DataDog · bengl · Jan 28, 2025 · Jan 23, 2025 · Jan 23, 2025 · Jan 23, 2025
@@ -1,4 +1,5 @@
 name: Install dependencies
+description: Install dependencies
 runs:
   using: composite
   steps: # retry in case of server error from registry

@@ -1,7 +1,8 @@
 name: Node 14
+description: Install Node 14
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version: '14'
@@ -1,7 +1,8 @@
 name: Node 16
+description: Install Node 16
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version: '16'
@@ -1,7 +1,8 @@
 name: Node 18
+description: Install Node 18
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version: '18'
@@ -1,7 +1,8 @@
 name: Node 20
+description: Install Node 20
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version: '20'
@@ -1,7 +1,8 @@
 name: Node Latest
+description: Install the latest Node.js version
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version: '22' # Update this line to the latest Node.js version
@@ -1,7 +1,8 @@
 name: Node 18
+description: Install Oldest Supported Node.js version
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version: '18'
@@ -1,8 +1,9 @@
 name: Node Setup
+description: Install Node.js
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         cache: yarn
         node-version: '18'
@@ -1,4 +1,5 @@
-name: Plugin Tests
+name: Plugin and Upstream Tests
+description: Run plugin tests and upstream test suite
 runs:
   using: composite
   steps:
@@ -15,7 +16,7 @@ runs:
       shell: bash
     - run: yarn test:plugins:upstream
       shell: bash
-    - uses: codecov/codecov-action@v3
+    - uses: codecov/codecov-action@v5
     - if: always()
       uses: ./.github/actions/testagent/logs
       with:

@@ -1,4 +1,5 @@
 name: Plugin Tests
+description: Run plugin tests
 runs:
   using: composite
   steps:
@@ -11,7 +12,7 @@ runs:
     - uses: ./.github/actions/node/latest
     - run: yarn test:plugins:ci
       shell: bash
-    - uses: codecov/codecov-action@v3
+    - uses: codecov/codecov-action@v5
     - if: always()
       uses: ./.github/actions/testagent/logs
       with:

@@ -1,4 +1,5 @@
 name: Plugin Upstream Tests
+description: Run upstream test suite
 runs:
   using: composite
   steps:
@@ -11,7 +12,7 @@ runs:
     - uses: ./.github/actions/node/latest
     - run: yarn test:plugins:upstream
       shell: bash
-    - uses: codecov/codecov-action@v3
+    - uses: codecov/codecov-action@v5
     - if: always()
       uses: ./.github/actions/testagent/logs
       with:

@@ -0,0 +1,42 @@
+name: Actionlint
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+  schedule:
+    - cron: "0 4 * * *"
+
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/node/setup
+      # NOTE: Ok this next bit seems unnecessary, right? The problem is that
+      # this repo is currently incompatible with npm, at least with the
+      # devDependencies. While this is intended to be corrected, it hasn't yet,
+      # so the easiest thing to do here is just use a fresh package.json. This
+      # is needed because actionlint runs an `npm install` at the beginning.
+      - name: Clear package.json
+        run: |
+          rm package.json
+          npm init -y
+      - name: actionlint
+        id: actionlint
+        uses: raven-actions/actionlint@v2
+        with:
+          matcher: true
+          fail-on-error: true
+          shellcheck: false # TODO should we enable this?
+      - name: actionlint Summary
+        if: ${{ steps.actionlint.outputs.exit-code != 0 }}
+        run: |
+          echo "Used actionlint version ${{ steps.actionlint.outputs.version-semver }}"
+          echo "Used actionlint release ${{ steps.actionlint.outputs.version-tag }}"
+          echo "actionlint ended with ${{ steps.actionlint.outputs.exit-code }} exit code"
+          echo "actionlint ended because '${{ steps.actionlint.outputs.exit-message }}'"
+          echo "actionlint found ${{ steps.actionlint.outputs.total-errors }} errors"
+          echo "actionlint checked ${{ steps.actionlint.outputs.total-files }} files"
+          echo "actionlint cache used: ${{ steps.actionlint.outputs.cache-hit }}"
+          exit ${{ steps.actionlint.outputs.exit-code }}
@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - master
+  schedule:
+    - cron: "0 4 * * *"
 
 jobs:
 

@@ -19,7 +19,7 @@ jobs:
       - uses: ./.github/actions/node/setup
       - uses: ./.github/actions/install
       - run: yarn test:appsec:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   ubuntu:
     runs-on: ubuntu-latest
@@ -33,18 +33,18 @@ jobs:
       - run: yarn test:appsec:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   windows:
     runs-on: windows-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: '18'
       - uses: ./.github/actions/install
       - run: yarn test:appsec:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   ldapjs:
     runs-on: ubuntu-latest
@@ -69,7 +69,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   postgres:
     runs-on: ubuntu-latest
@@ -94,7 +94,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/20
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   mysql:
     runs-on: ubuntu-latest
@@ -117,7 +117,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/20
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   express:
     runs-on: ubuntu-latest
@@ -131,7 +131,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   graphql:
     runs-on: ubuntu-latest
@@ -145,7 +145,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   mongodb-core:
     runs-on: ubuntu-latest
@@ -165,7 +165,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   mongoose:
     runs-on: ubuntu-latest
@@ -185,7 +185,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   sourcing:
     runs-on: ubuntu-latest
@@ -201,7 +201,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   next:
     strategy:
@@ -235,7 +235,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/testagent/start
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           cache: yarn
           node-version: ${{ matrix.version }}
@@ -245,7 +245,7 @@ jobs:
         uses: ./.github/actions/testagent/logs
         with:
           suffix: appsec-${{ github.job }}-${{ matrix.version }}-${{ matrix.range_clean }}
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   lodash:
     runs-on: ubuntu-latest
@@ -259,7 +259,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   integration:
     runs-on: ubuntu-latest
@@ -283,7 +283,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   template:
     runs-on: ubuntu-latest
@@ -297,7 +297,7 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
 
   node-serialize:
     runs-on: ubuntu-latest
@@ -311,4 +311,4 @@ jobs:
       - run: yarn test:appsec:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
@@ -38,7 +38,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         config-file: .github/codeql_config.yml
@@ -48,7 +48,7 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
@@ -22,4 +22,4 @@ jobs:
       - run: yarn test:shimmer:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:shimmer:ci
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
@@ -4,14 +4,16 @@ on:
   pull_request:
   push:
     branches: [master]
+  schedule:
+    - cron: "0 4 * * *"
 
 jobs:
   static-analysis:
     runs-on: ubuntu-latest
     name: Datadog Static Analyzer
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Check code meets quality and security standards
       id: datadog-static-analysis
       uses: DataDog/datadog-static-analyzer-github-action@v1

@@ -32,4 +32,4 @@ jobs:
         uses: ./.github/actions/testagent/logs
         with:
           suffix: debugger
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v5
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,8 @@ on: @@
       push:
         branches:
           - master
+      schedule:
+        - cron: "0 4 * * *"
     jobs:
@@ Expand Down @@