From 984248903dcca9e64e340024642648b4010ff4f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 10:49:37 +0000 Subject: [PATCH 1/7] Bump actions/create-github-app-token from 2 to 3 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2 to 3. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dispatch-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dispatch-release.yaml b/.github/workflows/dispatch-release.yaml index ffc6407f..3e2fbca9 100644 --- a/.github/workflows/dispatch-release.yaml +++ b/.github/workflows/dispatch-release.yaml @@ -96,7 +96,7 @@ jobs: - name: 'Generate a token' id: generate_token - uses: 'actions/create-github-app-token@v2' + uses: 'actions/create-github-app-token@v3' with: app-id: ${{ secrets.ACTIONS_RELEASE_APP_ID }} private-key: ${{ secrets.ACTIONS_RELEASE_APP_PRIVATE_KEY }} From 86b341af729adde14467c4e40724a7c21c047e32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:23:09 +0000 Subject: [PATCH 2/7] Bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/universal_workflow_light.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/universal_workflow_light.yaml b/.github/workflows/universal_workflow_light.yaml index e75afd86..b896ca6b 100644 --- a/.github/workflows/universal_workflow_light.yaml +++ b/.github/workflows/universal_workflow_light.yaml @@ -622,7 +622,7 @@ jobs: - name: 'Upload configuration artifacts' if: always() - uses: 'actions/upload-artifact@v6' + uses: 'actions/upload-artifact@v7' with: name: '${{ steps.iltp.outputs.install_output_artifact_prefix }}-${{steps.itn.outputs.matrix_suffix}}' path: |- @@ -888,7 +888,7 @@ jobs: - name: 'Upload coverage report' if: ${{ always() && steps.rt.outputs.runscript_coverage_prefix != '' }} - uses: 'actions/upload-artifact@v6' + uses: 'actions/upload-artifact@v7' with: name: ${{ steps.rt.outputs.runscript_coverage_prefix}}-${{steps.rt.outputs.runscript_suffix }} path: source/${{ steps.rt.outputs.runscript_path }}/tests/Reports/* @@ -1092,7 +1092,7 @@ jobs: - name: 'Upload coverage report' if: ${{ always() && steps.rt.outputs.runslim_coverage_prefix != '' }} - uses: 'actions/upload-artifact@v6' + uses: 'actions/upload-artifact@v7' with: name: ${{ steps.rt.outputs.runslim_coverage_prefix}}-${{steps.rt.outputs.runslim_suffix }} path: source/${{ steps.rt.outputs.runslim_path }}/tests/Reports/* From d7083b3d7c4aa8d96537090a32abd30b0c6c671c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 10:23:36 +0000 Subject: [PATCH 3/7] Bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/universal_workflow_light.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/universal_workflow_light.yaml b/.github/workflows/universal_workflow_light.yaml index b896ca6b..3d677c78 100644 --- a/.github/workflows/universal_workflow_light.yaml +++ b/.github/workflows/universal_workflow_light.yaml @@ -1186,7 +1186,7 @@ jobs: env: DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} if: ${{ steps.sonarcloud_testplan.outputs.sonarcloud_docker_login == 'true' && env.DOCKER_HUB_USER != '' }} - uses: 'docker/login-action@v3' + uses: 'docker/login-action@v4' with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} From 2a9c92c7d21dd1c47c2b281bc27cf723ae64c137 Mon Sep 17 00:00:00 2001 From: DaveOps Date: Thu, 19 Mar 2026 08:42:09 +0100 Subject: [PATCH 4/7] OXDEV-10167 Update 3rd party action versions in reusable actions --- actionlint/action.yaml | 4 ++-- append_report/action.yaml | 2 +- begin_report/action.yaml | 2 +- build_docker/action.yaml | 10 +++++----- consolidate_artifacts/action.yaml | 6 +++--- generate_report/action.yaml | 2 +- load_cached_testplan/action.yaml | 2 +- prepare_shop/action.yaml | 2 +- run_test_script/action.yaml | 2 +- sonarcloud/action.yaml | 8 ++++---- start_shop/action.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/actionlint/action.yaml b/actionlint/action.yaml index ce8e8169..54e373f4 100644 --- a/actionlint/action.yaml +++ b/actionlint/action.yaml @@ -28,7 +28,7 @@ runs: steps: - name: 'Checkout' id: checkout - uses: 'actions/checkout@v4' + uses: 'actions/checkout@v6' - name: 'Generate custom config' id: generate_custom_config @@ -78,7 +78,7 @@ runs: - name: 'Upload artifact' if: always() - uses: 'actions/upload-artifact@v4' + uses: 'actions/upload-artifact@v7' with: name: '${{ inputs.output_artifact }}' include-hidden-files: true diff --git a/append_report/action.yaml b/append_report/action.yaml index e25fc0e4..4a7e469d 100644 --- a/append_report/action.yaml +++ b/append_report/action.yaml @@ -153,7 +153,7 @@ runs: - name: 'Upload Artifacts' if: always() - uses: 'actions/upload-artifact@v4' + uses: 'actions/upload-artifact@v7' with: name: '${{ steps.safe_title.outputs.title }}' path: | diff --git a/begin_report/action.yaml b/begin_report/action.yaml index f3d02585..fb444150 100644 --- a/begin_report/action.yaml +++ b/begin_report/action.yaml @@ -176,7 +176,7 @@ runs: - name: 'Upload Artifacts' if: always() - uses: 'actions/upload-artifact@v4' + uses: 'actions/upload-artifact@v7' with: name: 'testplan-${{inputs.prefix}}-000_header' path: | diff --git a/build_docker/action.yaml b/build_docker/action.yaml index 513c5a5c..fe44164d 100644 --- a/build_docker/action.yaml +++ b/build_docker/action.yaml @@ -37,23 +37,23 @@ runs: using: "composite" steps: - name: 'Checkout repository' - uses: 'actions/checkout@v4' + uses: 'actions/checkout@v6' - name: 'Set up QEMU' - uses: 'docker/setup-qemu-action@v3' + uses: 'docker/setup-qemu-action@v4' - name: 'Set up Docker Buildx' - uses: 'docker/setup-buildx-action@v3' + uses: 'docker/setup-buildx-action@v4' - name: 'Log into Docker Hub' if: ${{ github.event_name != 'pull_request' && inputs.dockerhub_username != '' }} - uses: 'docker/login-action@v3' + uses: 'docker/login-action@v4' with: username: ${{ inputs.dockerhub_username }} password: ${{ inputs.dockerhub_password }} - name: 'Build and push' - uses: 'docker/build-push-action@v5' + uses: 'docker/build-push-action@v7' with: context: ${{ inputs.image_name }} file: ${{ inputs.image_name }}/Dockerfile diff --git a/consolidate_artifacts/action.yaml b/consolidate_artifacts/action.yaml index e8d6af11..c2eee4b7 100644 --- a/consolidate_artifacts/action.yaml +++ b/consolidate_artifacts/action.yaml @@ -28,13 +28,13 @@ runs: - name: 'Download consolidated artifact' if: ${{ steps.check_consolidated.outputs.exists == 'true' }} - uses: 'actions/download-artifact@v4' + uses: 'actions/download-artifact@v8' with: name: '${{ inputs.target }}' path: ${{ inputs.path }} - name: 'Download artifacts' - uses: 'actions/download-artifact@v4' + uses: 'actions/download-artifact@v8' with: pattern: '${{ inputs.pattern }}' merge-multiple: true @@ -47,7 +47,7 @@ runs: name: '${{ inputs.target }}' - name: 'Upload consolidated artifact' - uses: 'actions/upload-artifact@v4' + uses: 'actions/upload-artifact@v7' with: name: '${{ inputs.target }}' path: ${{ inputs.path }} diff --git a/generate_report/action.yaml b/generate_report/action.yaml index 3156572a..7955ce26 100644 --- a/generate_report/action.yaml +++ b/generate_report/action.yaml @@ -219,7 +219,7 @@ runs: - name: 'Send custom JSON data to Slack workflow' if: ${{ inputs.slack_webhook != '' }} - uses: 'slackapi/slack-github-action@v1' + uses: 'slackapi/slack-github-action@v2' with: payload-file-path: 'slack.json' env: diff --git a/load_cached_testplan/action.yaml b/load_cached_testplan/action.yaml index 5d3bd9df..fa9054a8 100644 --- a/load_cached_testplan/action.yaml +++ b/load_cached_testplan/action.yaml @@ -92,7 +92,7 @@ runs: - name: 'Load cached testplan from GitHub' if: ${{ inputs.runs_on == '"ubuntu-latest"'}} id: load_testplan_cache_gh - uses: 'actions/cache/restore@v4' + uses: 'actions/cache/restore@v5' with: path: | ${{ inputs.plan_folder}}/* diff --git a/prepare_shop/action.yaml b/prepare_shop/action.yaml index 65ca1fda..f51e8d0c 100644 --- a/prepare_shop/action.yaml +++ b/prepare_shop/action.yaml @@ -283,7 +283,7 @@ runs: - name: 'Login to Docker Hub' if: ${{ inputs.docker_login == 'true' && inputs.docker_user != '' }} - uses: 'docker/login-action@v3' + uses: 'docker/login-action@v4' with: username: ${{ inputs.docker_user }} password: ${{ inputs.docker_token }} diff --git a/run_test_script/action.yaml b/run_test_script/action.yaml index 34c614e5..7b6f8fd7 100644 --- a/run_test_script/action.yaml +++ b/run_test_script/action.yaml @@ -164,7 +164,7 @@ runs: - name: 'Upload artifact' if: always() - uses: 'actions/upload-artifact@v4' + uses: 'actions/upload-artifact@v7' with: name: '${{ inputs.output_artifact }}' path: | diff --git a/sonarcloud/action.yaml b/sonarcloud/action.yaml index 361df1f6..fcf3d8c6 100644 --- a/sonarcloud/action.yaml +++ b/sonarcloud/action.yaml @@ -81,7 +81,7 @@ runs: using: "composite" steps: - name: 'Download artifacts' - uses: 'actions/download-artifact@v4' + uses: 'actions/download-artifact@v8' with: pattern: '${{ inputs.coverage_artifact }}' merge-multiple: true @@ -132,7 +132,7 @@ runs: fi - name: 'Upload consolidated artifact' - uses: 'actions/upload-artifact@v4' + uses: 'actions/upload-artifact@v7' with: name: '${{ inputs.output_artifact }}' path: 'coverage-reports' @@ -166,7 +166,7 @@ runs: cat >debug/debug.sh < Date: Thu, 19 Mar 2026 09:07:27 +0100 Subject: [PATCH 5/7] OXDEV-10167 Optimize Dependabot configuration --- .github/dependabot.yaml | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index b83d80df..c845499d 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -8,6 +8,34 @@ updates: # Maintain dependencies for GitHub Actions - package-ecosystem: "github-actions" - directory: "/" + directories: + - "/" + - "/actionlint" + - "/append_report" + - "/begin_report" + - "/build_docker" + - "/clean_cache" + - "/composer_merge" + - "/consolidate_artifacts" + - "/generate_report" + - "/load_cached_testplan" + - "/prepare_shop" + - "/run_custom_scripts" + - "/run_test_script" + - "/sonarcloud" + - "/start_shop" + - "/stop_shop" + - "/yamllint" schedule: - interval: "daily" + interval: "weekly" + day: "monday" + cooldown: + semver-major-days: 7 + groups: + major-updates: + applies-to: version-updates + patterns: + - "*" + update-types: + - "major" + group-by: dependency-name From 6143184550b924712bfa0b81c344d7e0fa92833e Mon Sep 17 00:00:00 2001 From: DaveOps Date: Thu, 19 Mar 2026 09:54:52 +0100 Subject: [PATCH 6/7] OXDEV-10167 Revert slackapi/slack-github-action to v1 --- .github/dependabot.yaml | 4 ++++ generate_report/action.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index c845499d..a1ad4568 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -39,3 +39,7 @@ updates: update-types: - "major" group-by: dependency-name + ignore: + # v2 is a full API rewrite with multiple breaking changes, not ready + - dependency-name: "slackapi/slack-github-action" + update-types: ["version-update:semver-major"] diff --git a/generate_report/action.yaml b/generate_report/action.yaml index 7955ce26..3156572a 100644 --- a/generate_report/action.yaml +++ b/generate_report/action.yaml @@ -219,7 +219,7 @@ runs: - name: 'Send custom JSON data to Slack workflow' if: ${{ inputs.slack_webhook != '' }} - uses: 'slackapi/slack-github-action@v2' + uses: 'slackapi/slack-github-action@v1' with: payload-file-path: 'slack.json' env: From 05428d2e72d264abf38c9fd9b206b0c3ccaca1a2 Mon Sep 17 00:00:00 2001 From: DaveOps Date: Mon, 23 Mar 2026 09:15:40 +0100 Subject: [PATCH 7/7] OXDEV-10167 Update joernott/load_testplan to v2.0.0 --- .github/workflows/universal_workflow_light.yaml | 12 ++++++------ composer_merge/action.yaml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/universal_workflow_light.yaml b/.github/workflows/universal_workflow_light.yaml index 3d677c78..de7ba424 100644 --- a/.github/workflows/universal_workflow_light.yaml +++ b/.github/workflows/universal_workflow_light.yaml @@ -126,7 +126,7 @@ jobs: - name: 'Load Testplan' id: ltp - uses: 'joernott/load_testplan@v1' + uses: 'joernott/load_testplan@v2.0.0' with: files: '${{ steps.consolidate_plans.outputs.testplan }}' set_output: true @@ -295,7 +295,7 @@ jobs: - name: 'Load Testplan' id: iltp - uses: 'joernott/load_testplan@v1' + uses: 'joernott/load_testplan@v2.0.0' with: files: '${{steps.itn.outputs.testplan}}' set_output: true @@ -344,7 +344,7 @@ jobs: - name: 'Run composer for each module' shell: bash run: | - git clone --depth=1 --quiet --branch v1 https://github.com/joernott/load_testplan.git load_testplan + git clone --depth=1 --quiet --branch v2.0.0 https://github.com/joernott/load_testplan.git load_testplan LOAD_TESTPLAN=$(find ./load_testplan -iname 'main-linux-amd64-*') chmod a+x "${LOAD_TESTPLAN}" PREFIXES=$(echo '${{steps.iltp.outputs.runscript_matrix_script}}'|tr ',' '\n'|tr -d '[]" '|sed -e 's|-|_|g' -e 's|:.*||'|sort|uniq) @@ -734,7 +734,7 @@ jobs: - name: 'Load Testplan' id: rsltp - uses: 'joernott/load_testplan@v1' + uses: 'joernott/load_testplan@v2.0.0' with: files: '${{steps.rstn.outputs.testplan}}' set_output: true @@ -949,7 +949,7 @@ jobs: - name: 'Load Testplan' id: rsltp - uses: 'joernott/load_testplan@v1' + uses: 'joernott/load_testplan@v2.0.0' with: files: '${{steps.rstn.outputs.testplan}}' set_output: true @@ -1163,7 +1163,7 @@ jobs: - name: 'Load Testplan' id: sonarcloud_testplan if: ${{ env.SONAR_TOKEN != '' }} - uses: 'joernott/load_testplan@v1' + uses: 'joernott/load_testplan@v2.0.0' with: files: '${{steps.sonarcloud_testplan_name.outputs.testplan}}' set_output: true diff --git a/composer_merge/action.yaml b/composer_merge/action.yaml index 7aa6ab04..36752d12 100644 --- a/composer_merge/action.yaml +++ b/composer_merge/action.yaml @@ -82,7 +82,7 @@ runs: cat .composer_merge.tmp.json - name: 'Merge files' - uses: 'joernott/load_testplan@v1' + uses: 'joernott/load_testplan@v2.0.0' with: files: '${{ inputs.file }},.composer_merge.tmp.json' input_type: 'json'