diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ac1285a84..a14fbd614 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,17 +43,17 @@ jobs: components: rustfmt, clippy - name: 🧰 Install clippy-sarif - uses: taiki-e/install-action@4a27a04f8a48ceb6b30a8541bae8994ce2ea4dd7 # v2 + uses: taiki-e/install-action@5b7f19ed4759822ecb1606f4680073f9c0e78410 # v2 with: tool: clippy-sarif - name: 🧰 Install sarif-fmt - uses: taiki-e/install-action@4a27a04f8a48ceb6b30a8541bae8994ce2ea4dd7 # v2 + uses: taiki-e/install-action@5b7f19ed4759822ecb1606f4680073f9c0e78410 # v2 with: tool: sarif-fmt - name: 🧰 Install cargo-deny - uses: taiki-e/install-action@4a27a04f8a48ceb6b30a8541bae8994ce2ea4dd7 # v2 + uses: taiki-e/install-action@5b7f19ed4759822ecb1606f4680073f9c0e78410 # v2 with: tool: cargo-deny @@ -73,7 +73,7 @@ jobs: - name: 📤 Upload analysis results to GitHub if: always() - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3 continue-on-error: true with: sarif_file: clippy-results.sarif @@ -211,7 +211,7 @@ jobs: - name: 🧰 Install nextest if: startsWith(matrix.target, 'x86_64-') || contains(matrix.target, '-linux-') - uses: taiki-e/install-action@4a27a04f8a48ceb6b30a8541bae8994ce2ea4dd7 # v2 + uses: taiki-e/install-action@5b7f19ed4759822ecb1606f4680073f9c0e78410 # v2 env: CARGO_BUILD_TARGET: ${{ matrix.host-target }} with: @@ -219,7 +219,7 @@ jobs: - name: 🧰 Install cargo-deb if: endsWith(matrix.target, '-linux-gnu') - uses: taiki-e/install-action@4a27a04f8a48ceb6b30a8541bae8994ce2ea4dd7 # v2 + uses: taiki-e/install-action@5b7f19ed4759822ecb1606f4680073f9c0e78410 # v2 env: CARGO_BUILD_TARGET: ${{ matrix.host-target }} with: @@ -254,7 +254,7 @@ jobs: - name: 📤 Upload CLI binary if: ${{ !contains(matrix.target, '-linux-') || endsWith(matrix.target, '-linux-musl') }} - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: PackSquash CLI executable (${{ matrix.target }}) path: | @@ -263,13 +263,13 @@ jobs: - name: 📤 Upload CLI Debian package if: endsWith(matrix.target, '-linux-gnu') - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: PackSquash CLI Debian package (${{ matrix.apt-arch }}) path: target/${{ env.CARGO_BUILD_TARGET }}/debian/packsquash_*.deb - name: ✒️ Generate SLSA attestation subject data for binaries - uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1 + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1 with: subject-path: | target/${{ env.CARGO_BUILD_TARGET }}/release/packsquash @@ -305,13 +305,13 @@ jobs: run: lipo -create -output packsquash packsquash-x64/packsquash packsquash-aarch64/packsquash - name: 📤 Upload universal CLI binary - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: PackSquash CLI executable (universal-apple-darwin) path: packsquash - name: ✒️ Generate SLSA attestation subject data for binary - uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1 + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1 with: subject-path: packsquash @@ -407,7 +407,7 @@ jobs: runs-on: ubuntu-latest - container: debian:bullseye-slim@sha256:9058862a1be84689bd13292549ba981364f85ff99e50a612f94b188ac69db137 + container: debian:bullseye-slim@sha256:00558f781b91e90469812bad32002f311ab26ef241b4a1996f6600680ec82f5c # Benchmark failure is not critical enough to fail the whole workflow. # We will keep an eye on them anyway, though