diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 154c9d4b9..91673bef3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -66,7 +66,7 @@ jobs: uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 with: toolchain: 1.84 - - uses: taiki-e/install-action@09dc018eee06ae1c9e0409786563f534210ceb83 + - uses: taiki-e/install-action@ab3728c7ba6948b9b429627f4d55a68842b27f18 with: tool: nextest,taplo-cli - name: Install mold @@ -125,7 +125,7 @@ jobs: with: fetch-depth: 0 persist-credentials: false - - uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d + - uses: DeterminateSystems/nix-installer-action@21a544727d0c62386e78b4befe52d19ad12692e3 - run: nix flake check -L --show-trace check-protos: @@ -201,11 +201,11 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: persist-credentials: false - - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 with: python-version: 3.11 - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 + uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 with: # If you bump the version, also update docs/contributing.md # and all other workflows that install uv @@ -242,11 +242,11 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: persist-credentials: false - - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 with: python-version: 3.11 - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 + uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 with: # If you bump the version, also update docs/contributing.md # and all other workflows that install uv @@ -263,7 +263,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 + uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # 'only-managed' means that uv will always download Python, even # if the runner happens to provide a compatible version - name: Check that `mkdocs` can build the docs @@ -281,7 +281,7 @@ jobs: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 + uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 - name: Run zizmor run: uvx zizmor --format sarif . > results.sarif @@ -289,7 +289,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 1b89d8464..dac8c770a 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -25,11 +25,11 @@ jobs: # `.github/scripts/docs-build-deploy` will need to `git push` to the docs branch persist-credentials: true - run: "git fetch origin gh-pages --depth=1" - - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 with: python-version: 3.11 - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 + uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 with: version: "0.5.1" - name: Install dependencies, compile and deploy docs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5cb84b4c7..41cb5a653 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -95,11 +95,11 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: persist-credentials: false - - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 with: python-version: 3.11 - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 + uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 with: version: "0.5.1" - name: Compile docs and zip them up @@ -132,11 +132,11 @@ jobs: # `.github/scripts/docs-build-deploy` will need to `git push` to the docs branch persist-credentials: true - run: "git fetch origin gh-pages --depth=1" - - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 with: python-version: 3.11 - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 + uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 with: version: "0.5.1" - name: Install dependencies, compile and deploy docs to the "latest release" section of the website diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d4a3c160c..8d11dbe59 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -46,6 +46,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 with: sarif_file: results.sarif