simple-pnpm-k8s.yaml @@ -301,17 +301,17 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: azure/setup-kubectl@v4-beta + - uses: azure/setup-kubectl@v4 with: version: ${{ inputs.kubectl-version }} - - uses: azure/setup-helm@v4-beta + - uses: azure/setup-helm@v4 with: version: ${{ inputs.helm-version }} - uses: google-github-actions/setup-gcloud@v2 - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: submodules: ${{ inputs.checkout-submodules }} fetch-depth: "0" @@ -346,7 +346,7 @@ jobs: - name: Configure AWS credentials if: ${{ env.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE != '' }} - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ env.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE }} role-duration-seconds: ${{ inputs.aws-login-duration }} diff --git a/.github/workflows/node-simple-pnpm.yaml b/.github/workflows/node-simple-pnpm.yaml index 3a707d38..9eaaed22 100644 --- a/.github/workflows/node-simple-pnpm.yaml +++ b/.github/workflows/node-simple-pnpm.yaml @@ -451,7 +451,7 @@ jobs: needs: - init steps: - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: lfs: ${{ inputs.checkout-git-lfs }} submodules: ${{ inputs.checkout-submodules }} @@ -551,7 +551,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: lfs: ${{ inputs.checkout-git-lfs }} submodules: ${{ inputs.checkout-submodules }} @@ -634,14 +634,14 @@ jobs: app-id: ${{ secrets.GH_ZEN_APP_ID }} private-key: ${{ secrets.GH_ZEN_APP_PRIVATE_KEY }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: lfs: ${{ inputs.checkout-git-lfs }} submodules: ${{ inputs.checkout-submodules }} token: ${{ steps.app-token.outputs.token }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ env.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE }} role-duration-seconds: ${{ inputs.aws-login-duration }} @@ -761,7 +761,7 @@ jobs: app-id: ${{ secrets.GH_ZEN_APP_ID }} private-key: ${{ secrets.GH_ZEN_APP_PRIVATE_KEY }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: lfs: ${{ inputs.checkout-git-lfs }} submodules: ${{ inputs.checkout-submodules }} @@ -769,7 +769,7 @@ jobs: fetch-depth: '0' - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ env.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE }} role-duration-seconds: ${{ inputs.aws-login-duration }} diff --git a/.github/workflows/node-simple.yaml b/.github/workflows/node-simple.yaml index 39e19fac..56c903ba 100644 --- a/.github/workflows/node-simple.yaml +++ b/.github/workflows/node-simple.yaml @@ -363,7 +363,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: lfs: ${{ inputs.checkout-lfs }} submodules: ${{ inputs.checkout-submodules }} @@ -454,7 +454,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: lfs: ${{ inputs.checkout-lfs }} submodules: ${{ inputs.checkout-submodules }} @@ -616,7 +616,7 @@ jobs: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} - - uses: actions/checkout@v4-beta + - uses: actions/checkout@v4 with: lfs: ${{ inputs.checkout-lfs }} submodules: ${{ inputs.checkout-submodules }} diff --git a/actions/artifact/create-empty/action.yaml b/actions/artifact/create-empty/action.yaml index f22a40dc..543eb466 100644 --- a/actions/artifact/create-empty/action.yaml +++ b/actions/artifact/create-empty/action.yaml @@ -2,14 +2,14 @@ name: Create empty artifact for regression tests author: 'MiLaboratories' description: | Create empty artifact for regression tests because now - actions/upload-artifact/merge@v4-beta doesn't support option + actions/upload-artifact/merge@v4 doesn't support option if-no-files-found: ignore runs: using: "composite" steps: - - uses: actions/upload-artifact@v4-beta + - uses: actions/upload-artifact@v4 with: name: test-regression-empty path: ${{ github.action_path }}/init.txt diff --git a/actions/artifact/restore/action.yaml b/actions/artifact/restore/action.yaml index 518235be..fc463e1e 100644 --- a/actions/artifact/restore/action.yaml +++ b/actions/artifact/restore/action.yaml @@ -60,7 +60,7 @@ runs: archive_name="artifact-5b3513f5" echo "name=${archive_name}" >> "${GITHUB_OUTPUT}" - - uses: actions/download-artifact@v4-beta + - uses: actions/download-artifact@v4 with: name: ${{ inputs.name }} pattern: ${{ inputs.pattern }} diff --git a/actions/artifact/save/action.yaml b/actions/artifact/save/action.yaml index 2bd974ba..ab6c4639 100644 --- a/actions/artifact/save/action.yaml +++ b/actions/artifact/save/action.yaml @@ -128,7 +128,7 @@ runs: # - uses: fawazahmed0/action-debug-vscode@main # if: inputs.interactive-debug == 'true' - - uses: actions/upload-artifact@v4-beta + - uses: actions/upload-artifact@v4 with: name: ${{ inputs.name }} if-no-files-found: ${{ inputs.if-no-files-found }} diff --git a/actions/aws/cloudfront/action.yaml b/actions/aws/cloudfront/action.yaml index a3343d6d..366698ec 100644 --- a/actions/aws/cloudfront/action.yaml +++ b/actions/aws/cloudfront/action.yaml @@ -45,7 +45,7 @@ runs: using: "composite" steps: - - uses: aws-actions/configure-aws-credentials@v4-beta + - uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.aws-iam-role-to-assume }} aws-region: ${{ inputs.aws-region }} diff --git a/actions/golang/cache/action.yaml b/actions/golang/cache/action.yaml index 306f20c7..bf27d655 100644 --- a/actions/golang/cache/action.yaml +++ b/actions/golang/cache/action.yaml @@ -35,7 +35,7 @@ runs: steps: - name: Cache Golang modules on Linux if: runner.os == 'Linux' - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: save-always: ${{ inputs.cache-save-always }} path: | @@ -47,7 +47,7 @@ runs: - name: Cache Golang modules on macOS if: runner.os == 'macOS' - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: save-always: ${{ inputs.cache-save-always }} path: | @@ -59,7 +59,7 @@ runs: - name: Cache Golang modules on Windows if: runner.os == 'Windows' - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: save-always: ${{ inputs.cache-save-always }} path: | diff --git a/actions/matrix/read/action.yaml b/actions/matrix/read/action.yaml index 5ba1ca27..a432a957 100644 --- a/actions/matrix/read/action.yaml +++ b/actions/matrix/read/action.yaml @@ -17,7 +17,7 @@ runs: using: "composite" steps: - - uses: actions/download-artifact@v4-beta + - uses: actions/download-artifact@v4 - id: context shell: bash diff --git a/actions/node/cache-pnpm/action.yaml b/actions/node/cache-pnpm/action.yaml index e17fa5cf..915e31df 100644 --- a/actions/node/cache-pnpm/action.yaml +++ b/actions/node/cache-pnpm/action.yaml @@ -30,7 +30,7 @@ runs: run: echo "dir=$(pnpm store path)" >> ${GITHUB_OUTPUT} - name: Cache Node modules - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: path: | ${{ steps.pnpm-store-dir.outputs.dir }} diff --git a/actions/node/cache/action.yaml b/actions/node/cache/action.yaml index a7e8b5e6..ec447825 100644 --- a/actions/node/cache/action.yaml +++ b/actions/node/cache/action.yaml @@ -37,7 +37,7 @@ runs: steps: - name: Cache Electron libs - uses: actions/cache@v4-beta + uses: actions/cache@v4 if: inputs.is-electron-application == 'true' with: path: | @@ -50,7 +50,7 @@ runs: - name: Cache local 'node_modules' if: inputs.local-cache == 'on' && inputs.is-electron-application == 'true' - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: path: node_modules key: ${{ runner.os }}-${{ runner.arch }}-cache-${{ inputs.cache-version }}-node_modules-${{ hashFiles(inputs.hashfiles-search-path) }} @@ -63,7 +63,7 @@ runs: run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - name: Cache Node modules - uses: actions/cache@v4-beta + uses: actions/cache@v4 if: inputs.is-electron-application == 'false' with: path: ${{ steps.npm-cache-dir.outputs.dir }} diff --git a/actions/node/prepare-pnpm/action.yaml b/actions/node/prepare-pnpm/action.yaml index b2f3f8f5..2fa3b238 100644 --- a/actions/node/prepare-pnpm/action.yaml +++ b/actions/node/prepare-pnpm/action.yaml @@ -43,7 +43,7 @@ runs: steps: - name: Install NodeJS - ${{ inputs.node-version }} - uses: actions/setup-node@v4-beta + uses: actions/setup-node@v4 with: node-version: ${{ inputs.node-version }} @@ -55,7 +55,7 @@ runs: - name: Install pnpm - ${{ inputs.pnpm-version }} if: inputs.pnpm-version != '' - uses: pnpm/action-setup@v4-beta + uses: pnpm/action-setup@v4 with: version: ${{ inputs.pnpm-version }} diff --git a/actions/node/prepare/action.yaml b/actions/node/prepare/action.yaml index eaed2748..9993b809 100644 --- a/actions/node/prepare/action.yaml +++ b/actions/node/prepare/action.yaml @@ -82,7 +82,7 @@ runs: steps: - name: Install NodeJS - ${{ inputs.node-version }} - uses: actions/setup-node@v4-beta + uses: actions/setup-node@v4 with: node-version: ${{ inputs.node-version }} registry-url: ${{ inputs.registry-url }} diff --git a/actions/python/cache/action.yaml b/actions/python/cache/action.yaml index 88005baa..d99feca4 100644 --- a/actions/python/cache/action.yaml +++ b/actions/python/cache/action.yaml @@ -30,7 +30,7 @@ runs: run: echo "dir=$(pip cache dir)" >> ${GITHUB_OUTPUT} - name: Cache Python modules - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: path: ${{ steps.pip-cache.outputs.dir }} key: ${{ runner.os }}-${{ runner.arch }}-cache-pip-${{ inputs.version }}-${{ hashFiles(inputs.hashfiles-search-path) }} diff --git a/actions/rust/cache/action.yaml b/actions/rust/cache/action.yaml index a16e20ec..0933788c 100644 --- a/actions/rust/cache/action.yaml +++ b/actions/rust/cache/action.yaml @@ -25,7 +25,7 @@ runs: steps: - name: Cache Rust Cargo modules - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: path: | ~/.cargo/bin/ diff --git a/blocks/java/build/action.yaml b/blocks/java/build/action.yaml index 54f4c9b3..eedfa1fd 100644 --- a/blocks/java/build/action.yaml +++ b/blocks/java/build/action.yaml @@ -207,7 +207,7 @@ runs: - name: Prepare env for Java application build if: inputs.java-version != '' - uses: actions/setup-java@v4-beta + uses: actions/setup-java@v4 with: distribution: ${{ inputs.java-distribution }} java-version: ${{ inputs.java-version }} @@ -216,7 +216,7 @@ runs: if: inputs.data-cache-paths != '' && inputs.data-cache-key != '' - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: key: ${{ inputs.data-cache-key }} path: ${{ inputs.data-cache-paths }} @@ -280,7 +280,7 @@ runs: - name: Save build artifacts if: steps.artifact-paths.outputs.result != '' - uses: actions/upload-artifact@v4-beta + uses: actions/upload-artifact@v4 with: name: ${{ inputs.artifact-name }} path: ${{ steps.artifact-paths.outputs.result }} diff --git a/blocks/java/test/action.yaml b/blocks/java/test/action.yaml index 8a7e7a87..eb467a0f 100644 --- a/blocks/java/test/action.yaml +++ b/blocks/java/test/action.yaml @@ -236,7 +236,7 @@ runs: uses: milaboratory/github-ci/actions/context@v4-beta - name: Prepare env for Java application build - uses: actions/setup-java@v4-beta + uses: actions/setup-java@v4 with: distribution: ${{ inputs.java-distribution }} java-version: ${{ inputs.java-version }} @@ -291,7 +291,7 @@ runs: - name: Download cached test data if: inputs.test-data-cache-enabled == 'true' && inputs.test-data-cache-paths != '' && inputs.test-data-cache-key != '' - uses: actions/cache@v4-beta + uses: actions/cache@v4 with: path: ${{ inputs.test-data-cache-paths }} key: ${{ inputs.test-data-cache-key }} diff --git a/blocks/node/build-and-publish/action.yaml b/blocks/node/build-and-publish/action.yaml index 13774283..5fe69a1d 100644 --- a/blocks/node/build-and-publish/action.yaml +++ b/blocks/node/build-and-publish/action.yaml @@ -120,7 +120,7 @@ runs: steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.s3-iam-role-to-assume }} aws-region: ${{ inputs.s3-region }} @@ -154,7 +154,7 @@ runs: run: echo "${GITHUB_WORKSPACE}/${WORKING_DIRECTORY}/release-artifact" - name: Download artifact - uses: actions/download-artifact@v4-beta + uses: actions/download-artifact@v4 with: name: ${{ inputs.artifact-name }} path: ${{ steps.artifact-path.outputs.stdout }} diff --git a/blocks/release/registry-bin/action.yaml b/blocks/release/registry-bin/action.yaml index 13a5847b..f65b984a 100644 --- a/blocks/release/registry-bin/action.yaml +++ b/blocks/release/registry-bin/action.yaml @@ -115,7 +115,7 @@ runs: uses: milaboratory/github-ci/actions/context@v4-beta - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.s3-iam-role-to-assume }} aws-region: ${{ inputs.s3-region }} @@ -126,7 +126,7 @@ runs: run: echo './release-artifact' - name: Download artifact - uses: actions/download-artifact@v4-beta + uses: actions/download-artifact@v4 with: name: ${{ inputs.artifact-name }} path: ${{ steps.artifact-path.outputs.stdout }} diff --git a/blocks/release/s3/action.yaml b/blocks/release/s3/action.yaml index 0ea0bc3a..e7b504c7 100644 --- a/blocks/release/s3/action.yaml +++ b/blocks/release/s3/action.yaml @@ -194,7 +194,7 @@ runs: uses: milaboratory/github-ci/actions/context@v4-beta - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.s3-iam-role-to-assume }} aws-region: ${{ inputs.s3-region }} @@ -212,7 +212,7 @@ runs: fi - name: Download artifact - uses: actions/download-artifact@v4-beta + uses: actions/download-artifact@v4 with: name: ${{ inputs.artifact-name }} path: ${{ steps.artifact-path.outputs.stdout }} diff --git a/blocks/signing-tools/windows-sign/action.yaml b/blocks/signing-tools/windows-sign/action.yaml index ecb2f78a..9413100c 100644 --- a/blocks/signing-tools/windows-sign/action.yaml +++ b/blocks/signing-tools/windows-sign/action.yaml @@ -96,7 +96,7 @@ runs: - name: Install Java if: steps.binaries-list.outputs.has-matches == 'true' - uses: actions/setup-java@v4-beta + uses: actions/setup-java@v4 with: distribution: ${{ inputs.java-distribution }} java-version: ${{ inputs.java-version }} diff --git a/blocks/update-cdn-link/action.yaml b/blocks/update-cdn-link/action.yaml index 90624c0a..3cddd2c8 100644 --- a/blocks/update-cdn-link/action.yaml +++ b/blocks/update-cdn-link/action.yaml @@ -59,7 +59,7 @@ runs: steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.s3-iam-role-to-assume }} aws-region: ${{ inputs.s3-region }} diff --git a/blocks/update-s3-latest/action.yaml b/blocks/update-s3-latest/action.yaml index 7de22a82..a8b66547 100644 --- a/blocks/update-s3-latest/action.yaml +++ b/blocks/update-s3-latest/action.yaml @@ -146,7 +146,7 @@ runs: steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4-beta + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.s3-iam-role-to-assume }} aws-region: ${{ inputs.s3-region }} @@ -157,7 +157,7 @@ runs: run: echo './release-artifact' - name: Download artifact - uses: actions/download-artifact@v4-beta + uses: actions/download-artifact@v4 with: name: ${{ inputs.artifact-name }} path: ${{ steps.artifact-path.outputs.stdout }} From 9666dbad77605ff475649b5e927669bc7dd87633 Mon Sep 17 00:00:00 2001 From: Paul Newling Date: Thu, 28 May 2026 09:10:10 -0700 Subject: [PATCH 2/2] fix: anchor merge-beta.sh / fix-beta.sh sed to self-ref path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous sed in merge-beta.sh and fix-beta.sh treated @v4 / @v4-beta as bare version tags. In practice they are git refs on a specific repo (milaboratory/github-ci), so the substitution must only fire when the preceding path is `milaboratory/github-ci/...`. Without that anchor the sed rewrites third-party action pins too (actions/checkout@v4, aws-actions/configure-aws-credentials@v4, pnpm/action-setup@v4, etc.), producing references like actions/checkout@v4-beta that do not exist upstream. The previous commit cleaned up the resulting corruption on v4-beta; this commit prevents recurrence. Both scripts now wrap the version pattern with a captured prefix: \(milaboratory/github-ci[^[:space:]@]*\)@v4... The character class excludes @ so the greedy match stops at the @ sign, leaving the version token to be matched and replaced. fix-beta.sh keeps its two-pattern form (end-of-line + whitespace boundary) to avoid the @v4 → @v4-beta-beta prefix collision; that guarantee is preserved. Verified with a fixture covering self-refs, third-party refs, mixed content, and the prefix-collision case. Both directions are idempotent. Also flips six lingering milaboratory/github-ci/.../@v4 self-refs in .github/workflows/node-simple-pnpm.yaml back to @v4-beta. These were left behind by a previous manual fixup attempt (5baba62 revert) and are exactly what the new fix-beta.sh sed produces when run against the current tree. Out of scope: actions/*/test-*.yaml files referenced by `act`-based unit tests. Those deliberately pin @v4 and are outside the find globs in both scripts. --- .github/workflows/node-simple-pnpm.yaml | 12 ++++++------ fix-beta.sh | 18 +++++++++++++----- merge-beta.sh | 9 +++++++-- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/.github/workflows/node-simple-pnpm.yaml b/.github/workflows/node-simple-pnpm.yaml index 9eaaed22..4c99d6db 100644 --- a/.github/workflows/node-simple-pnpm.yaml +++ b/.github/workflows/node-simple-pnpm.yaml @@ -481,9 +481,9 @@ jobs: needs: - init steps: - - uses: milaboratory/github-ci/actions/context@v4 + - uses: milaboratory/github-ci/actions/context@v4-beta - - uses: milaboratory/github-ci/actions/env@v4 + - uses: milaboratory/github-ci/actions/env@v4-beta with: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} @@ -495,7 +495,7 @@ jobs: fetch-depth: '0' - name: Check infrastructure requirements for publication - uses: milaboratory/github-ci/actions/node/require-latest@v4 + uses: milaboratory/github-ci/actions/node/require-latest@v4-beta with: packages: | @platforma-sdk/block-tools @@ -511,9 +511,9 @@ jobs: needs: - init steps: - - uses: milaboratory/github-ci/actions/context@v4 + - uses: milaboratory/github-ci/actions/context@v4-beta - - uses: milaboratory/github-ci/actions/env@v4 + - uses: milaboratory/github-ci/actions/env@v4-beta with: inputs: ${{ inputs.env }} secrets: ${{ secrets.env }} @@ -930,7 +930,7 @@ jobs: test-results-reports: ${{ inputs.test-results-reports }} - name: Perform security scan checks before publication - uses: milaboratory/github-ci/actions/docker/scan-pnpm-repo@v4 + uses: milaboratory/github-ci/actions/docker/scan-pnpm-repo@v4-beta - name: Get GitHub App User ID if: steps.check-changes.outputs.has-changes == '1' diff --git a/fix-beta.sh b/fix-beta.sh index 5ea659bf..e5ee2323 100755 --- a/fix-beta.sh +++ b/fix-beta.sh @@ -19,9 +19,17 @@ # # Inverse of merge-beta.sh. # -# Sed safety: @v4 is a prefix of @v4-beta. Naive `s|@v4|@v4-beta|g` would -# produce @v4-beta-beta. Two scoped patterns are used instead: match @v4 at -# end-of-line, and @v4 followed by whitespace. +# Sed safety, two concerns: +# 1. Prefix collision. @v4 is a prefix of @v4-beta, so a naive +# `s|@v4|@v4-beta|g` would produce @v4-beta-beta. We match @v4 only at +# end-of-line or followed by whitespace. +# 2. Path scope. We must rewrite only milaboratory/github-ci self-refs. +# Third-party action pins (actions/checkout@v4, aws-actions/...@v4, +# pnpm/action-setup@v4, etc.) must stay at their upstream tags — those +# repos do not publish a v4-beta tag, and flipping them produced the +# "Unable to resolve action ...@v4-beta" failures fixed in this branch. +# Both patterns therefore anchor the substitution to a leading +# `milaboratory/github-ci...` path. set -o nounset set -o errexit @@ -63,13 +71,13 @@ git merge \ "origin/${SOURCE_BRANCH}" \ --strategy-option theirs -echo "Flipping @${SOURCE_BRANCH} -> @${TARGET_BRANCH} in action.yaml and workflows..." +echo "Flipping @${SOURCE_BRANCH} -> @${TARGET_BRANCH} in milaboratory/github-ci self-refs..." { find . -type f -name "action.yaml" find .github/workflows -type f -name "*.yaml" } | while read -r file; do - sed "s|@${SOURCE_BRANCH}\$|@${TARGET_BRANCH}|g; s|@${SOURCE_BRANCH}\([[:space:]]\)|@${TARGET_BRANCH}\1|g" "${file}" > "${file}.tmp" + sed "s|\(milaboratory/github-ci[^[:space:]@]*\)@${SOURCE_BRANCH}\$|\1@${TARGET_BRANCH}|g; s|\(milaboratory/github-ci[^[:space:]@]*\)@${SOURCE_BRANCH}\([[:space:]]\)|\1@${TARGET_BRANCH}\2|g" "${file}" > "${file}.tmp" mv "${file}.tmp" "${file}" done diff --git a/merge-beta.sh b/merge-beta.sh index 9890559b..8906807a 100755 --- a/merge-beta.sh +++ b/merge-beta.sh @@ -69,13 +69,18 @@ git merge \ "${SOURCE_BRANCH}" \ --strategy-option theirs -# Replace all v4-beta with v4 in all action.yaml and all workflows +# Replace @v4-beta -> @v4 in milaboratory/github-ci self-refs only. +# The substitution is anchored to the self-ref repo path so that third-party +# action pins (actions/checkout@v4-beta, aws-actions/...@v4-beta, etc.) are +# left alone. Without the anchor the sed would happily rewrite any token +# ending in @v4-beta, which corrupts third-party refs on v4-beta when the +# inverse sed (fix-beta.sh) flipped them from @v4 in the first place. { find . -type f -name "action.yaml" find .github/workflows -type f -name "*.yaml" } | while read -r file; do - sed "s/@${SOURCE_BRANCH}/@${TARGET_BRANCH}/g" "${file}" > "${file}.tmp" + sed "s|\(milaboratory/github-ci[^[:space:]@]*\)@${SOURCE_BRANCH}|\1@${TARGET_BRANCH}|g" "${file}" > "${file}.tmp" mv "${file}.tmp" "${file}" done