launchdarkly · keelerm84 · Aug 13, 2024 · Aug 12, 2024 · Aug 12, 2024 · Aug 12, 2024
diff --git a/.github/actions/publish-docs/action.yml b/.github/actions/publish-docs/action.yml
@@ -12,7 +12,7 @@ runs:
       shell: bash
       run: echo "STACK_DIR=$(stack --no-terminal path --dist-dir)" >> $GITHUB_ENV
 
-    - uses: launchdarkly/gh-actions/actions/publish-pages@publish-pages-v1.0.1
+    - uses: launchdarkly/gh-actions/actions/publish-pages@publish-pages-v1.0.2
       name: 'Publish to Github pages'
       with:
         docs_path: ${{env.STACK_DIR}}/doc/html/launchdarkly-server-sdk/

diff --git a/.github/actions/setup-cache/action.yml b/.github/actions/setup-cache/action.yml
@@ -9,15 +9,15 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Cache ~/.stack
       with:
         path: ~/.stack
         key: ${{ runner.os }}-stack-global-${{ hashFiles('stack.yaml') }}-${{ hashFiles('package.yaml') }}
         restore-keys: |
           ${{ runner.os }}-stack-global-
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Cache .stack-work
       with:
         path: .stack-work
@@ -26,7 +26,7 @@ runs:
           ${{ runner.os }}-stack-work-
 
     - name: Cache ~/.cabal/packages, ~/.cabal/store and dist-newstyle
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: |
           ~/.cabal/packages

diff --git a/.github/actions/update-cabal/action.yml b/.github/actions/update-cabal/action.yml
@@ -17,7 +17,7 @@ runs:
         ghc-version: ${{ inputs.ghc-version }}
 
     - name: Cache ~/.cabal/packages, ~/.cabal/store and dist-newstyle
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: |
           ~/.cabal/packages

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ jobs:
             ghc-version: 8.10.7
           - resolver: lts-19.33
             ghc-version: 9.0.2
-          - resolver: lts-20.11
+          - resolver: lts-20.26
             ghc-version: 9.2.5
 
     steps:
@@ -48,23 +48,29 @@ jobs:
         include:
           - resolver: lts-18.28
             ghc-version: 8.10.7
+            use-llvm: 'true'
           - resolver: lts-19.33
             ghc-version: 9.0.2
-          - resolver: lts-20.11
+            use-llvm: 'true'
+          - resolver: lts-20.26
             ghc-version: 9.2.5
+            use-llvm: 'false'
 
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # If you only need the current version keep this.
 
-      - name: Install os dependencies
-        run: brew install pcre llvm@13
-
-      - name: Setup compilation environment
+      - name: Setup C_INCLUDE_PATH
         run: |
+          brew install pcre
           echo "C_INCLUDE_PATH=$(find /opt/homebrew/Cellar/pcre -name 'pcre.h' -exec dirname {} \;):$(xcrun --show-sdk-path)/usr/include/ffi" >> $GITHUB_ENV
-          echo "PATH=/opt/homebrew/opt/llvm@13/bin:$PATH" >> $GITHUB_ENV
+
+      - name: Add LLVM to path
+        if: ${{ matrix.use-llvm == 'true' }}
+        run: |
+          brew install llvm@14
+          echo "PATH=/opt/homebrew/opt/llvm@14/bin:$PATH" >> $GITHUB_ENV
 
       - uses: ./.github/actions/setup-cache
         with:
@@ -102,7 +108,7 @@ jobs:
         with:
           fail-on: warning
 
-      - uses: haskell-actions/run-fourmolu@v9
+      - uses: haskell-actions/run-fourmolu@v10
         with:
           version: "0.10.1.0"
           pattern: |

diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml
@@ -28,7 +28,7 @@ jobs:
         with:
           token: ${{secrets.GITHUB_TOKEN}}
 
-      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.0.0
+      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get Hackage token'
         with:
           aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
@@ -46,7 +46,7 @@ jobs:
       actions: read
       id-token: write
       contents: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: "${{ needs.build-publish.outputs.package-hashes }}"
       upload-assets: ${{ !inputs.dry_run }}
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -19,12 +19,8 @@ jobs:
       package-hashes: ${{ steps.ci.outputs.package-hashes }}
 
     steps:
-      - uses: google-github-actions/release-please-action@v3
+      - uses: googleapis/release-please-action@v4
         id: release
-        with:
-          command: manifest
-          token: ${{secrets.GITHUB_TOKEN}}
-          default-branch: main
 
       - uses: actions/checkout@v4
         with:
@@ -41,46 +37,46 @@ jobs:
       #
       # These remaining steps are ONLY run if a release was actually created
       #
-      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.0.0
+      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get Hackage token'
-        if: ${{ steps.release.outputs.releases_created }}
+        if: ${{ steps.release.outputs.releases_created == 'true' }}
         with:
           aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
           ssm_parameter_pairs: '/production/common/releasing/hackage/password = HACKAGE_TOKEN'
 
       - uses: ./.github/actions/setup-cache
-        if: ${{ steps.release.outputs.releases_created }}
+        if: ${{ steps.release.outputs.releases_created == 'true' }}
 
       - uses: ./.github/actions/ci
         id: ci
-        if: ${{ steps.release.outputs.releases_created }}
+        if: ${{ steps.release.outputs.releases_created == 'true' }}
         with:
           token: ${{secrets.GITHUB_TOKEN}}
 
       - uses: ./.github/actions/build-docs
-        if: ${{ steps.release.outputs.releases_created }}
+        if: ${{ steps.release.outputs.releases_created == 'true' }}
 
       - uses: ./.github/actions/publish
-        if: ${{ steps.release.outputs.releases_created }}
+        if: ${{ steps.release.outputs.releases_created == 'true' }}
         with:
           token: ${{ env.HACKAGE_TOKEN }}
           dry_run: 'false'
 
       - uses: ./.github/actions/publish-docs
-        if: ${{ steps.release.outputs.releases_created }}
+        if: ${{ steps.release.outputs.releases_created == 'true' }}
         with:
           # If publishing somewhere else, then get the token from SSM. If you need both github,
           # and another token, then add more tokens to the composite action.
           token: ${{secrets.GITHUB_TOKEN}}
 
   release-provenance:
     needs: [ 'release-package' ]
-    if: ${{ needs.release-package.outputs.release-created }}
+    if: ${{ needs.release-package.outputs.release-created == 'true' }}
     permissions:
       actions: read
       id-token: write
       contents: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: "${{ needs.release-package.outputs.package-hashes }}"
       upload-assets: true