From 35e4fe497eeef0cd0f84772e1e54a8d7c0286ae5 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sat, 25 May 2024 12:02:22 -0400
Subject: [PATCH] Update GitHub workflows from Master

Backport fixes from:
 - #5478
 - #5470
---
 .github/workflows/automation.yml     |  2 +-
 .github/workflows/build.yml          | 29 +-------------
 .github/workflows/codeql.yml         |  8 ++--
 .github/workflows/commands.yml       |  2 +-
 .github/workflows/pr-suggestions.yml |  4 +-
 .github/workflows/publish.yml        | 56 ++++++++++------------------
 .github/workflows/quality.yml        | 10 ++---
 .github/workflows/update-sdk.yml     |  2 +-
 8 files changed, 34 insertions(+), 79 deletions(-)

diff --git a/.github/workflows/automation.yml b/.github/workflows/automation.yml
index 4b6538ca1a..1351079823 100644
--- a/.github/workflows/automation.yml
+++ b/.github/workflows/automation.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.repository == 'jellyfin/jellyfin-web' }}
     steps:
-      - uses: eps1lon/actions-label-merge-conflict@e62d7a53ff8be8b97684bffb6cfbbf3fc1115e2e # v3.0.0
+      - uses: eps1lon/actions-label-merge-conflict@6d74047dcef155976a15e4a124dde2c7fe0c5522 # v3.0.1
         with:
           dirtyLabel: 'merge conflict'
           commentOnDirty: 'This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.'
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index abfdbeee9b..9d1e0cb567 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup node environment
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
@@ -46,30 +46,3 @@ jobs:
           name: jellyfin-web__prod
           path: |
             dist
-
-  pr_context:
-    name: Save PR context as artifact
-    if: ${{ always() && !cancelled() && github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-    needs:
-      - run-build-prod
-
-    steps:
-      - name: Save PR context
-        env:
-          PR_BRANCH: ${{ github.ref_name }}
-          PR_NUMBER: ${{ github.event.number }}
-          PR_SHA: ${{ github.event.pull_request.head.sha }}
-        run: |
-          echo $PR_BRANCH > PR_branch
-          echo $PR_NUMBER > PR_number
-          echo $PR_SHA > PR_sha
-
-      - name: Upload PR number as artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-        with:
-          name: PR_context
-          path: |
-            PR_branch
-            PR_number
-            PR_sha
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 0ca5f220a0..fcdb13c238 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -19,16 +19,16 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+      uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
       with:
         languages: javascript
         queries: +security-extended
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+      uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+      uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
diff --git a/.github/workflows/commands.yml b/.github/workflows/commands.yml
index 82bf06e61a..296d5c111c 100644
--- a/.github/workflows/commands.yml
+++ b/.github/workflows/commands.yml
@@ -18,7 +18,7 @@ jobs:
           comment-id: ${{ github.event.comment.id }}
           reactions: '+1'
       - name: Checkout the latest code
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           token: ${{ secrets.JF_BOT_TOKEN }}
           fetch-depth: 0
diff --git a/.github/workflows/pr-suggestions.yml b/.github/workflows/pr-suggestions.yml
index 4b71e8b41c..432f14a2e9 100644
--- a/.github/workflows/pr-suggestions.yml
+++ b/.github/workflows/pr-suggestions.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -33,6 +33,6 @@ jobs:
 
       - name: Run eslint
         if: ${{ github.repository == 'jellyfin/jellyfin-web' }}
-        uses: CatChen/eslint-suggestion-action@34e2a6c4193eba18a7a20710b5ae37850fc984c3 # v3.1.5
+        uses: CatChen/eslint-suggestion-action@b110ac684564c7b73e47cc223eb7a5266ec83fd3 # v4.1.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index f38a4d8a32..87a28661a2 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -8,42 +8,26 @@ on:
       - completed
 
 jobs:
-  pr-context:
-    name: PR context
-    if: ${{ github.event.workflow_run.event == 'pull_request' }}
-    runs-on: ubuntu-latest
-    outputs:
-      branch: ${{ env.pr_branch }}
-      commit: ${{ env.pr_sha }}
-      pr_number: ${{ env.pr_number }}
-
-    steps:
-      - name: Get PR context
-        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
-        id: pr_context
-        with:
-          run_id: ${{ github.event.workflow_run.id }}
-          name: PR_context
-
-      - name: Set PR context environment variables
-        if: ${{ steps.pr_context.conclusion == 'success' }}
-        run: |
-          echo "pr_branch=$(cat PR_branch)" >> $GITHUB_ENV
-          echo "pr_number=$(cat PR_number)" >> $GITHUB_ENV
-          echo "pr_sha=$(cat PR_sha)" >> $GITHUB_ENV
-
   publish:
-    permissions:
-      contents: read
-      deployments: write
-
     name: Deploy to Cloudflare Pages
     if: ${{ always() }}
     runs-on: ubuntu-latest
-    needs:
-      - pr-context
+    permissions:
+      contents: read
+      deployments: write
+    # We set the environment variable here (and as an output) because,
+    # given no real runner is dispatched in compose-comment job (it's dispatched in the reusable workflow) in this workflow definition,
+    # the env. context is not valid.
+    env:
+      TARGET_BRANCH: |
+        ${{
+          github.event.workflow_run.head_repository.full_name == github.repository
+          && github.event.workflow_run.head_branch
+          || format('{0}/{1}', github.event.workflow_run.head_repository.full_name, github.event.workflow_run.head_branch)
+        }}
     outputs:
       url: ${{ steps.cf.outputs.url }}
+      branch: ${{ env.TARGET_BRANCH }}
 
     steps:
       - name: Download workflow artifact
@@ -60,7 +44,7 @@ jobs:
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           projectName: jellyfin-web
-          branch: ${{ needs.pr-context.outputs.branch || github.ref_name }}
+          branch: ${{ env.TARGET_BRANCH }}
           directory: dist
           gitHubToken: ${{ secrets.GITHUB_TOKEN }}
 
@@ -70,11 +54,10 @@ jobs:
     uses: ./.github/workflows/job-messages.yml
     needs:
       - publish
-      - pr-context
 
     with:
-      branch: ${{ needs.pr-context.outputs.branch || github.ref_name }}
-      commit: ${{ needs.pr-context.outputs.commit != '' && needs.pr-context.outputs.commit || github.event.workflow_run.head_sha }}
+      branch: ${{ needs.publish.outputs.branch }}
+      commit: ${{ github.event.workflow_run.head_commit.id }}
       preview_url: ${{ needs.publish.outputs.url }}
       build_workflow_run_id: ${{ github.event.workflow_run.id }}
       commenting_workflow_run_id: ${{ github.run_id }}
@@ -85,11 +68,10 @@ jobs:
     if: |
       always() &&
       github.event.workflow_run.event == 'pull_request' &&
-      needs.pr-context.outputs.pr_number != ''
+      github.event.workflow_run.pull_requests[0].number != ''
     runs-on: ubuntu-latest
     needs:
       - compose-comment
-      - pr-context
 
     steps:
       - name: Update job summary in PR comment
@@ -97,6 +79,6 @@ jobs:
         with:
           GITHUB_TOKEN: ${{ secrets.JF_BOT_TOKEN }}
           message: ${{ needs.compose-comment.outputs.msg }}
-          pr_number: ${{ needs.pr-context.outputs.pr_number }}
+          pr_number: ${{ github.event.workflow_run.pull_requests[0].number }}
           comment_tag: ${{ needs.compose-comment.outputs.marker }}
           mode: recreate
diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
index 83a28f63d8..9a9fbfe8aa 100644
--- a/.github/workflows/quality.yml
+++ b/.github/workflows/quality.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup node environment
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup node environment
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
@@ -62,7 +62,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup node environment
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
@@ -86,7 +86,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup node environment
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
@@ -107,7 +107,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup node environment
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
diff --git a/.github/workflows/update-sdk.yml b/.github/workflows/update-sdk.yml
index 45e3749bdd..876d625928 100644
--- a/.github/workflows/update-sdk.yml
+++ b/.github/workflows/update-sdk.yml
@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           ref: master
           token: ${{ secrets.JF_BOT_TOKEN }}