diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml index 40d84c18..a576d5c0 100644 --- a/.github/workflows/bench.yml +++ b/.github/workflows/bench.yml @@ -9,13 +9,13 @@ jobs: CARGO_TERM_COLOR: always # Force Cargo to use colors TERM: xterm-256color steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Checkout base branch - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: ref: ${{ github.base_ref }} path: main/ - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1 with: python-version: "3.10" - name: Install Python dependencies @@ -23,7 +23,7 @@ jobs: python -m pip install --upgrade pip pip install pyyaml - name: Cache cargo build - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cargo @@ -53,7 +53,7 @@ jobs: echo "" } > /tmp/message.txt - name: Post comment - uses: thollander/actions-comment-pull-request@v2 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: filePath: /tmp/message.txt comment_tag: canbench diff --git a/.github/workflows/coq.yml b/.github/workflows/coq.yml index ec56f00d..fd696168 100644 --- a/.github/workflows/coq.yml +++ b/.github/workflows/coq.yml @@ -11,8 +11,8 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v12 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: cachix/install-nix-action@07da2520eebede906fbeefa9dd0a2b635323909d # v12 #- run: nix-build s coq # The above would also build the shell, includling niv. # This would be useful behaviour if our CI seeds some cache. diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 8ac5228b..41b4ff7c 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -15,7 +15,7 @@ jobs: name: license-check:required runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: EmbarkStudios/cargo-deny-action@v1 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1.6.3 with: command: check bans licenses sources diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1622877e..de511b84 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -29,16 +29,16 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@v1 + uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.15.4 with: cache: false - name: Authenticate with crates.io id: auth - uses: rust-lang/crates-io-auth-action@v1 + uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1 # Crates are ordered by dependency: publish dependencies before dependents. # ic_principal has no workspace deps. diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a909b872..06db62bd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: artifact_name: target/arm-unknown-linux-gnueabihf/release/didc asset_name: didc-arm32 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Install Rust toolchain run: rustup show active-toolchain || rustup toolchain install - name: Add arm target @@ -44,13 +44,13 @@ jobs: run: cargo build --package didc --release --locked - name: Cross build if: matrix.name == 'arm' - uses: actions-rs/cargo@v1 + uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 with: use-cross: true command: build args: --package didc --target arm-unknown-linux-gnueabihf --release --locked - name: "Upload assets" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: ${{ matrix.asset_name }} path: ${{ matrix.artifact_name }} @@ -70,7 +70,7 @@ jobs: steps: - name: Get executable id: download - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: ${{ matrix.asset_name }} - name: Executable runs @@ -90,11 +90,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Get executable - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: ${{ matrix.asset_name }} - name: Upload binaries to release - uses: svenstaro/upload-release-action@v2 + uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # 2.11.5 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: didc @@ -105,9 +105,9 @@ jobs: name: Build and publish candid_ui canister runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '20' - name: Install Rust toolchain @@ -127,7 +127,7 @@ jobs: run: | cp tools/ui/target/wasm32-unknown-unknown/canister/didjs_opt.wasm candid_ui.wasm - name: Upload candid_ui to release - uses: svenstaro/upload-release-action@v2 + uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # 2.11.5 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: candid_ui.wasm diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index fecd072e..eedfff8a 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -13,9 +13,9 @@ jobs: rust: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Cache cargo build - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cargo/registry @@ -39,7 +39,7 @@ jobs: fuzzing: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Install cargo-fuzz run: | cargo install cargo-fuzz diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index 1c312b84..534812e8 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -15,7 +15,7 @@ jobs: build-didc: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Build didc run: cargo build -p didc --release @@ -26,16 +26,16 @@ jobs: run: working-directory: ${{ env.WORKING_DIR }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 # TODO: use dfinity/ci-tools/actions/setup-pnpm once the repo has a standard structure with a package.json file in the root - name: Install pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3 with: package_json_file: ${{ env.WORKING_DIR }}/package.json - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: ${{ env.WORKING_DIR }}/.node-version registry-url: "https://registry.npmjs.org"