paritytech
diff --git a/‎.github/dependabot.yml
Lines changed: 5 additions & 0 deletions b/‎.github/dependabot.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/pr-custom-review.yml
Lines changed: 10 additions & 1 deletion b/‎.github/pr-custom-review.yml
Lines changed: 10 additions & 1 deletion
diff --git a/‎.github/workflows/check-labels.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/check-labels.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/extrinsic-ordering-check-from-bin.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/extrinsic-ordering-check-from-bin.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/honggfuzz.yml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/honggfuzz.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/publish-docker-manual.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/publish-docker-manual.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/publish-docker-release.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/publish-docker-release.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/publish-draft-release.yml
Lines changed: 6 additions & 6 deletions b/‎.github/workflows/publish-draft-release.yml
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/workflows/release-candidate.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-candidate.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.gitlab-ci.yml
Lines changed: 6 additions & 52 deletions b/‎.gitlab-ci.yml
Lines changed: 6 additions & 52 deletions
@@ -19,3 +19,8 @@ updates:
       - dependency-name: "sub-tokens"
     schedule:
       interval: "daily"
+  - package-ecosystem: github-actions
+    directory: '/'
+    labels: ["A2-insubstantial", "B0-silent", "C1-low 📌", "E3-dependencies"]
+    schedule:
+      interval: daily
@@ -19,11 +19,20 @@ rules:
     check_type: changed_files
     condition:
       include: .*
-      exclude: ^runtime/(kusama|polkadot)/src/[^/]+\.rs$
+      # excluding files from 'Runtime files' and 'CI team' rules
+      exclude: ^runtime/(kusama|polkadot)/src/[^/]+\.rs$|^\.gitlab-ci\.yml|^scripts/ci/.*|^\.github/.*
     min_approvals: 2
     teams:
       - core-devs
 
+  - name: CI team
+    check_type: changed_files
+    condition:
+      include: ^\.gitlab-ci\.yml|^scripts/ci/.*|^\.github/.*
+    min_approvals: 2
+    teams:
+      - ci
+
 prevent-review-request:
   teams:
     - core-devs
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.ref }}
 
@@ -28,7 +28,7 @@ jobs:
 
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Fetch binary
         run: |
 
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 1
 
@@ -48,7 +48,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 1
 
@@ -94,7 +94,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 1
 
 
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
       - name: Cache Docker layers
 
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
       - name: Cache Docker layers
 
@@ -27,7 +27,7 @@ jobs:
         runtime: ["polkadot", "kusama", "westend", "rococo"]
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Cache target dir
         uses: actions/cache@v2
@@ -40,9 +40,9 @@ jobs:
 
       - name: Build ${{ matrix.runtime }} runtime
         id: srtool_build
-        uses: chevdor/srtool-actions@v0.3.0
+        uses: chevdor/srtool-actions@v0.4.0
         with:
-          # This is the default with chevdor/[email protected] but we make it clear
+          # This is the default with chevdor/[email protected]+ but we make it clear
           image: paritytech/srtool
           chain: ${{ matrix.runtime }}
 
@@ -71,7 +71,7 @@ jobs:
       asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
           path: polkadot
@@ -150,10 +150,10 @@ jobs:
         runtime: ["polkadot", "kusama", "westend", "rococo"]
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Download artifacts
         uses: actions/download-artifact@v2
-      - name: Set up Ruby 2.7
+      - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: 3.0.0
 
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - id: compute_tag
 
@@ -33,9 +33,6 @@ variables:
   DOCKER_OS:                       "debian:stretch"
   ARCH:                            "x86_64"
   ZOMBIENET_IMAGE:                 "docker.io/paritytech/zombienet:v1.2.25"
-  VAULT_SERVER_URL:                "https://vault.parity-mgmt-vault.parity.io"
-  VAULT_AUTH_PATH:                 "gitlab-parity-io-jwt"
-  VAULT_AUTH_ROLE:                 "cicd_gitlab_parity_${CI_PROJECT_NAME}"
   PIPELINE_SCRIPTS_TAG:            "v0.4"
 
 default:
@@ -116,49 +113,6 @@ default:
     - if: $CI_PIPELINE_SOURCE == "schedule"
     - if: $CI_COMMIT_REF_NAME == "master"
 
-#### Vault secrets
-.vault-secrets:                    &vault-secrets
-  secrets:
-    AWS_ACCESS_KEY_ID:
-      vault:                       cicd/gitlab/parity/polkadot/AWS_ACCESS_KEY_ID@kv
-      file:                        false
-    AWS_SECRET_ACCESS_KEY:
-      vault:                       cicd/gitlab/parity/polkadot/AWS_SECRET_ACCESS_KEY@kv
-      file:                        false
-    GITHUB_PR_TOKEN:
-      vault:                       cicd/gitlab/parity/GITHUB_PR_TOKEN@kv
-      file:                        false
-    GITHUB_TOKEN:
-      vault:                       cicd/gitlab/parity/GITHUB_TOKEN@kv
-      file:                        false
-    GITHUB_USER:
-      vault:                       cicd/gitlab/parity/polkadot/GITHUB_USER@kv
-      file:                        false
-    GITHUB_RELEASE_TOKEN:
-      vault:                       cicd/gitlab/parity/polkadot/GITHUB_RELEASE_TOKEN@kv
-      file:                        false
-    GITHUB_SSH_PRIV_KEY:
-      vault:                       cicd/gitlab/parity/polkadot/GITHUB_SSH_PRIV_KEY@kv
-      file:                        false
-    MATRIX_ACCESS_TOKEN:
-      vault:                       cicd/gitlab/parity/polkadot/MATRIX_ACCESS_TOKEN@kv
-      file:                        false
-    MATRIX_ROOM_ID:
-      vault:                       cicd/gitlab/parity/polkadot/MATRIX_ROOM_ID@kv
-      file:                        false
-    PARITYPR_USER:
-      vault:                       cicd/gitlab/parity/polkadot/PARITYPR_USER@kv
-      file:                        false
-    PARITYPR_PASS:
-      vault:                       cicd/gitlab/parity/polkadot/PARITYPR_PASS@kv
-      file:                        false
-    PIPELINE_TOKEN:
-      vault:                       cicd/gitlab/parity/polkadot/PIPELINE_TOKEN@kv
-      file:                        false
-    REL_MAN_ROOM_ID:
-      vault:                       cicd/gitlab/parity/polkadot/REL_MAN_ROOM_ID@kv
-      file:                        false
-
 .build-push-image:                 &build-push-image
   <<:                              *kubernetes-env
   image:                           quay.io/buildah/stable
@@ -240,9 +194,7 @@ build-linux-stable:
     - sha256sum polkadot | tee polkadot.sha256
     - shasum -c polkadot.sha256
     - popd
-    - EXTRATAG="$(./artifacts/polkadot --version |
-        sed -n -r 's/^polkadot ([0-9.]+.*-[0-9a-f]{7,13})-.*$/\1/p')"
-    - EXTRATAG="${CI_COMMIT_REF_NAME}-${EXTRATAG}-$(cut -c 1-8 ./artifacts/polkadot.sha256)"
+    - EXTRATAG="${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}"
     - echo "Polkadot version = ${VERSION} (EXTRATAG = ${EXTRATAG})"
     - echo -n ${VERSION} > ./artifacts/VERSION
     - echo -n ${EXTRATAG} > ./artifacts/EXTRATAG
@@ -340,6 +292,9 @@ check-dependent-cumulus:
   variables:
     DEPENDENT_REPO: cumulus
     EXTRA_DEPENDENCIES: substrate
+    COMPANION_OVERRIDES: |
+      polkadot: release-v*
+      cumulus: polkadot-v*
 
 test-node-metrics:
   stage:                           stage2
@@ -475,7 +430,6 @@ publish-s3-release:                &publish-s3
     - job:                         build-linux-stable
       artifacts:                   true
   <<:                              *kubernetes-env
-  <<:                              *vault-secrets
   image:                           paritytech/awscli:latest
   variables:
     GIT_STRATEGY:                  none
@@ -560,7 +514,8 @@ build-rustdoc:
     - ./crate-docs/
   script:
     # FIXME: it fails with `RUSTDOCFLAGS="-Dwarnings"` and `--all-features`
-    - time cargo doc --workspace --verbose
+    # FIXME: return to stable when https://github.com/rust-lang/rust/issues/96937 gets into stable
+    - time cargo +nightly doc --workspace --verbose
     - rm -f ./target/doc/.lock
     - mv ./target/doc ./crate-docs
     # FIXME: remove me after CI image gets nonroot
@@ -762,7 +717,6 @@ zombienet-tests-malus-dispute-valid:
 publish-rustdoc:
   stage:                           stage4
   <<:                              *kubernetes-env
-  <<:                              *vault-secrets
   image:                           paritytech/tools:latest
   variables:
     GIT_DEPTH:                     100