Merge branch 'dev' of github.com:brainboxdotcc/DPP

brainboxdotcc · Oct 1, 2023 · e1e0005 · e1e0005
2 parents a65c154 + 0cb41f5
commit e1e0005
Show file tree

Hide file tree

Showing 16 changed files with 80 additions and 28 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -25,7 +25,7 @@ packaging:
 - '**Dockerfile'
 submodules:
 - '**.gitmodules'
-github_action:
+github_actions:
 - '**/.github/labeler.yml'
 - '**/.github/dependabot.yml'
 - '**/.github/workflows/**'
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,9 +21,13 @@ on:
       - '**ci.yml'
       - '**CMakeLists.txt'
 
+permissions:
+  contents: read
 
 jobs:
   linux-with-unit-test:
+    permissions:
+      contents: write
     concurrency: 
       group: linux-build-unit-test
       cancel-in-progress: false
@@ -42,7 +46,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout D++
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       - name: Install apt packages
         run: sudo sed -i 's/azure\.//' /etc/apt/sources.list && sudo apt update && sudo apt install  ${{ matrix.cfg.cpp-version }} libsodium-dev libopus-dev zlib1g-dev rpm
@@ -66,6 +70,8 @@ jobs:
           TEST_EVENT_ID: ${{secrets.TEST_EVENT_ID}}
 
   linux-no-unit-tests:
+    permissions:
+      contents: write
     name: Linux ${{matrix.cfg.arch}} (${{matrix.cfg.cpp-version}})
     runs-on: ${{matrix.cfg.os}}
     strategy:
@@ -84,7 +90,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout D++
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       - name: Install apt packages
         run: sudo sed -i 's/azure\.//' /etc/apt/sources.list && sudo apt update && sudo apt install  ${{ matrix.cfg.cpp-version }} libsodium-dev libopus-dev zlib1g-dev rpm
@@ -116,6 +122,8 @@ jobs:
           path: '${{github.workspace}}/build/*.rpm'
 
   macos:
+    permissions:
+      contents: write
     name: macOS x64
     runs-on: macos-latest
     steps:
@@ -125,7 +133,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout D++
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       - name: Install homebrew packages
         run: brew install cmake make libsodium opus openssl
@@ -141,6 +149,8 @@ jobs:
           DONT_RUN_VCPKG: true
 
   windows: # Windows x64 and x86 build matrix
+    permissions:
+      contents: write
     strategy:
       fail-fast: false # Don't cancel other matrix jobs if one fails
       matrix:
@@ -163,7 +173,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout D++
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           path: main
 
@@ -206,6 +216,8 @@ jobs:
           path: '${{github.workspace}}/main/build/*.zip'
 
   cross-compiles:
+    permissions:
+      contents: write
     strategy:
       fail-fast: false
       matrix:
@@ -224,7 +236,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout D++
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       - name: Install Packages
         run: sudo sed -i 's/azure\.//' /etc/apt/sources.list && sudo apt update && sudo apt install cmake rpm
@@ -254,7 +266,7 @@ jobs:
 #   runs-on: macos-10.15
 #   name: FreeBSD (g++-10)
 #   steps:
-#   - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+#   - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 #   - name: FreeBSD Build and Package
 #     id: freebsdtest
 #     uses: vmactions/freebsd-vm@v0.1.5

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -42,11 +42,11 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
+        uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -61,6 +61,6 @@ jobs:
           make -j2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
+        uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/construct-vcpkg-info.yml b/.github/workflows/construct-vcpkg-info.yml
@@ -5,8 +5,13 @@ on:
     types: [published]
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   Collect-Vcpkg-Info:
+    permissions:
+      contents: write # Allow the creation of a release.
     runs-on: ubuntu-latest
     steps:
          - name: Harden Runner
@@ -15,12 +20,12 @@ jobs:
              egress-policy: audit
 
          - name: Setup PHP
-           uses: shivammathur/setup-php@72ae4ccbe57f82bbe08411e84e2130bd4ba1c10f # v2
+           uses: shivammathur/setup-php@7fdd3ece872ec7ec4c098ae5ab7637d5e0a96067 # v2
            with:
              php-version: '8.1'
 
          - name: Checkout D++
-           uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+           uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
            with:
              submodules: recursive
 

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 # v3.0.8
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -7,8 +7,14 @@ on:
   schedule:
     - cron: '0 0 * * *'
 
+permissions:
+  contents: read
+
 jobs:
   docker:
+    permissions:
+      deployments: write # Docker needs to be able to deploy and package.
+      packages: write
     if: github.repository == 'brainboxdotcc/DPP'
     runs-on: ubuntu-latest
     concurrency: 
@@ -22,19 +28,19 @@ jobs:
 
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
+        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
       -
         name: Login to DockerHub
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Login to GitHub Container Registry
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}

diff --git a/.github/workflows/documentation-check.yml b/.github/workflows/documentation-check.yml
@@ -12,6 +12,9 @@ on:
     files:
       - '**/documentation-check.yml'
 
+permissions:
+  contents: read # This only needs to read the contents of a PR.
+
 jobs:
   docs:
     name: Check Documentation Spelling
@@ -24,7 +27,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout D++
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       - name: Check docs spelling
         run: npx -y cspell lint --language-id=cpp --no-progress --no-summary --show-context --show-suggestions --relative --color docpages/*.md include/dpp/*.h
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -9,8 +9,13 @@ on:
       - '**/*.h'
       - '**/documentation.yml'
 
+permissions:
+  contents: read
+
 jobs:
   docs:
+    permissions:
+      contents: write # Needs to be able to write to the repo.
     name: Build Documentation
     runs-on: ubuntu-20.04
 
@@ -25,12 +30,12 @@ jobs:
           egress-policy: audit
 
       - name: Setup PHP
-        uses: shivammathur/setup-php@72ae4ccbe57f82bbe08411e84e2130bd4ba1c10f # v2
+        uses: shivammathur/setup-php@7fdd3ece872ec7ec4c098ae5ab7637d5e0a96067 # v2
         with:
           php-version: '8.0'
 
       - name: Checkout D++
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           submodules: recursive
 

diff --git a/.github/workflows/gitguardian.yml b/.github/workflows/gitguardian.yml
@@ -2,6 +2,9 @@ name: GitGuardian scan
 
 on: [push]
 
+permissions:
+  contents: read # GitGuardian only needs to read.
+
 jobs:
   scanning:
     name: GitGuardian scan
@@ -13,7 +16,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           fetch-depth: 0 # fetch all history so multiple commits can be scanned
       - name: GitGuardian scan

diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -8,8 +8,7 @@ permissions:
 jobs:
   triage:
     permissions:
-      contents: read
-      pull-requests: write
+      pull-requests: write # Labeler needs to be able to add labels to PRs.
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -37,7 +37,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           persist-credentials: false
 
@@ -72,6 +72,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
+        uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/sitemap.yml b/.github/workflows/sitemap.yml
@@ -3,8 +3,13 @@ on:
   schedule:
     - cron: '0 6 * * 6'
 
+permissions:
+  contents: read
+
 jobs:
   updater:
+    permissions:
+      contents: write # Needs to be able to write to the repo.
     name: Generate Sitemap
     if: github.repository == 'brainboxdotcc/DPP'
     runs-on: ubuntu-20.04

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -3,8 +3,14 @@ on:
   schedule:
     - cron: '30 1 * * *'
 
+permissions:
+  contents: read # By default, only read.
+
 jobs:
   stale:
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner

diff --git a/.github/workflows/target-master.yml b/.github/workflows/target-master.yml
@@ -5,8 +5,13 @@ on:
     branches:
       - 'master'
 
+permissions:
+  contents: read
+
 jobs:
   run:
+    permissions:
+      pull-requests: write # Needs to be able to close a PR.
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner

diff --git a/.github/workflows/test-docs-examples.yml b/.github/workflows/test-docs-examples.yml
@@ -11,6 +11,9 @@ on:
       - '**Doxyfile'
       - '**docpages/example_code/**'
   workflow_dispatch:
+
+permissions:
+  contents: read
 
 jobs:
   test_docs_examples:
@@ -24,7 +27,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout D++
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           submodules: recursive
 

diff --git a/include/dpp/version.h b/include/dpp/version.h
@@ -22,9 +22,9 @@
 #pragma once
 
 #if !defined(DPP_VERSION_LONG)
-#define DPP_VERSION_LONG 0x00100026
-#define DPP_VERSION_SHORT 100026
-#define DPP_VERSION_TEXT "D++ 10.0.26 (30-Aug-2023)"
+#define DPP_VERSION_LONG 0x00100027
+#define DPP_VERSION_SHORT 100027
+#define DPP_VERSION_TEXT "D++ 10.0.27 (30-Sep-2023)"
 
 #define DPP_VERSION_MAJOR ((DPP_VERSION_LONG & 0x00ff0000) >> 16)
 #define DPP_VERSION_MINOR ((DPP_VERSION_LONG & 0x0000ff00) >> 8)