diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index e2941890..7b05eaa7 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -24,7 +24,7 @@ jobs: checks: write steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: block allowed-endpoints: > @@ -36,7 +36,7 @@ jobs: static.rust-lang.org:443 index.crates.io:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 with: @@ -54,7 +54,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: block allowed-endpoints: > @@ -67,7 +67,7 @@ jobs: static.rust-lang.org:443 index.crates.io:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: EmbarkStudios/cargo-deny-action@1e59595bed8fc55c969333d08d7817b36888f0c5 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 with: command: check ${{ matrix.checks }} diff --git a/.github/workflows/benchmark pullrequest.yml b/.github/workflows/benchmark pullrequest.yml index 82d4dc25..e46aa42c 100644 --- a/.github/workflows/benchmark pullrequest.yml +++ b/.github/workflows/benchmark pullrequest.yml @@ -36,11 +36,11 @@ jobs: - 5432:5432 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b with: set-safe-directory: true - run: rustup default nightly diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index e683c4e4..976db30d 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -36,11 +36,11 @@ jobs: - 5432:5432 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b with: set-safe-directory: true - run: rustup default nightly diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index c5a198da..f38103ac 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: block allowed-endpoints: > @@ -39,26 +39,26 @@ jobs: static.rust-lang.org:443 index.crates.io:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b - name: Log in to Docker Hub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 with: images: mtrnord/erooster - name: Build and push - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Update repo description - uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 + uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 571e475d..84d025a8 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -10,6 +10,6 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.4 - name: REUSE Compliance Check - uses: fsfe/reuse-action@v2 \ No newline at end of file + uses: fsfe/reuse-action@v3 \ No newline at end of file diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml index 56cd55db..a199e76e 100644 --- a/.github/workflows/rust-clippy.yml +++ b/.github/workflows/rust-clippy.yml @@ -24,7 +24,7 @@ jobs: security-events: write steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: block allowed-endpoints: > @@ -39,7 +39,7 @@ jobs: index.crates.io:443 - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b - name: Install Rust toolchain uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1 @@ -61,7 +61,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 + uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 with: sarif_file: rust-clippy-results.sarif wait-for-processing: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f8b38084..fc7a1cb3 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: block allowed-endpoints: > @@ -50,7 +50,7 @@ jobs: index.crates.io:443 - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v3.0.0 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # tag=v3.0.0 with: persist-credentials: false @@ -74,7 +74,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # tag=v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # tag=v4.3.3 with: name: SARIF file path: results.sarif @@ -82,6 +82,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # tag=v1.0.26 + uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # tag=v1.0.26 with: sarif_file: results.sarif diff --git a/.github/workflows/spell-check.yml b/.github/workflows/spell-check.yml index a77c3851..1a127352 100644 --- a/.github/workflows/spell-check.yml +++ b/.github/workflows/spell-check.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: block allowed-endpoints: > @@ -29,9 +29,9 @@ jobs: env: USER: runner - name: Checkout Actions Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v2 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v2 - name: Check spelling - uses: crate-ci/typos@47dd2976043bd5c76a33aa9300b328a176a1d6f7 # master + uses: crate-ci/typos@d503507db9c5d116c79135435b149cd0f27d726e # master with: config: ${{github.workspace}}/_typos.toml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 06cdead2..7dfc2733 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: block allowed-endpoints: > @@ -29,7 +29,7 @@ jobs: static.crates.io:443 static.rust-lang.org:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af with: profile: minimal @@ -68,11 +68,11 @@ jobs: - 5432:5432 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b - name: Install Rust run: rustup toolchain install nightly --component llvm-tools-preview - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b @@ -110,7 +110,7 @@ jobs: cargo +nightly llvm-cov report --html env: RUST_BACKTRACE: "1" - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 with: name: coverage-report path: target/llvm-cov/html/ @@ -120,7 +120,7 @@ jobs: cargo +nightly llvm-cov --no-report --features "jaeger" --workspace cargo +nightly llvm-cov report --lcov --output-path lcov.info - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 with: token: ${{ secrets.CODECOV_TOKEN }} files: lcov.info @@ -134,11 +134,11 @@ jobs: options: --user root steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b - name: Install Rust run: rustup toolchain install nightly --component llvm-tools-preview - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b @@ -176,7 +176,7 @@ jobs: cargo +nightly llvm-cov report --html env: RUST_BACKTRACE: "1" - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 with: name: coverage-report path: target/llvm-cov/html/ @@ -186,7 +186,7 @@ jobs: cargo +nightly llvm-cov --no-report --features "jaeger" --workspace --features sqlite --no-default-features cargo +nightly llvm-cov report --lcov --output-path lcov.info - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 with: token: ${{ secrets.CODECOV_TOKEN }} files: lcov.info @@ -197,7 +197,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: block allowed-endpoints: > @@ -211,7 +211,7 @@ jobs: index.crates.io:443 static.crates.io:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af with: profile: minimal