From 83c07ac1af8494a6fabf603a315af28c0b321878 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20Backstr=C3=B6m?= Date: Tue, 12 Nov 2024 14:49:07 +0100 Subject: [PATCH] gh: Pin all github actions versions --- .github/workflows/main.yaml | 76 ++++++++++----------- .github/workflows/osv-scanner-scheduled.yml | 6 +- .github/workflows/pr-comment.yaml | 14 ++-- .github/workflows/sync-github-prs.yaml | 4 +- .github/workflows/sync-github-releases.yaml | 2 +- .github/workflows/update-base.yaml | 4 +- .github/workflows/upload-windows-zip.yaml | 2 +- 7 files changed, 54 insertions(+), 54 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index f2735e2f0730..450f7973a31e 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -41,7 +41,7 @@ jobs: c-code-changes: ${{ steps.c-code-changes.outputs.changes }} all: ${{ steps.apps.outputs.all }} steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - uses: ./.github/actions/build-base-image with: BASE_BRANCH: ${{ env.BASE_BRANCH }} @@ -58,7 +58,7 @@ jobs: ALL_APPS=$(jq -n --arg inarr "${ALL_APPS}" '$inarr | split("\n")' | tr '\n' ' ') echo "all=${ALL_APPS}" >> $GITHUB_OUTPUT - name: Check which applications have changed - uses: dorny/paths-filter@v3.0.2 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # ratchet:dorny/paths-filter@v3.0.2 id: app-changes with: filters: .github/scripts/path-filters.yaml @@ -74,19 +74,19 @@ jobs: echo "changes=${CHANGED_APPS}" >> "$GITHUB_OUTPUT" fi - name: Check if there are any C-code changes, if not then limit CI run - uses: dorny/paths-filter@v3.0.2 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # ratchet:dorny/paths-filter@v3.0.2 id: c-code-changes with: filters: .github/scripts/c-code-path-filters.yaml - name: Cache pre-built src - uses: actions/cache@v4.1.1 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # ratchet:actions/cache@v4.1.1 with: path: otp_src.tar.gz key: prebuilt-src-${{ github.ref_name }}-${{ github.sha }} restore-keys: | prebuilt-src-${{ github.base_ref }}-${{ github.event.pull_request.base.sha }} - name: Cache pre-built binaries - uses: actions/cache@v4.1.1 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # ratchet:actions/cache@v4.1.1 with: path: otp_cache.tar.gz key: prebuilt-cache-64-bit-${{ github.ref_name }}-${{ github.sha }} @@ -95,12 +95,12 @@ jobs: - name: Create initial pre-release tar run: .github/scripts/init-pre-release.sh otp_archive.tar.gz otp_src.tar.gz - name: Upload source tar archive - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: otp_git_archive path: otp_archive.tar.gz - name: Check how we can use the pre-built cache - uses: dorny/paths-filter@v3.0.2 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # ratchet:dorny/paths-filter@v3.0.2 id: cache with: filters: | @@ -139,7 +139,7 @@ jobs: "`pwd`/.github/otp.tar.gz" \ "`pwd`/otp_archive.tar.gz" - name: Upload restored cache - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 if: runner.debug == 1 with: name: restored-cache @@ -166,7 +166,7 @@ jobs: bash -c 'set -x; C_APPS=$(ls -d ./lib/*/c_src); find Makefile ./make ./erts ./bin/`erts/autoconf/config.guess` ./lib/erl_interface ./lib/jinterface ${C_APPS} `echo "${C_APPS}" | sed -e 's:c_src$:priv:'` -type f -newer README.md \! -name "*.beam" \! -path "*/doc/*" | xargs tar --transform "s:^./:otp/:" -uvf /github/otp_cache.tar' gzip otp_cache.tar - name: Upload pre-built tar archives - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: otp_prebuilt path: | @@ -182,16 +182,16 @@ jobs: WXWIDGETS_VERSION: 3.2.6 MACOS_VERSION: 15 steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - name: Download source archive - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8 with: name: otp_prebuilt - name: Cache wxWidgets id: wxwidgets-cache - uses: actions/cache@v4.1.1 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # ratchet:actions/cache@v4.1.1 with: path: wxWidgets key: wxWidgets-${{ env.WXWIDGETS_VERSION }}-${{ runner.os }}-${{ hashFiles('.github/scripts/build-macos-wxwidgets.sh') }}-${{ env.MACOS_VERSION }} @@ -217,7 +217,7 @@ jobs: ./bin/erl -noshell -eval '{wx_ref,_,_,_} = wx:new(), io:format("wx ok~n"), halt().' - name: Upload tarball - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: otp_prebuilt_macos_x86-64 path: otp/otp_macos_*_x86-64.tar.gz @@ -230,9 +230,9 @@ jobs: runs-on: macos-15 needs: pack steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - name: Download source archive - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8 with: name: otp_prebuilt @@ -251,7 +251,7 @@ jobs: xcodebuild -create-xcframework -output ./liberlang.xcframework -library liberlang.a - name: Upload framework - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: ios_framework_${{ env.TARGET_ARCH }} path: otp/liberlang.xcframework @@ -267,7 +267,7 @@ jobs: needs: pack if: needs.pack.outputs.c-code-changes steps: - - uses: Vampire/setup-wsl@v3.1.3 + - uses: Vampire/setup-wsl@23f94bc31caaddc08bd1230a00b89f872633d8d7 # ratchet:Vampire/setup-wsl@v3.1.3 with: distribution: Ubuntu-18.04 @@ -281,7 +281,7 @@ jobs: IF EXIST "c:\\Program Files\\OpenSSL-Win64" (move "c:\\Program Files\\OpenSSL-Win64" "c:\\OpenSSL-Win64") ELSE (move "c:\\Program Files\\OpenSSL" "c:\\OpenSSL-Win64") - name: Cache wxWidgets - uses: actions/cache@v4.1.1 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # ratchet:actions/cache@v4.1.1 with: path: wxWidgets key: wxWidgets-${{ env.WXWIDGETS_VERSION }}-${{ runner.os }} @@ -323,7 +323,7 @@ jobs: nmake TARGET_CPU=amd64 BUILD=release SHARED=0 DIR_SUFFIX_CPU= -f makefile.vc - name: Download source archive - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8 with: name: otp_prebuilt @@ -351,7 +351,7 @@ jobs: ./otp_build installer_win32 - name: Upload installer - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: otp_win32_installer path: otp/release/win32/otp*.exe @@ -363,7 +363,7 @@ jobs: if: needs.pack.outputs.c-code-changes steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - uses: ./.github/actions/build-base-image with: BASE_BRANCH: ${{ env.BASE_BRANCH }} @@ -391,7 +391,7 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - uses: ./.github/actions/build-base-image with: BASE_BRANCH: ${{ env.BASE_BRANCH }} @@ -402,7 +402,7 @@ jobs: runs-on: ubuntu-latest needs: pack steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - uses: ./.github/actions/build-base-image with: BASE_BRANCH: ${{ env.BASE_BRANCH }} @@ -433,12 +433,12 @@ jobs: rm -rf man tar czf ../otp_doc_html.tar.gz * - name: Upload html documentation archive - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: otp_doc_html path: otp_doc_html.tar.gz - name: Upload man documentation archive - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: otp_doc_man path: otp_doc_man.tar.gz @@ -456,7 +456,7 @@ jobs: runs-on: ubuntu-latest needs: pack steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - uses: ./.github/actions/build-base-image with: BASE_BRANCH: ${{ env.BASE_BRANCH }} @@ -479,7 +479,7 @@ jobs: # type: ["os_mon","sasl"] fail-fast: false steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - uses: ./.github/actions/build-base-image with: BASE_BRANCH: ${{ env.BASE_BRANCH }} @@ -516,7 +516,7 @@ jobs: sudo bash -c "chown -R `whoami` make_test_dir && chmod -R +r make_test_dir" tar czf ${{ matrix.type }}_test_results.tar.gz make_test_dir - name: Upload test results - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 if: ${{ !cancelled() }} with: name: ${{ matrix.type }}_test_results @@ -528,12 +528,12 @@ jobs: if: ${{ !cancelled() }} # Run even if the need has failed needs: test steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - uses: ./.github/actions/build-base-image with: BASE_BRANCH: ${{ env.BASE_BRANCH }} - name: Download test results - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8 - name: Merge test results run: | shopt -s nullglob @@ -563,14 +563,14 @@ jobs: -e 's:\(file="erts/\)make_test_dir/[^/]*:\1test:g' \ make_test_dir/*_junit.xml - name: Upload test results - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 if: ${{ !cancelled() }} with: name: test_results path: test_results.tar.gz - name: Upload Test Results if: ${{ !cancelled() }} - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: Unit Test Results path: | @@ -597,19 +597,19 @@ jobs: echo "tag=${TAG}" >> $GITHUB_OUTPUT echo "vsn=${VSN}" >> $GITHUB_OUTPUT - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 ## Publish the pre-built archive and docs - name: Download source archive - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8 with: name: otp_prebuilt - name: Download html docs - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8 with: name: otp_doc_html - name: Download man docs - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8 with: name: otp_doc_man @@ -628,7 +628,7 @@ jobs: sha256sum $FILES > SHA256.txt - name: Upload pre-built and doc tar archives - uses: softprops/action-gh-release@v2.0.8 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # ratchet:softprops/action-gh-release@v2.0.8 with: name: OTP ${{ steps.tag.outputs.vsn }} files: | @@ -647,7 +647,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Upload - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3 with: name: Event File path: ${{ github.event_path }} diff --git a/.github/workflows/osv-scanner-scheduled.yml b/.github/workflows/osv-scanner-scheduled.yml index 1508db817dbb..116a13d95cca 100644 --- a/.github/workflows/osv-scanner-scheduled.yml +++ b/.github/workflows/osv-scanner-scheduled.yml @@ -26,7 +26,7 @@ jobs: outputs: versions: ${{ steps.get-versions.outputs.versions }} steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - id: get-versions name: Fetch latest 3 OTP versions run: | @@ -52,7 +52,7 @@ jobs: permissions: actions: write steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 with: ref: ${{ matrix.type }} @@ -72,4 +72,4 @@ jobs: # run-scheduled-scan triggers this job # PRs and pushes trigger this job if: github.event_name != 'schedule' - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f0e6719deb666cd19a0b56bc56d01161bd848b4f" # ratchet:google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5 diff --git a/.github/workflows/pr-comment.yaml b/.github/workflows/pr-comment.yaml index 69584d8259dd..3123cbef9dc4 100644 --- a/.github/workflows/pr-comment.yaml +++ b/.github/workflows/pr-comment.yaml @@ -21,7 +21,7 @@ jobs: outputs: result: ${{ steps.pr-number.outputs.result }} steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - name: Fetch PR number id: pr-number env: @@ -40,9 +40,9 @@ jobs: pull-requests: write if: github.event.action == 'requested' && needs.pr-number.outputs.result != '' steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 ## We create an initial comment with some useful help to the user - - uses: actions/github-script@v7.0.1 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # ratchet:actions/github-script@v7.0.1 with: script: | const script = require('./.github/scripts/pr-comment.js'); @@ -63,7 +63,7 @@ jobs: needs.pr-number.outputs.result != '' && github.event.workflow_run.conclusion != 'skipped' steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - name: Download and Extract Artifacts id: extract env: @@ -88,14 +88,14 @@ jobs: echo "HAS_TEST_ARTIFACTS=false" >> $GITHUB_OUTPUT fi - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 with: token: ${{ secrets.ERLANG_TOKEN }} repository: 'erlang/erlang.github.io' path: erlang.github.io - name: Publish CT Test Results - uses: EnricoMi/publish-unit-test-result-action@v2.17.1 + uses: EnricoMi/publish-unit-test-result-action@82082dac68ad6a19d980f8ce817e108b9f496c2a # ratchet:EnricoMi/publish-unit-test-result-action@v2.17.1 if: steps.extract.outputs.HAS_TEST_ARTIFACTS == 'true' with: commit: ${{ github.event.workflow_run.head_sha }} @@ -131,7 +131,7 @@ jobs: ## Append some useful links and tips to the test results posted by ## Publish CT Test Results - - uses: actions/github-script@v7.0.1 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # ratchet:actions/github-script@v7.0.1 if: always() with: script: | diff --git a/.github/workflows/sync-github-prs.yaml b/.github/workflows/sync-github-prs.yaml index 8e9562565060..de85112e5607 100644 --- a/.github/workflows/sync-github-prs.yaml +++ b/.github/workflows/sync-github-prs.yaml @@ -14,8 +14,8 @@ jobs: concurrency: erlang.github.io-deploy runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v4.2.1 - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 with: token: ${{ secrets.ERLANG_TOKEN }} repository: 'erlang/erlang.github.io' diff --git a/.github/workflows/sync-github-releases.yaml b/.github/workflows/sync-github-releases.yaml index 0e0323e8267e..ae4a39f8978f 100644 --- a/.github/workflows/sync-github-releases.yaml +++ b/.github/workflows/sync-github-releases.yaml @@ -20,7 +20,7 @@ jobs: concurrency: sync-github-releases runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 ## We need to login to the package registry in order to pull ## the base debian image. - name: Docker login diff --git a/.github/workflows/update-base.yaml b/.github/workflows/update-base.yaml index 83b3230e9950..b58e0721a807 100644 --- a/.github/workflows/update-base.yaml +++ b/.github/workflows/update-base.yaml @@ -26,14 +26,14 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 with: ref: ${{ matrix.branch }} - name: Cleanup GH Runner shell: bash run: .github/scripts/cleanup_gh_runner.sh - name: Docker login - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # ratchet:docker/login-action@v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/upload-windows-zip.yaml b/.github/workflows/upload-windows-zip.yaml index 82393fce2c4c..2e108eb7daa0 100644 --- a/.github/workflows/upload-windows-zip.yaml +++ b/.github/workflows/upload-windows-zip.yaml @@ -18,7 +18,7 @@ jobs: env: basename: otp_${{ inputs.target }}_${{ inputs.version }} steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1 - name: Install OTP shell: cmd