chore: bump deprecated actions

Signed-off-by: Simon Pasquier <[email protected]>

.github/workflows/cmo-make-targets.yaml

@@ -41,40 +41,40 @@ jobs:
   execute-make-targets:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       with:
         repository: openshift/cluster-monitoring-operator
         ref: master
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v5
       with:
         go-version: ${{ inputs.go-version }}
     - name: Execute make targets - ${{ inputs.make-targets }}
       run: make ${{ inputs.make-targets }}
     - name: Ignore if change is only in jsonnetfile.lock.json
       run: |
         # Reset jsonnetfile.lock.json if no dependencies were updated
-        changedFiles=$(git diff --name-only | grep -v 'jsonnetfile.lock.json' | wc -l)
+        changedFiles=$(git diff --name-only | grep -cv 'jsonnetfile.lock.json')
         if [[ "$changedFiles" -eq 0 ]]; then
           git checkout -- jsonnet/jsonnetfile.lock.json;
         fi
     - name: get pr creation app token
       id: pr
-      uses: getsentry/action-github-app-token@v1
+      uses: getsentry/action-github-app-token@v3
       with:
         app_id: ${{ secrets.pr-app-id }}
         private_key: ${{ secrets.pr-app-private-key }}
         scope: openshift
     - name: get cloner app token
       id: cloner
-      uses: getsentry/action-github-app-token@v1
+      uses: getsentry/action-github-app-token@v3
       with:
         app_id: ${{ secrets.cloner-app-id }}
         private_key: ${{ secrets.cloner-app-private-key }}
         scope: rhobs
     - name: Find branch name
       id: branch
       run: |
-        echo "sandbox=$(echo ${{ inputs.make-targets }} | sed 's/ /-/g')" >> $GITHUB_OUTPUT
+        echo sandbox="$(echo ${{ inputs.make-targets }} | sed 's/ /-/g')" >> "$GITHUB_OUTPUT"
     - name: Create Pull Request
       id: create-pr
       uses: rhobs/create-pull-request@v3
@@ -94,9 +94,9 @@ jobs:
       id: slack-message
       run: |
         if [ "${{ steps.create-pr.outputs.pull-request-url }}" == "" ]; then
-          echo "message=No changes detected." >> $GITHUB_OUTPUT
+          echo "message=No changes detected." >> "$GITHUB_OUTPUT"
         else
-          echo "message=PR ${{ steps.create-pr.outputs.pull-request-url }} has been ${{ steps.create-pr.outputs.pull-request-operation || 'updated' }}." >> $GITHUB_OUTPUT
+          echo "message=PR ${{ steps.create-pr.outputs.pull-request-url }} has been ${{ steps.create-pr.outputs.pull-request-operation || 'updated' }}." >> "$GITHUB_OUTPUT"
         fi
     - uses: 8398a7/action-slack@v3
       continue-on-error: true

.github/workflows/merge-flow.yaml

@@ -82,9 +82,11 @@ jobs:
       - name: Find github org name from repo name
         id: org
         run: |
-          echo "upstream=$(dirname ${{ inputs.upstream }})" >> $GITHUB_OUTPUT
-          echo "downstream=$(dirname ${{ inputs.downstream }})" >> $GITHUB_OUTPUT
-          echo "sandbox=$(dirname ${{ inputs.sandbox }})" >> $GITHUB_OUTPUT
+          {
+            echo "upstream=$(dirname ${{ inputs.upstream }})"
+            echo "downstream=$(dirname ${{ inputs.downstream }})"
+            echo "sandbox=$(dirname ${{ inputs.sandbox }})"
+          } >> "$GITHUB_OUTPUT"
           DOWNSTREAM_VERSION=$(curl -sL "https://raw.githubusercontent.com/${{ inputs.downstream }}/${{ inputs.downstream-branch }}/VERSION")
           if [[ "${DOWNSTREAM_VERSION}" =~ ^$|"404: Not Found" ]]; then
             # Strip the trailing URL from the expression.
@@ -125,7 +127,7 @@ jobs:
             echo "::notice::downstream ahead"
             exit 0
           fi
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           repository: ${{ inputs.downstream }}
           fetch-depth: 0
@@ -175,10 +177,10 @@ jobs:
           echo "$version_from_tag" > VERSION
           git add VERSION
           git diff --cached --exit-code || git commit -s -m "[bot] add VERSION file with ${version_from_tag}"
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v5
         with:
           go-version: ${{ inputs.go-version }}
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ inputs.node-version }}
       - name: Remove dependabot configuration
@@ -206,15 +208,15 @@ jobs:
       - name: Get auth token to create pull request for ${{ inputs.downstream }}
         if: github.event_name != 'pull_request'
         id: pr
-        uses: getsentry/action-github-app-token@v1
+        uses: getsentry/action-github-app-token@v3
         with:
           app_id: ${{ secrets.pr-app-id }}
           private_key: ${{ secrets.pr-app-private-key }}
           scope: ${{ steps.org.outputs.downstream }}
       - name: Get auth token to push to ${{ inputs.sandbox }}
         if: github.event_name != 'pull_request'
         id: cloner
-        uses: getsentry/action-github-app-token@v1
+        uses: getsentry/action-github-app-token@v3
         with:
           app_id: ${{ secrets.cloner-app-id }}
           private_key: ${{ secrets.cloner-app-private-key }}

.github/workflows/merge-node-exporter.yaml

@@ -19,7 +19,7 @@ jobs:
       upstream: prometheus/node_exporter
       downstream: openshift/node_exporter
       sandbox: rhobs/node_exporter
-      go-version: "1.21"
+      go-version: "1.22"
       restore-downstream: >-
          OWNERS
       restore-upstream: >-