diff --git a/.github/actions/setup-base/action.yml b/.github/actions/setup-base/action.yml index 7b97e1753..7e57f6a31 100644 --- a/.github/actions/setup-base/action.yml +++ b/.github/actions/setup-base/action.yml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: "recursive" ref: ${{github.event.pull_request.head.ref}} @@ -30,12 +30,12 @@ runs: sudo apt-get install -y libyaml-cpp-dev - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.x - name: Cache python libs - uses: actions/cache@v3 + uses: actions/cache@v4 id: cache-pip # needed in if test with: path: ~/.cache/pip diff --git a/.github/workflows/build_esp32.yml b/.github/workflows/build_esp32.yml index 31f0dd5a0..4cbb4c7a4 100644 --- a/.github/workflows/build_esp32.yml +++ b/.github/workflows/build_esp32.yml @@ -11,13 +11,13 @@ jobs: build-esp32: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build base id: base uses: ./.github/actions/setup-base - name: Pull web ui - uses: dsaltares/fetch-gh-release-asset@a40c8b4a0471f9ab81bdf73a010f74cc51476ad4 + uses: dsaltares/fetch-gh-release-asset@master with: repo: meshtastic/web file: build.tar @@ -41,7 +41,7 @@ jobs: run: bin/build-esp32.sh ${{ inputs.board }} - name: Pull OTA Firmware - uses: dsaltares/fetch-gh-release-asset@a40c8b4a0471f9ab81bdf73a010f74cc51476ad4 + uses: dsaltares/fetch-gh-release-asset@master with: repo: meshtastic/firmware-ota file: firmware.bin @@ -54,9 +54,10 @@ jobs: id: version - name: Store binaries as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: firmware-${{ inputs.board }}-${{ steps.version.outputs.version }}.zip + overwrite: true path: | release/*.bin release/*.elf diff --git a/.github/workflows/build_esp32_c3.yml b/.github/workflows/build_esp32_c3.yml index a30cf33f1..07727d711 100644 --- a/.github/workflows/build_esp32_c3.yml +++ b/.github/workflows/build_esp32_c3.yml @@ -13,13 +13,13 @@ jobs: build-esp32-c3: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build base id: base uses: ./.github/actions/setup-base - name: Pull web ui - uses: dsaltares/fetch-gh-release-asset@a40c8b4a0471f9ab81bdf73a010f74cc51476ad4 + uses: dsaltares/fetch-gh-release-asset@master with: repo: meshtastic/web file: build.tar @@ -41,7 +41,7 @@ jobs: run: bin/build-esp32.sh ${{ inputs.board }} - name: Pull OTA Firmware - uses: dsaltares/fetch-gh-release-asset@a40c8b4a0471f9ab81bdf73a010f74cc51476ad4 + uses: dsaltares/fetch-gh-release-asset@master with: repo: meshtastic/firmware-ota file: firmware-c3.bin @@ -54,9 +54,10 @@ jobs: id: version - name: Store binaries as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: firmware-${{ inputs.board }}-${{ steps.version.outputs.version }}.zip + overwrite: true path: | release/*.bin release/*.elf diff --git a/.github/workflows/build_esp32_s3.yml b/.github/workflows/build_esp32_s3.yml index f603a6a31..10773833e 100644 --- a/.github/workflows/build_esp32_s3.yml +++ b/.github/workflows/build_esp32_s3.yml @@ -11,13 +11,13 @@ jobs: build-esp32-s3: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build base id: base uses: ./.github/actions/setup-base - name: Pull web ui - uses: dsaltares/fetch-gh-release-asset@a40c8b4a0471f9ab81bdf73a010f74cc51476ad4 + uses: dsaltares/fetch-gh-release-asset@master with: repo: meshtastic/web file: build.tar @@ -39,7 +39,7 @@ jobs: run: bin/build-esp32.sh ${{ inputs.board }} - name: Pull OTA Firmware - uses: dsaltares/fetch-gh-release-asset@a40c8b4a0471f9ab81bdf73a010f74cc51476ad4 + uses: dsaltares/fetch-gh-release-asset@master with: repo: meshtastic/firmware-ota file: firmware-s3.bin @@ -52,9 +52,10 @@ jobs: id: version - name: Store binaries as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: firmware-${{ inputs.board }}-${{ steps.version.outputs.version }}.zip + overwrite: true path: | release/*.bin release/*.elf diff --git a/.github/workflows/build_nrf52.yml b/.github/workflows/build_nrf52.yml index 33ee4d00c..eb1779963 100644 --- a/.github/workflows/build_nrf52.yml +++ b/.github/workflows/build_nrf52.yml @@ -11,7 +11,7 @@ jobs: build-nrf52: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build base id: base uses: ./.github/actions/setup-base @@ -24,9 +24,10 @@ jobs: id: version - name: Store binaries as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: firmware-${{ inputs.board }}-${{ steps.version.outputs.version }}.zip + overwrite: true path: | release/*.uf2 release/*.elf diff --git a/.github/workflows/build_raspbian.yml b/.github/workflows/build_raspbian.yml index 7a25892bc..cef61bb21 100644 --- a/.github/workflows/build_raspbian.yml +++ b/.github/workflows/build_raspbian.yml @@ -11,7 +11,7 @@ jobs: runs-on: [self-hosted, linux, ARM64] steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive ref: ${{github.event.pull_request.head.ref}} @@ -37,9 +37,10 @@ jobs: id: version - name: Store binaries as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: firmware-raspbian-${{ steps.version.outputs.version }}.zip + overwrite: true path: | release/meshtasticd_linux_aarch64 bin/config-dist.yaml diff --git a/.github/workflows/build_rpi2040.yml b/.github/workflows/build_rpi2040.yml index 76ca2c20e..6e258fe2a 100644 --- a/.github/workflows/build_rpi2040.yml +++ b/.github/workflows/build_rpi2040.yml @@ -11,7 +11,7 @@ jobs: build-rpi2040: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build base id: base uses: ./.github/actions/setup-base @@ -24,9 +24,10 @@ jobs: id: version - name: Store binaries as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: firmware-${{ inputs.board }}-${{ steps.version.outputs.version }}.zip + overwrite: true path: | release/*.uf2 release/*.elf diff --git a/.github/workflows/main_matrix.yml b/.github/workflows/main_matrix.yml index 1d3d16c0c..095981087 100644 --- a/.github/workflows/main_matrix.yml +++ b/.github/workflows/main_matrix.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - id: checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 name: Checkout base - id: jsonStep run: | @@ -51,14 +51,14 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build base id: base uses: ./.github/actions/setup-base - name: Trunk Check if: ${{ github.event_name != 'workflow_dispatch' }} - uses: trunk-io/trunk-action@782e83f803ca6e369f035d64c6ba2768174ba61b + uses: trunk-io/trunk-action@v1 - name: Check ${{ matrix.board }} run: bin/check-all.sh ${{ matrix.board }} @@ -120,7 +120,7 @@ jobs: build-native: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build base id: base uses: ./.github/actions/setup-base @@ -143,16 +143,17 @@ jobs: id: version - name: Store binaries as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: firmware-native-${{ steps.version.outputs.version }}.zip + overwrite: true path: | release/device-*.sh release/device-*.bat - name: Docker login if: ${{ github.event_name != 'pull_request_target' && github.event_name != 'pull_request' }} - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: meshtastic password: ${{ secrets.DOCKER_TOKEN }} @@ -184,7 +185,7 @@ jobs: needs: [check] steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} @@ -207,14 +208,15 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: path: ./ + merge-multiple: true - name: Display structure of downloaded files run: ls -R @@ -223,16 +225,14 @@ jobs: run: echo "version=$(./bin/buildinfo.py long)" >> $GITHUB_OUTPUT id: version - - name: Move files up - run: mv -b -t ./ ./*tbeam-2*/littlefs*.bin ./*tbeam-2*/bleota.bin ./*tbeam-s3*/bleota-s3.bin ./*esp32c3*/bleota-c3.bin ./**/firmware*.bin ./*t-echo*/Meshtastic_nRF52_factory_erase_v2.uf2 ./**/firmware-*.uf2 ./**/firmware-*-ota.zip ./**/*.elf ./*native*/*device-*.sh ./*native*/*device-*.bat ./firmware-raspbian-*/release/meshtasticd_linux_aarch64 ./firmware-raspbian-*/bin/config-dist.yaml - - name: Repackage in single firmware zip - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: firmware-${{ steps.version.outputs.version }} + overwrite: true path: | - ./*.bin - ./*.uf2 + ./firmware-*.bin + ./firmware-*.uf2 ./firmware-*-ota.zip ./device-*.sh ./device-*.bat @@ -240,9 +240,10 @@ jobs: ./config-dist.yaml retention-days: 90 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: firmware-${{ steps.version.outputs.version }} + merge-multiple: true path: ./output # For diagnostics @@ -258,9 +259,10 @@ jobs: run: zip -j -9 -r ./firmware-${{ steps.version.outputs.version }}.zip ./output - name: Repackage in single elfs zip - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: debug-elfs-${{ steps.version.outputs.version }}.zip + overwrite: true path: ./*.elf retention-days: 30 @@ -282,10 +284,10 @@ jobs: needs: [gather-artifacts, after-checks] steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.x @@ -293,13 +295,15 @@ jobs: run: echo "version=$(./bin/buildinfo.py long)" >> $GITHUB_OUTPUT id: version - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: firmware-${{ steps.version.outputs.version }} + merge-multiple: true path: ./output - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: + merge-multiple: true name: artifact-deb - name: Display structure of downloaded files @@ -313,9 +317,10 @@ jobs: - name: Zip firmware run: zip -j -9 -r ./firmware-${{ steps.version.outputs.version }}.zip ./output - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: debug-elfs-${{ steps.version.outputs.version }}.zip + merge-multiple: true path: ./elfs - name: Zip Elfs diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index da59bc0fd..e249823a7 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Trunk Check uses: trunk-io/trunk-action@782e83f803ca6e369f035d64c6ba2768174ba61b diff --git a/.github/workflows/package_raspbian.yml b/.github/workflows/package_raspbian.yml index 81ff6ee25..367f90c56 100644 --- a/.github/workflows/package_raspbian.yml +++ b/.github/workflows/package_raspbian.yml @@ -17,14 +17,14 @@ jobs: needs: build-raspbian steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Pull web ui - uses: dsaltares/fetch-gh-release-asset@a40c8b4a0471f9ab81bdf73a010f74cc51476ad4 + uses: dsaltares/fetch-gh-release-asset@master with: repo: meshtastic/web file: build.tar @@ -36,9 +36,10 @@ jobs: id: version - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: firmware-raspbian-${{ steps.version.outputs.version }}.zip + merge-multiple: true - name: Display structure of downloaded files run: ls -R @@ -68,8 +69,9 @@ jobs: depends: libyaml-cpp0.7, openssl, libulfius2.7 desc: Native Linux Meshtastic binary. - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: artifact-deb + overwrite: true path: | ./*.deb diff --git a/.github/workflows/sec_sast_flawfinder.yml b/.github/workflows/sec_sast_flawfinder.yml index 2c7e751af..99cc72190 100644 --- a/.github/workflows/sec_sast_flawfinder.yml +++ b/.github/workflows/sec_sast_flawfinder.yml @@ -16,7 +16,7 @@ jobs: steps: # step 1 - name: clone application source code - uses: actions/checkout@v3 + uses: actions/checkout@v4 # step 2 - name: flawfinder_scan @@ -27,14 +27,15 @@ jobs: # step 3 - name: save report as pipeline artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: flawfinder_report.sarif + overwrite: true path: flawfinder_report.sarif # step 4 - name: publish code scanning alerts - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: flawfinder_report.sarif category: flawfinder diff --git a/.github/workflows/sec_sast_semgrep_cron.yml b/.github/workflows/sec_sast_semgrep_cron.yml index cdd2c3c37..2a0361f5e 100644 --- a/.github/workflows/sec_sast_semgrep_cron.yml +++ b/.github/workflows/sec_sast_semgrep_cron.yml @@ -17,7 +17,7 @@ jobs: steps: # step 1 - name: clone application source code - uses: actions/checkout@v3 + uses: actions/checkout@v4 # step 2 - name: full scan @@ -29,14 +29,15 @@ jobs: # step 3 - name: save report as pipeline artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: report.sarif + overwrite: true path: report.sarif # step 4 - name: publish code scanning alerts - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: report.sarif category: semgrep diff --git a/.github/workflows/sec_sast_semgrep_pull.yml b/.github/workflows/sec_sast_semgrep_pull.yml index 1697ffb1b..b6c288494 100644 --- a/.github/workflows/sec_sast_semgrep_pull.yml +++ b/.github/workflows/sec_sast_semgrep_pull.yml @@ -11,7 +11,7 @@ jobs: steps: # step 1 - name: clone application source code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/trunk-check.yml b/.github/workflows/trunk-check.yml index e35b91cb9..6ed905bc8 100644 --- a/.github/workflows/trunk-check.yml +++ b/.github/workflows/trunk-check.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Trunk Check uses: trunk-io/trunk-action@v1 diff --git a/.github/workflows/update_protobufs.yml b/.github/workflows/update_protobufs.yml index 30f9b3578..30a5993c2 100644 --- a/.github/workflows/update_protobufs.yml +++ b/.github/workflows/update_protobufs.yml @@ -7,7 +7,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true