ci: update all actions to their newest versions to solve "Node.js 20 actions are deprecated"

.github/actions/check-skip-merge-queue/action.yml

@@ -41,7 +41,7 @@ runs:
     - name: Get pull request details
       continue-on-error: true
       id: pr-details
-      uses: actions/github-script@v8
+      uses: actions/github-script@v9
       env:
         HEAD_REF: ${{ inputs.head-ref }}
       with:
@@ -85,7 +85,7 @@ runs:
     - name: Check if pull request is up-to-date with base branch
       continue-on-error: true
       id: up-to-date
-      uses: actions/github-script@v8
+      uses: actions/github-script@v9
       env:
         BASE_REF: ${{ inputs.base-ref }}
         PR_BRANCH: ${{ steps.pr-details.outputs.pr-branch }}

.github/actions/configure-keystore/action.yml

@@ -41,7 +41,7 @@ runs:
         echo "AWS_SIGNING_CERT_SECRET_NAME=$SECRET_NAME" >> "$GITHUB_ENV"
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v4
+      uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37
       with:
         role-to-assume: ${{ inputs.aws-role-to-assume }}
         aws-region: ${{ inputs.aws-region }}

.github/actions/create-release-pr/action.yml

@@ -78,7 +78,7 @@ runs:
 
     # Step 3: Setup environment
     - name: Checkout and setup environment
-      uses: MetaMask/action-checkout-and-setup@v2
+      uses: MetaMask/action-checkout-and-setup@v3
       with:
         is-high-risk-environment: true
 
@@ -151,7 +151,7 @@ runs:
     # Step 6: Upload commits.csv as artifact (if generated)
     - name: Upload commits.csv artifact
       if: ${{ hashFiles('commits.csv') != '' }}
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v7
       with:
         name: commits-csv
         path: commits.csv

.github/actions/feature-flag-drift-slack-noti/action.yml

@@ -64,7 +64,7 @@ runs:
         } >> "$GITHUB_OUTPUT"
 
     - name: Send Slack notification
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a
+      uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95
       with:
         webhook: ${{ inputs.slack-webhook }}
         webhook-type: incoming-webhook

.github/actions/get-release-timelines/action.yml

@@ -45,7 +45,7 @@ runs:
       run: ./github-tools/.github/scripts/get-release-timelines.sh
 
     - name: Upload artifact release-timelines-${{ inputs.version }}.csv
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v7
       with:
         name: release-timelines-${{ inputs.version }}.csv
         path: release-timelines-${{ inputs.version }}.csv

.github/actions/merge-approved-pr/action.yml

@@ -60,7 +60,7 @@ runs:
 
     # Fetch PR metadata (head and base branches) using the GitHub API
     - name: Get PR Details
-      uses: actions/github-script@v7
+      uses: actions/github-script@v9
       env:
         PR_NUMBER: ${{ inputs.pr-number }}
       with:
@@ -97,7 +97,7 @@ runs:
     # Check if the PR has the required approval status
     - name: Verify Approval
       if: steps.verify-branches.outputs.should_skip != 'true'
-      uses: actions/github-script@v7
+      uses: actions/github-script@v9
       env:
         PR_NUMBER: ${{ inputs.pr-number }}
       with:
@@ -164,7 +164,7 @@ runs:
     # - the version change is a valid semver bump
     - name: Verify a version bump
       if: ${{ steps.verify-branches.outputs.should_skip != 'true' && inputs.verify-version-bump == 'true' }}
-      uses: actions/github-script@v7
+      uses: actions/github-script@v9
       env:
         PR_NUMBER: ${{ inputs.pr-number }}
       with:
@@ -250,7 +250,7 @@ runs:
     # Execute the merge if all checks pass
     - name: Merge PR
       if: steps.verify-branches.outputs.should_skip != 'true'
-      uses: actions/github-script@v7
+      uses: actions/github-script@v9
       env:
         PR_NUMBER: ${{ inputs.pr-number }}
         MERGE_METHOD: ${{ inputs.merge-method }}

.github/actions/post-gh-rca/action.yml

@@ -40,7 +40,7 @@ runs:
   using: composite
   steps:
     - name: Post RCA Form Link
-      uses: actions/github-script@v8
+      uses: actions/github-script@v9
       env:
         GOOGLE_FORM_BASE_URL: ${{ inputs.google-form-base-url }}
         ISSUE_LABELS: ${{ inputs.issue-labels }}

.github/actions/pr-line-check/action.yml

@@ -90,7 +90,7 @@ runs:
         } >> "$GITHUB_OUTPUT"
 
     - name: Check line count limit
-      uses: actions/github-script@v7
+      uses: actions/github-script@v9
       env:
         LINES_CHANGED: ${{ steps.line-count.outputs.lines-changed }}
         ADDITIONS: ${{ steps.line-count.outputs.additions }}

.github/actions/setup-e2e-env/action.yml

@@ -212,7 +212,7 @@ runs:
         command: ${{ steps.get-corepack-command.outputs.COREPACK_COMMAND }}
 
     - name: Restore Yarn cache
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: |
           node_modules
@@ -268,7 +268,7 @@ runs:
     # Restore cached Ruby gems
     - name: Restore Bundler cache
       if: ${{ inputs.platform == 'ios' }}
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: ios/vendor/bundle
         key: ${{ inputs.cache-prefix }}-bundler-${{ inputs.platform }}-${{ runner.os }}-${{ hashFiles('ios/Gemfile.lock') }}
@@ -330,7 +330,7 @@ runs:
     - name: Restore CocoaPods specs cache
       if: ${{ inputs.platform == 'ios' }}
       id: cocoapods-specs-cache
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: ~/.cocoapods/repos
         key: ${{ runner.os }}-cocoapods-specs-${{ hashFiles('ios/Podfile.lock') }}

.github/actions/stable-sync/action.yml

@@ -63,7 +63,7 @@ runs:
 
     - name: Check if PR exists
       id: check-pr
-      uses: actions/github-script@v7
+      uses: actions/github-script@v9
       with:
         script: |
           const { data: prs } = await github.rest.pulls.list({

.github/actions/update-release-changelog/action.yml

@@ -47,9 +47,9 @@ runs:
         ref: ${{ inputs.github-tools-ref }}
         path: ./github-tools
 
-    # Step 3: Setup environment from github-tools
+    # Step 3: Setup environment
     - name: Checkout and setup environment
-      uses: ./github-tools/.github/actions/checkout-and-setup
+      uses: MetaMask/action-checkout-and-setup@v3
       with:
         is-high-risk-environment: true
 

.github/actions/upload-s3/action.yml

@@ -20,7 +20,7 @@ runs:
   using: composite
   steps:
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
+      uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37
       with:
         aws-region: ${{ inputs.aws-region }}
         role-to-assume: ${{ inputs.role-to-assume }}

.github/workflows/build-lint-test.yml

@@ -7,11 +7,8 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
       - name: Checkout and setup environment
-        uses: ./.github/actions/checkout-and-setup
+        uses: MetaMask/action-checkout-and-setup@v3
         with:
           is-high-risk-environment: false
 
@@ -34,11 +31,8 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
       - name: Checkout and setup environment
-        uses: ./.github/actions/checkout-and-setup
+        uses: MetaMask/action-checkout-and-setup@v3
         with:
           is-high-risk-environment: false
 

.github/workflows/create-pr-feature-flag-registry-drift.yml

@@ -62,13 +62,13 @@ jobs:
           token: ${{ secrets.github-token }}
 
       - name: Download registry artifact
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: ${{ inputs.registry-artifact-name }}
           path: ${{ inputs.registry-artifact-name }}
 
       - name: Download report artifact
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: ${{ inputs.report-artifact-name }}
           path: ${{ inputs.report-artifact-name }}

.github/workflows/create-release-pr.yml

@@ -22,7 +22,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Checkout and setup environment
-        uses: MetaMask/action-checkout-and-setup@v2
+        uses: MetaMask/action-checkout-and-setup@v3
         with:
           is-high-risk-environment: true
 

.github/workflows/lint-workflows.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Download actionlint
         id: download-actionlint
@@ -19,7 +19,6 @@ jobs:
       - name: Lint workflow files
         env:
           EXECUTABLE: ${{ steps.download-actionlint.outputs.executable }}
-        # We need to ignore the expected missing inputs in test-checkout-and-setup.yml
         run: |
           "$EXECUTABLE" -color
         shell: bash

.github/workflows/main.yml

@@ -15,17 +15,12 @@ jobs:
     name: Build, lint, and test
     uses: ./.github/workflows/build-lint-test.yml
 
-  test-checkout-and-setup:
-    name: Test checkout-and-setup
-    uses: ./.github/workflows/test-checkout-and-setup.yml
-
   all-jobs-completed:
     name: All jobs completed
     runs-on: ubuntu-latest
     needs:
       - lint-workflows
       - build-lint-test
-      - test-checkout-and-setup
     outputs:
       PASSED: ${{ steps.set-output.outputs.PASSED }}
     steps:
@@ -59,7 +54,7 @@ jobs:
       IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }}
     runs-on: ubuntu-latest
     steps:
-      - uses: MetaMask/action-is-release@v1
+      - uses: MetaMask/action-is-release@v2
         id: is-release
 
   publish-release:

.github/workflows/post-relay-subsidy-balance.yml

@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .nvmrc
 
@@ -47,7 +47,7 @@ jobs:
           } >> "$GITHUB_OUTPUT"
 
       - name: Send Slack notification
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a
+        uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95
         with:
           webhook: '${{ secrets.SLACK_RELAY_SUBSIDY_BALANCE_TRACKER_WEBHOOK_URL }}'
           webhook-type: incoming-webhook