From e05bdbc25d8f584f1c886253a49da535b184ddb4 Mon Sep 17 00:00:00 2001
From: abhiram6121 <abhiram6121@gmail.com>
Date: Mon, 9 Mar 2026 11:39:16 +0000
Subject: [PATCH] ci: Improve workflows * Update GitHub Actions dependencies *
 Prevent cleanup workflow from running on forked repositories

---
 .github/workflows/CI.yml              | 18 +++++++++---------
 .github/workflows/cleanup.yml         |  4 ++--
 .github/workflows/stale.yml           |  2 +-
 .github/workflows/virustotal_scan.yml |  6 +++---
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index 978bfdfd0..cec7c9301 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -11,7 +11,7 @@ jobs:
     env:
       HAS_SIGNING_KEY: ${{ secrets.SIGNING_KEY != '' }}
       HAS_VT_KEY: ${{ secrets.VIRUS_TOTAL_API_KEY != '' }}
-    
+
     steps:
       - name: Checkout Code
         uses: actions/checkout@v6
@@ -49,19 +49,19 @@ jobs:
       - name: VirusTotal Scan
         if: ${{ env.HAS_VT_KEY == 'true' }}
         id: vt
-        uses: crazy-max/ghaction-virustotal@v4
+        uses: crazy-max/ghaction-virustotal@v5
         with:
           vt_api_key: ${{ secrets.VIRUS_TOTAL_API_KEY }}
           files: |
             ./smarttubetv/build/outputs/apk/stbeta/release/*.apk
-          request_rate: 3
+          request_rate: 4
 
       - name: VirusTotal Summary
         if: steps.vt.outcome == 'success'
         run: |
           echo "Waiting 150s for VirusTotal engines to report..."
           sleep 150
-          
+
           echo "### Security Scan Results" >> $GITHUB_STEP_SUMMARY
           echo "| Artifact Name | VirusTotal Status | Detailed Report |" >> $GITHUB_STEP_SUMMARY
           echo "| :--- | :--- | :--- |" >> $GITHUB_STEP_SUMMARY
@@ -69,7 +69,7 @@ jobs:
           for apk in ./smarttubetv/build/outputs/apk/stbeta/release/*.apk; do
             filename=$(basename "$apk")
             sha256=$(sha256sum "$apk" | awk '{print $1}')
-            
+
             # Construct the dynamic badge URL using the hash
             badge_url="https://badges.cssnr.com/vt/id/$sha256?start=green&end=red&n=8"
             vt_link="https://www.virustotal.com/gui/file/$sha256"
@@ -78,28 +78,28 @@ jobs:
           done
 
       - name: Upload ARM64 APK
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: SmartTube_${{ steps.get_version.outputs.VERSION_NAME }}_arm64
           path: ./smarttubetv/build/outputs/apk/stbeta/release/*_arm64-v8a.apk
           if-no-files-found: error
 
       - name: Upload ARMv7 APK
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: SmartTube_${{ steps.get_version.outputs.VERSION_NAME }}_armeabi-v7a
           path: ./smarttubetv/build/outputs/apk/stbeta/release/*_armeabi-v7a.apk
           if-no-files-found: error
 
       - name: Upload Universal APK
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: SmartTube_${{ steps.get_version.outputs.VERSION_NAME }}_universal
           path: ./smarttubetv/build/outputs/apk/stbeta/release/*_universal.apk
           if-no-files-found: error
 
       - name: Upload x86 APK
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: SmartTube_${{ steps.get_version.outputs.VERSION_NAME }}_x86
           path: ./smarttubetv/build/outputs/apk/stbeta/release/*_x86.apk
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
index c0611d294..898cd3a5d 100644
--- a/.github/workflows/cleanup.yml
+++ b/.github/workflows/cleanup.yml
@@ -8,10 +8,11 @@ on:
 jobs:
   cleanup:
     runs-on: ubuntu-latest
+    if: github.event.repository.fork == false
     permissions:
       actions: write
     steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
         with:
           script: |
             const KEEP = 0;
@@ -53,4 +54,3 @@ jobs:
                 }
               } 
             }
-
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 7257d9b96..27c767c3a 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
       actions: write
       issues: write
     steps:
-    - uses: actions/stale@v10.2.0
+    - uses: actions/stale@v10
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         operations-per-run: 3000 # This may result in rate limiting, could we reduce and run in batches?
diff --git a/.github/workflows/virustotal_scan.yml b/.github/workflows/virustotal_scan.yml
index eac4267e5..88eb2a504 100644
--- a/.github/workflows/virustotal_scan.yml
+++ b/.github/workflows/virustotal_scan.yml
@@ -31,7 +31,7 @@ jobs:
           echo -e "MARKER=\t\t\t" >> $GITHUB_ENV
 
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Download Release Assets
         env:
@@ -43,12 +43,12 @@ jobs:
       - name: VirusTotal Scan
         if: ${{ env.HAS_VT_KEY == 'true' }}
         id: vt
-        uses: crazy-max/ghaction-virustotal@v4
+        uses: crazy-max/ghaction-virustotal@v5
         with:
           vt_api_key: ${{ secrets.VIRUS_TOTAL_API_KEY }}
           files: |
             release_assets/*.apk
-          request_rate: 3
+          request_rate: 4
 
       - name: Generate Custom Badge Report
         if: steps.vt.outcome == 'success'