diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 47f0faf5..10401830 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -20,7 +20,7 @@ jobs: checks: write steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: block allowed-endpoints: > @@ -32,7 +32,7 @@ jobs: static.rust-lang.org:443 index.crates.io:443 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 with: @@ -50,7 +50,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: block allowed-endpoints: > @@ -63,7 +63,7 @@ jobs: static.rust-lang.org:443 index.crates.io:443 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - - uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 + - uses: EmbarkStudios/cargo-deny-action@1e59595bed8fc55c969333d08d7817b36888f0c5 with: command: check ${{ matrix.checks }} diff --git a/.github/workflows/benchmark pullrequest.yml b/.github/workflows/benchmark pullrequest.yml index 17c7bd03..2dad0093 100644 --- a/.github/workflows/benchmark pullrequest.yml +++ b/.github/workflows/benchmark pullrequest.yml @@ -32,11 +32,11 @@ jobs: - 5432:5432 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: set-safe-directory: true - run: rustup default nightly diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index af76a0dc..3175ef1f 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -32,11 +32,11 @@ jobs: - 5432:5432 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: set-safe-directory: true - run: rustup default nightly diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 1cd90614..533a17ae 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: block allowed-endpoints: > @@ -35,19 +35,19 @@ jobs: static.rust-lang.org:443 index.crates.io:443 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Log in to Docker Hub - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 with: images: mtrnord/erooster - name: Build and push - uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 with: context: . push: true diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml index af952f9f..fb84741d 100644 --- a/.github/workflows/rust-clippy.yml +++ b/.github/workflows/rust-clippy.yml @@ -20,7 +20,7 @@ jobs: security-events: write steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: block allowed-endpoints: > @@ -35,7 +35,7 @@ jobs: index.crates.io:443 - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Install Rust toolchain uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1 @@ -57,7 +57,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 + uses: github/codeql-action/upload-sarif@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 with: sarif_file: rust-clippy-results.sarif wait-for-processing: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c9de99dd..f1d9ac02 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: block allowed-endpoints: > @@ -46,12 +46,12 @@ jobs: index.crates.io:443 - name: "Checkout code" - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v3.0.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # tag=v2.2.0 + uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # tag=v2.3.0 with: results_file: results.sarif results_format: sarif @@ -70,7 +70,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # tag=v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # tag=v3.1.3 with: name: SARIF file path: results.sarif @@ -78,6 +78,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # tag=v1.0.26 + uses: github/codeql-action/upload-sarif@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # tag=v1.0.26 with: sarif_file: results.sarif diff --git a/.github/workflows/spell-check.yml b/.github/workflows/spell-check.yml index c5d2d348..cbf0cfc8 100644 --- a/.github/workflows/spell-check.yml +++ b/.github/workflows/spell-check.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: block allowed-endpoints: > @@ -25,9 +25,9 @@ jobs: env: USER: runner - name: Checkout Actions Repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v2 - name: Check spelling - uses: crate-ci/typos@0863e64406a6d8f990ba7a1dd8f5a4683dd61194 # master + uses: crate-ci/typos@c004e98018d8621614d1ca516eed8ca2d04b365a # master with: config: ${{github.workspace}}/_typos.toml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e6175288..c7a6629b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: block allowed-endpoints: > @@ -25,7 +25,7 @@ jobs: static.crates.io:443 static.rust-lang.org:443 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af with: profile: minimal @@ -63,11 +63,11 @@ jobs: - 5432:5432 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Install Rust run: rustup toolchain install nightly --component llvm-tools-preview - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b @@ -101,7 +101,7 @@ jobs: cargo +nightly llvm-cov --no-report --workspace cargo +nightly llvm-cov --no-report --features "jaeger" --workspace cargo +nightly llvm-cov report --html - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: name: coverage-report path: target/llvm-cov/html/ @@ -122,7 +122,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: block allowed-endpoints: > @@ -136,7 +136,7 @@ jobs: index.crates.io:443 static.crates.io:443 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af with: profile: minimal