Bump all actions/cache to v4 (#54137)

.github/actions/cache-nextjs/action.yml

@@ -8,7 +8,7 @@ runs:
   using: 'composite'
   steps:
     - name: Cache .next/cache
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      uses: actions/cache@v4
       with:
         path: ${{ github.workspace }}/.next/cache
         # Generate a new cache whenever packages or source files change.

.github/actions/node-npm-setup/action.yml

@@ -6,7 +6,7 @@ runs:
   using: 'composite'
   steps:
     - name: Cache node_modules
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      uses: actions/cache@v4
       id: cache-node_modules
       env:
         # Default is 10 min, per segment, but we can make it much smaller

.github/actions/precompute-pageinfo/action.yml

@@ -17,8 +17,7 @@ runs:
     # Optionally, you can have it just do A (and not B and C).
 
     - name: Cache .pageinfo-cache.json.br (restore)
-      # You can't use a SHA on these. Only possible with `actions/cache@SHA...`
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: .pageinfo-cache.json.br
         key: pageinfo-cache-
@@ -40,7 +39,7 @@ runs:
 
     - name: Cache .remotejson-cache (save)
       if: ${{ inputs.restore-only == '' }}
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: .pageinfo-cache.json.br
         key: pageinfo-cache-${{ github.sha }}

.github/actions/setup-elasticsearch/action.yml

@@ -19,7 +19,7 @@ runs:
     # Cache the elasticsearch image to prevent Docker Hub rate limiting
     - name: Cache Docker layers
       id: cache-docker-layers
-      uses: actions/cache@v2
+      uses: actions/cache@v4
       with:
         path: /tmp/docker-cache
         key: ${{ runner.os }}-elasticsearch-${{ inputs.elasticsearch_version }}

.github/actions/warmup-remotejson-cache/action.yml

@@ -14,8 +14,7 @@ runs:
     # You "wrap" the step that appends to disk and it will possibly retrieve
     # some from the cache, then save it when it's got more in it.
     - name: Cache .remotejson-cache (restore)
-      # You can't use a SHA on these. Only possible with `actions/cache@SHA...`
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: .remotejson-cache
         key: remotejson-cache-
@@ -37,7 +36,7 @@ runs:
 
     - name: Cache .remotejson-cache (save)
       if: ${{ inputs.restore-only == '' }}
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: .remotejson-cache
         key: remotejson-cache-${{ github.sha }}

.github/workflows/link-check-daily.yml

@@ -49,7 +49,7 @@ jobs:
         run: src/early-access/scripts/merge-early-access.sh
 
       - name: Restore disk-cache file for external link checking
-        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+        uses: actions/cache@v4
         with:
           path: external-link-checker-db.json
           key: external-link-checker-${{ hashFiles('src/links/scripts/rendered-content-link-checker.ts') }}

src/workflows/tests/actions-workflows.ts

@@ -7,6 +7,8 @@ import yaml from 'js-yaml'
 import { flatten } from 'flat'
 import { chain, get } from 'lodash-es'
 
+const githubOwnedActionsRegex =
+  /^(actions\/(cache|checkout|download-artifact|upload-artifact)@v\d+(\.\d+)*)$/
 const actionHashRegexp = /^[A-Za-z0-9-/]+@[0-9a-f]{40}$/
 const checkoutRegexp = /^[actions/checkout]+@[0-9a-f]{40}$/
 const permissionsRegexp = /(read|write)/
@@ -71,7 +73,9 @@ const dailyWorkflows = scheduledWorkflows.filter(({ data }) =>
 
 describe('GitHub Actions workflows', () => {
   test.each(allUsedActions)('requires specific hash: %p', (actionName) => {
-    expect(actionName).toMatch(actionHashRegexp)
+    const matchesGitHubOwnedActions = githubOwnedActionsRegex.test(actionName)
+    const matchesActionHash = actionHashRegexp.test(actionName)
+    expect(matchesGitHubOwnedActions || matchesActionHash).toBe(true)
   })
 
   test.each(scheduledWorkflows)(