Merge branch 'release/2026.01' into maxim/2025.07-Flat-UI

7 files changed, 38 insertions, 31 deletions

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 42fd44cf9c..4c8d98ce2f 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -1,6 +1,7 @@
 name: Build
 
 on:
+  workflow_dispatch:
   pull_request:
   push:
     branches: ["main", "release/*", "project/*"]
@@ -85,23 +86,23 @@ jobs:
       variants: ${{ matrix.configuration }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha || github.sha }}
 
       - name: Setup python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.11"
       - name: Checkout build variables
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: secondlife/build-variables
-          ref: universal
+          ref: master
           path: .build-variables
 
       - name: Checkout master-message-template
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: secondlife/master-message-template
           path: .master-message-template
@@ -309,7 +310,7 @@ jobs:
     steps:
       - name: Sign and package Windows viewer
         if: env.AZURE_KEY_VAULT_URI && env.AZURE_CERT_NAME && env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET && env.AZURE_TENANT_ID
-        uses: secondlife/viewer-build-util/sign-pkg-windows@v2
+        uses: secondlife/viewer-build-util/sign-pkg-windows@v2.0.4
         with:
           vault_uri: "${{ env.AZURE_KEY_VAULT_URI }}"
           cert_name: "${{ env.AZURE_CERT_NAME }}"
@@ -361,8 +362,9 @@ jobs:
 
   post-windows-symbols:
     env:
-      BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }}
-      BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }}
+      BUGSPLAT_DATABASE: "${{ secrets.BUGSPLAT_DATABASE }}"
+      SYMBOL_UPLOAD_CLIENT_ID: "${{ secrets.BUGSPLAT_SYMBOL_UPLOAD_CLIENT_ID }}"
+      SYMBOL_UPLOAD_CLIENT_SECRET: "${{ secrets.BUGSPLAT_SYMBOL_UPLOAD_CLIENT_SECRET }}"
     needs: build
     if: needs.build.outputs.configuration == 'Release'
     runs-on: ubuntu-latest
@@ -373,51 +375,56 @@ jobs:
           name: Windows-app
           path: _artifacts
       - name: Download Windows Symbols
-        if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
+        if: env.BUGSPLAT_DATABASE && env.SYMBOL_UPLOAD_CLIENT_ID
         uses: actions/download-artifact@v4
         with:
           name: Windows-symbols
       - name: Extract viewer pdb
-        if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
+        if: env.BUGSPLAT_DATABASE && env.SYMBOL_UPLOAD_CLIENT_ID
         shell: bash
         run: |
           tar -xJf "${{ needs.build.outputs.viewer_channel }}.sym.tar.xz" -C _artifacts
       - name: Post Windows symbols
-        if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
-        uses: secondlife-3p/symbol-upload@v10
+        if: env.BUGSPLAT_DATABASE && env.SYMBOL_UPLOAD_CLIENT_ID
+        uses: BugSplat-Git/symbol-upload@095d163ae9ceb006d286a731dcd35cf6a1b458c8
         with:
-          username: ${{ env.BUGSPLAT_USER }}
-          password: ${{ env.BUGSPLAT_PASS }}
-          database: "SecondLife_Viewer_2018"
+          clientId: "${{ env.SYMBOL_UPLOAD_CLIENT_ID }}"
+          clientSecret: "${{ env.SYMBOL_UPLOAD_CLIENT_SECRET }}"
+          database: "${{ env.BUGSPLAT_DATABASE }}"
           application: ${{ needs.build.outputs.viewer_channel }}
           version: ${{ needs.build.outputs.viewer_version }}
           directory: _artifacts
           files: "**/{SecondLifeViewer.exe,llwebrtc.dll,*.pdb}"
+          node-version: "22"
+          dumpSyms: false
 
   post-mac-symbols:
     env:
-      BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }}
-      BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }}
+      BUGSPLAT_DATABASE: "${{ secrets.BUGSPLAT_DATABASE }}"
+      SYMBOL_UPLOAD_CLIENT_ID: "${{ secrets.BUGSPLAT_SYMBOL_UPLOAD_CLIENT_ID }}"
+      SYMBOL_UPLOAD_CLIENT_SECRET: "${{ secrets.BUGSPLAT_SYMBOL_UPLOAD_CLIENT_SECRET }}"
     needs: build
     if: needs.build.outputs.configuration == 'Release'
     runs-on: ubuntu-latest
     steps:
       - name: Download Mac Symbols
-        if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
+        if: env.BUGSPLAT_DATABASE && env.SYMBOL_UPLOAD_CLIENT_ID
         uses: actions/download-artifact@v4
         with:
           name: macOS-symbols
       - name: Post Mac symbols
-        if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
-        uses: secondlife-3p/symbol-upload@v10
+        if: env.BUGSPLAT_DATABASE && env.SYMBOL_UPLOAD_CLIENT_ID
+        uses: BugSplat-Git/symbol-upload@095d163ae9ceb006d286a731dcd35cf6a1b458c8
         with:
-          username: ${{ env.BUGSPLAT_USER }}
-          password: ${{ env.BUGSPLAT_PASS }}
-          database: "SecondLife_Viewer_2018"
+          clientId: "${{ env.SYMBOL_UPLOAD_CLIENT_ID }}"
+          clientSecret: "${{ env.SYMBOL_UPLOAD_CLIENT_SECRET }}"
+          database: "${{ env.BUGSPLAT_DATABASE }}"
           application: ${{ needs.build.outputs.viewer_channel }}
           version: ${{ needs.build.outputs.viewer_version }} (${{ needs.build.outputs.viewer_version }})
           directory: .
           files: "**/*.xcarchive.zip"
+          node-version: "22"
+          dumpSyms: false
 
   release:
     needs: [setup, build, sign-and-package-windows, sign-and-package-mac]
diff --git a/.github/workflows/check-pr.yaml b/.github/workflows/check-pr.yaml
index a5cee9157c..08e907e83f 100644
--- a/.github/workflows/check-pr.yaml
+++ b/.github/workflows/check-pr.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check PR description
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             const description = context.payload.pull_request.body || '';
diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml
index 627ba512c4..5b31c584d5 100644
--- a/.github/workflows/cla.yaml
+++ b/.github/workflows/cla.yaml
@@ -23,4 +23,4 @@ jobs:
           path-to-signatures: signatures.json
           remote-organization-name: secondlife
           remote-repository-name: cla-signatures
-          allowlist: callum@mbp.localdomain,rye@lindenlab.com,rye
+          allowlist: callum@mbp.localdomain,rye@lindenlab.com,rye,bot*
diff --git a/.github/workflows/label.yaml b/.github/workflows/label.yaml
index 6e41d8aa2d..218327ef47 100644
--- a/.github/workflows/label.yaml
+++ b/.github/workflows/label.yaml
@@ -9,7 +9,7 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@v4
+      - uses: actions/labeler@v6
         with:
           configuration-path: .github/labeler.yaml
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
index d626eef38d..8f942fa11b 100644
--- a/.github/workflows/pre-commit.yaml
+++ b/.github/workflows/pre-commit.yaml
@@ -11,8 +11,8 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: 3.x
-      - uses: pre-commit/action@v3.0.0
+      - uses: pre-commit/action@v3.0.1
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index f77151a815..edfe71b693 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -12,7 +12,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v6
+      - uses: actions/stale@v10
         id: stale
         with:
           stale-pr-message: This pull request is stale because it has been open 30 days with no activity. Remove stale label or comment or it will be closed in 7 days
diff --git a/.github/workflows/tag-release.yaml b/.github/workflows/tag-release.yaml
index 24ee2de794..2922065f99 100644
--- a/.github/workflows/tag-release.yaml
+++ b/.github/workflows/tag-release.yaml
@@ -35,7 +35,7 @@ jobs:
           echo NIGHTLY_DATE=${NIGHTLY_DATE} >> ${GITHUB_ENV}
           echo TAG_ID="$(echo ${{ github.sha }} | cut -c1-8)-${{ inputs.project || '${NIGHTLY_DATE}' }}" >> ${GITHUB_ENV}
       - name: Update Tag
-        uses: actions/github-script@v7.0.1
+        uses: actions/github-script@v8
         with:
           # use a real access token instead of GITHUB_TOKEN default.
           # required so that the results of this tag creation can trigger the build workflow