Merge branch 'jw/fix/git-removes-remotes-incorrectly' of github.com:h…

…eroku/cli into jw/fix/git-removes-remotes-incorrectly

.github/actions/get-version-and-channel/action.yml

@@ -14,5 +14,5 @@ outputs:
     description: full version from package.json
 
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/index.js'

.github/workflows/cache-invalidation.yml

@@ -12,7 +12,7 @@ jobs:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_EC2_METADATA_DISABLED: true
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: |
           sudo apt-get update
           sudo apt-get install -y awscli

.github/workflows/ci.yml

@@ -8,12 +8,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [20.x]
         os: [ubuntu-latest, macos-latest, windows-latest]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache: yarn
@@ -27,16 +27,16 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [20.x]
         os: [ubuntu-latest]
     environment: AcceptanceTests
     env:
       HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
       ENABLE_NET_CONNECT: true
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache: yarn
@@ -50,16 +50,16 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [20.x]
         os: [ubuntu-latest]
     environment: AcceptanceTests
     env:
       HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
       ENABLE_NET_CONNECT: true
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache: yarn
@@ -77,14 +77,14 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [20.x]
         os: [ubuntu-latest]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with: 
           fetch-depth: 0
       - name: Use Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
       - run: yarn add [email protected]

.github/workflows/create-cli-release.yml

@@ -17,13 +17,6 @@ on:
         default: false
 
 jobs:
-  check-for-moratorium:
-    if: fromJSON(inputs.isStableCandidate)
-    run: ./scripts/release/tps_check_lock cli ${{ github.sha }}
-    environment: ChangeManagement
-    env:
-      TPS_API_TOKEN: ${{ secrets.TPS_API_TOKEN_PARAM }}
-
   get-version-channel:
     runs-on: ubuntu-latest
     outputs:
@@ -32,7 +25,7 @@ jobs:
       # final check to ensure package.json doesn't have a dist tag, ex: '-beta'
       isStableRelease: ${{ fromJSON(inputs.isStableCandidate) && !steps.getVersion.outputs.channel }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: getVersion
         uses: ./.github/actions/get-version-and-channel/
         with:
@@ -49,7 +42,7 @@ jobs:
     secrets: inherit
 
   pack-upload:
-    needs: [ publish-npm ]
+    needs: [publish-npm]
     uses: ./.github/workflows/pack-upload.yml
     secrets: inherit
 
@@ -64,8 +57,8 @@ jobs:
     secrets: inherit
 
   publish-docs:
-    needs: [ get-version-channel, promote ]
+    needs: [get-version-channel, promote]
     uses: ./.github/workflows/devcenter-doc-update.yml
     with:
-      isStableRelease: ${{ fromJSON(needs.get-version-channel.outputs.isStableRelease) }}
+      isStableRelease: ${{ fromJSON(inputs.isStableCandidate) }}
     secrets: inherit

.github/workflows/devcenter-doc-update.yml

@@ -20,11 +20,11 @@ jobs:
   update-devcenter-command-docs:
     name: Update Devcenter command docs
     runs-on: ubuntu-latest
-    if: fromJSON(inputs.isStableRelease)
+    if: ${{ fromJSON(inputs.isStableRelease) }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Use Node.js 16.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 16.x
           cache: yarn

.github/workflows/direwolf.yml

@@ -27,7 +27,7 @@ jobs:
     timeout-minutes: 20
     environment: direwolf
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install jq
       run: |
         sudo apt-get update

.github/workflows/empty-stampy-buckets.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     environment: Stampy
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Empty Stampy signed and unsigned buckets
         env:
           STAMPY_ARN: ${{ secrets.STAMPY_ARN }}

.github/workflows/get-signed-from-stampy.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     environment: Stampy
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: download signed Windows installer from from Stampy
         env:
           STAMPY_ARN: ${{ secrets.STAMPY_ARN }}

.github/workflows/pack-upload-windows.yml

@@ -12,7 +12,7 @@ jobs:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_EC2_METADATA_DISABLED: true
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Homebrew
         id: set-up-homebrew
         uses: Homebrew/actions/setup-homebrew@41775cf0c82ef066f1eb39cea1bd74697ca5b735

.github/workflows/pack-upload.yml

@@ -12,7 +12,7 @@ jobs:
     env:
       HEROKU_AUTHOR: 'Heroku'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install system deps
         run: |
           sudo apt-get update
@@ -30,7 +30,7 @@ jobs:
   pack_tarballs:
     runs-on: pub-hk-ubuntu-22.04-2xlarge
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install system deps
         run: |
           sudo apt-get update
@@ -55,7 +55,7 @@ jobs:
       HEROKU_DEB_KEY_ID: ${{ secrets.HEROKU_DEB_KEY_ID }}
       HEROKU_DEB_PUBLIC_KEY: ${{ secrets.HEROKU_DEB_PUBLIC_KEY }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: sudo mkdir -p /build
       - uses: actions/download-artifact@v4
         with:
@@ -79,7 +79,7 @@ jobs:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_EC2_METADATA_DISABLED: true
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: sudo mkdir -p /build
       - uses: actions/download-artifact@v4
         with:

.github/workflows/promote-release.yml

@@ -58,16 +58,10 @@ jobs:
   change-management:
     needs: [ promote ]
     if: fromJSON(inputs.isStableRelease)
-    # Failure to record the release should not fail the workflow
-    continue-on-error: true
-    steps:
-      # Checkout required to get github.sha
-      - uses: actions/checkout@v3
-      - run: ./scripts/postrelease/tps_record_release cli ${{ github.sha }}
-    environment: ChangeManagement
-    env:
-      ACTOR_EMAIL: ${{ secrets.TPS_API_RELEASE_ACTOR_EMAIL }}
-      TPS_API_TOKEN: ${{ secrets.TPS_API_TOKEN_PARAM }}
+    uses: ./.github/workflows/tps-record-release.yml
+    secrets: inherit
+    with:
+      isStableCandidate: ${{ fromJSON(inputs.isStableRelease) }}
 
   create-fig-autocomplete-pr:
     if: fromJSON(inputs.isStableRelease)

.github/workflows/promote-windows.yml

@@ -30,11 +30,11 @@ jobs:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_EC2_METADATA_DISABLED: true
     steps:
-      - uses: actions/checkout@v3
-      - name: Use Node.js 16.x
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v4
         with:
-          node-version: 16.x
+          node-version: 20.x
           cache: yarn
       - run: yarn --immutable --network-timeout 1000000
       - name: install apt-get dependencies

.github/workflows/promote.yml

@@ -43,11 +43,11 @@ jobs:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_EC2_METADATA_DISABLED: true
     steps:
-      - uses: actions/checkout@v3
-      - name: Use Node.js 16.x
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v4
         with:
-          node-version: 16.x
+          node-version: 20.x
           cache: yarn
       - run: yarn --immutable --network-timeout 1000000
       - name: install apt-get dependencies

.github/workflows/publish-npm.yml

@@ -32,11 +32,11 @@ jobs:
     # pub-hk-ubuntu-22.04- due to IP allow list issues with public repos: https://salesforce.quip.com/bu6UA0KImOxJ
     runs-on: pub-hk-ubuntu-22.04-small
     steps:
-      - uses: actions/checkout@v3
-      - name: Use Node.js 16.x
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v4
         with:
-          node-version: 16.x
+          node-version: 20.x
           cache: yarn
       - run: yarn --immutable --network-timeout 1000000
       - name: set NPM auth

.github/workflows/publish-to-fig-autocomplete.yml

@@ -8,11 +8,11 @@ jobs:
   push-to-fig-autocomplete:
     runs-on: pub-hk-ubuntu-22.04-small
     steps:
-      - uses: actions/checkout@v3
-      - name: Use Node.js 16.x
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v4
         with:
-          node-version: 16.x
+          node-version: 20.x
           cache: yarn
       - name: Install Fig Oclif Plugin
         run: cd packages/cli && yarn add @fig/complete-oclif && jq '.oclif.plugins += ["@fig/complete-oclif"]' package.json > temp.json && mv temp.json package.json

.github/workflows/release-homebrew.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: pub-hk-ubuntu-22.04-small
     environment: ReleaseHomebrew
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: webfactory/[email protected]
         with:
           ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

.github/workflows/snyk.yml

@@ -12,10 +12,10 @@ jobs:
     env:
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 16.x
+          node-version: 20.x
       - run: yarn --immutable --network-timeout 1000000
       - run: yarn dlx -p snyk test --all-projects --fail-on=all
       - run: yarn dlx -p snyk monitor --all-projects --org=hit

.github/workflows/start-gh-release.yml

@@ -15,15 +15,20 @@ jobs:
     outputs:
       sourceName: ${{ steps.sourceName.outputs.sourceName }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Remove 'refs/heads/' from GITHUB_HEAD_REF
         shell: bash
         id: sourceName
         run: echo "sourceName=${GITHUB_HEAD_REF#refs/heads/}" >> $GITHUB_OUTPUT
 
-  start-release:
-    needs: [ get-source-branch-name ]
+  validate-release:
+    needs: [get-source-branch-name]
     if: startsWith(needs.get-source-branch-name.outputs.sourceName, 'release-')
+    uses: ./.github/workflows/tps-check-lock.yml
+    secrets: inherit
+
+  start-release:
+    needs: [validate-release]
     uses: ./.github/workflows/tag-create-github-release.yml
     secrets: inherit
 

.github/workflows/start-prerelease.yml

@@ -13,7 +13,7 @@ jobs:
       channel: ${{ steps.getVersion.outputs.channel }}
       version: ${{ steps.getVersion.outputs.version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: getVersion
         uses: ./.github/actions/get-version-and-channel/
         with:
@@ -28,7 +28,7 @@ jobs:
         VERSION: ${{ needs.get-version-channel.outputs.version }}
         CURRENT_BRANCH_NAME: ${{ github.ref_name }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: yarn --immutable --network-timeout 1000000
       - run: ./scripts/release/validate-prerelease
 
@@ -40,10 +40,10 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       TAG_NAME: ${{ format('v{0}', needs.get-version-channel.outputs.version) }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 16.x
+          node-version: 20.x
       - name: set git user
         run: |
           git config user.name "GitHub Actions Bot"