Merge pull request #12 from contentstack/feat/CS-39612

feat/CS-39612-Updated actions versions and added auto generate release notes and version bump

Author: aman19K

.github/workflows/codeql-analysis.yml

@@ -34,7 +34,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v3.5.3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/github-release.yml

@@ -8,10 +8,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v3.5.3
+      - uses: actions/setup-node@v3.7.0
         with:
-          node-version: "16.x"
+          node-version: "18.x"
       - run: npm install
 
       - name: get-package-details
@@ -28,15 +28,10 @@ jobs:
           tag_prefix: "v"
       - name: Create Release
         if: steps.update_tag.outputs.tagname
-        uses: actions/create-release@v1
         id: create_release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
-        with:
-          tag_name: ${{ steps.update_tag.outputs.tagname }}
-          release_name: Release ${{ steps.update_tag.outputs.tagname }}
-          draft: false # Default value, but nice to set explicitly
-          prerelease: false # Default value, but nice to set explicitly
+        run:  gh release create v${{ steps.update_tag.outputs.version }} --title "Release ${{ steps.update_tag.outputs.version }}" --generate-notes
       - name: Upload Release Asset
         if: steps.update_tag.outputs.tagname
         id: upload-release-asset

.github/workflows/jira.yml

@@ -7,7 +7,7 @@ jobs:
     if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-')  || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.5.3
       - name: Login into JIRA
         uses: atlassian/gajira-login@master
         env:

.github/workflows/release.yml

@@ -9,13 +9,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.5.3
         with:
           fetch-depth: 0
       - name: Setup Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v3.7.0
         with:
-          node-version: 16
+          node-version: 18
       - name: Install dependencies
         run: npm install
       - name: Build
@@ -32,13 +32,13 @@ jobs:
     needs: build
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.5.3
         with:
           fetch-depth: 0
       - name: Setup Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v3.7.0
         with:
-          node-version: 16
+          node-version: 18
       - name: Install dependencies
         run: npm install
       - name: Download dist
@@ -49,6 +49,6 @@ jobs:
       - name: Display structure of downloaded files
         run: ls -R
       - name: Release
-        uses: JS-DevTools/npm-publish@v1
+        uses: JS-DevTools/npm-publish@v2.2.1
         with:
           token: ${{ secrets.NPM_TOKEN }}

.github/workflows/sast-scan.yml

@@ -6,6 +6,6 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.5.3
       - name: Horusec Scan
         run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)