[actions] update sandpaper workflow to version 0.12.0

Author: zkamvar

.github/workflows/pr-close-signal.yaml

@@ -16,8 +16,8 @@ jobs:
           mkdir -p ./pr
           printf ${{ github.event.number }} > ./pr/NUM
       - name: Upload Diff
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
-          name: pr 
+          name: pr
           path: ./pr
 

.github/workflows/pr-comment.yaml

@@ -21,8 +21,8 @@ jobs:
   test-pr:
     name: "Test if pull request is valid"
     runs-on: ubuntu-latest
-    if: > 
-      github.event.workflow_run.event == 'pull_request' && 
+    if: >
+      github.event.workflow_run.event == 'pull_request' &&
       github.event.workflow_run.conclusion == 'success'
     outputs:
       is_valid: ${{ steps.check-pr.outputs.VALID }}
@@ -78,6 +78,8 @@ jobs:
     if: ${{ needs.test-pr.outputs.is_valid == 'true' }}
     env:
       NR: ${{ needs.test-pr.outputs.number }}
+    permissions:
+      contents: write
     steps:
       - name: 'Checkout md outputs'
         uses: actions/checkout@v3
@@ -104,9 +106,9 @@ jobs:
           git config --local user.name "GitHub Actions"
           CURR_HEAD=$(git rev-parse HEAD)
           git checkout --orphan md-outputs-PR-${NR}
-          git add -A 
+          git add -A
           git commit -m "source commit: ${CURR_HEAD}"
-          ls -A | grep -v '^.git$' | xargs rm -r
+          ls -A | grep -v '^.git$' | xargs -I _ rm -r '_'
           cd ..
           unzip -o -d built built.zip
           cd built
@@ -122,14 +124,16 @@ jobs:
     if: ${{ needs.test-pr.outputs.is_valid == 'true' }}
     env:
       NR: ${{ needs.test-pr.outputs.number }}
+    permissions:
+      pull-requests: write
     steps:
       - name: 'Download comment artifact'
         id: dl
         uses: carpentries/actions/download-workflow-artifact@main
         with:
           run: ${{ github.event.workflow_run.id }}
           name: 'diff'
-          
+
       - if: ${{ steps.dl.outputs.success == 'true' }}
         run: unzip ${{ github.workspace }}/diff.zip
 
@@ -138,7 +142,7 @@ jobs:
         if: ${{ steps.dl.outputs.success == 'true' }}
         uses: carpentries/actions/comment-diff@main
         with:
-          pr: ${{ env.NR }} 
+          pr: ${{ env.NR }}
           path: ${{ github.workspace }}/diff.md
 
   # Comment if the PR is open and matches the SHA, but the workflow files have
@@ -151,6 +155,8 @@ jobs:
     env:
       NR: ${{ github.event.workflow_run.pull_requests[0].number }}
       body: ${{ needs.test-pr.outputs.msg }}
+    permissions:
+      pull-requests: write
     steps:
       - name: 'Check for spoofing'
         id: dl

.github/workflows/pr-post-remove-branch.yaml

@@ -13,6 +13,8 @@ jobs:
     if: >
       github.event.workflow_run.event == 'pull_request' &&
       github.event.workflow_run.conclusion == 'success'
+    permissions:
+      contents: write
     steps:
       - name: 'Download artifact'
         uses: carpentries/actions/download-workflow-artifact@main

.github/workflows/pr-preflight.yaml

@@ -14,6 +14,8 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       is_valid: ${{ steps.check-pr.outputs.VALID }}
+    permissions:
+      pull-requests: write
     steps:
       - name: "Get Invalid Hashes File"
         id: hash

.github/workflows/pr-receive.yaml

@@ -25,7 +25,7 @@ jobs:
       - name: "Upload PR number"
         id: upload
         if: ${{ always() }}
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: pr
           path: ${{ github.workspace }}/NR
@@ -107,20 +107,20 @@ jobs:
         shell: Rscript {0}
 
       - name: "Upload PR"
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: pr
           path: ${{ env.PR }}
 
       - name: "Upload Diff"
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: diff
           path: ${{ env.CHIVE }}
           retention-days: 1
-      
+
       - name: "Upload Build"
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: built
           path: ${{ env.MD }}

.github/workflows/sandpaper-version.txt

@@ -1 +1 @@
-0.11.6
+0.12.0

.github/workflows/update-cache.yaml

@@ -93,7 +93,7 @@ jobs:
       - name: Create Pull Request
         id: cpr
         if: ${{ steps.update.outputs.n > 0 }}
-        uses: peter-evans/create-pull-request@v4.2.0
+        uses: carpentries/create-pull-request@main
         with:
           token: ${{ secrets.SANDPAPER_WORKFLOW }}
           delete-branch: true
@@ -119,7 +119,7 @@ jobs:
             ```
 
             - Auto-generated by [create-pull-request][1] on ${{ steps.update.outputs.date }}
-            
-            [1]: https://github.com/peter-evans/create-pull-request
+
+            [1]: https://github.com/carpentries/create-pull-request/tree/main
           labels: "type: package cache"
           draft: false

.github/workflows/update-workflows.yaml

@@ -43,11 +43,11 @@ jobs:
         uses: carpentries/actions/update-workflows@main
         with:
           clean: ${{ github.event.inputs.clean }}
-      
+
       - name: Create Pull Request
         id: cpr
         if: "${{ steps.update.outputs.new }}"
-        uses: peter-evans/create-pull-request@v4.2.0
+        uses: carpentries/create-pull-request@main
         with:
           token: ${{ secrets.SANDPAPER_WORKFLOW }}
           delete-branch: true
@@ -60,7 +60,7 @@ jobs:
             Update Workflows from sandpaper version ${{ steps.update.outputs.old }} -> ${{ steps.update.outputs.new }}
 
             - Auto-generated by [create-pull-request][1] on ${{ steps.update.outputs.date }}
-            
-            [1]: https://github.com/peter-evans/create-pull-request
+
+            [1]: https://github.com/carpentries/create-pull-request/tree/main
           labels: "type: template and tools"
           draft: false