diff --git a/.github/actions/pmem_benchmark_run/action.yml b/.github/actions/pmem_benchmark_run/action.yml index 27c989c7ebe..24e4e40d38f 100644 --- a/.github/actions/pmem_benchmark_run/action.yml +++ b/.github/actions/pmem_benchmark_run/action.yml @@ -33,7 +33,7 @@ runs: - name: Archive logs if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: ${{ inputs.config }}__${{ inputs.scenario }} path: '${{ inputs.runtime_dir }}/*.csv' diff --git a/.github/workflows/docker_rebuild.yml b/.github/workflows/docker_rebuild.yml index dd740fef3d2..5a46d3cf4f9 100644 --- a/.github/workflows/docker_rebuild.yml +++ b/.github/workflows/docker_rebuild.yml @@ -37,7 +37,7 @@ jobs: - {OS: ubuntu, OS_VER: 22.04} steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Rebuild the image env: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c519016ad4e..1b90f3efbd8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,7 +13,7 @@ jobs: issues: read steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: # required for `make check-license` to work properly fetch-depth: 50 @@ -23,7 +23,7 @@ jobs: if: | !(github.repository == 'pmem/pmdk' && (github.ref_name == 'master' || startsWith(github.ref_name, 'stable-'))) - uses: Zomzog/changelog-checker@v1.3.0 + uses: Zomzog/changelog-checker@09cfe9ad3618dcbfdba261adce0c41904cabb8c4 # v1.3.0 with: fileName: ChangeLog noChangelogLabel: no changelog # the default @@ -51,7 +51,7 @@ jobs: - name: Upload check license diff if: steps.check_license.outcome != 'success' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: check-license.diff path: /tmp/check-license.diff @@ -97,7 +97,7 @@ jobs: BUILD_ALL: n # exclude non-required parts from the build steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install dependencies run: sudo apt-get -y install pandoc diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b2b43cef8b1..7fe5abd3358 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -35,7 +35,7 @@ jobs: TEST_BUILD: [debug, nondebug] steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 50 @@ -66,7 +66,7 @@ jobs: ] steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 50 diff --git a/.github/workflows/pmem_benchmark.yml b/.github/workflows/pmem_benchmark.yml index 93fcfbb8f1a..5a3c5e8a528 100644 --- a/.github/workflows/pmem_benchmark.yml +++ b/.github/workflows/pmem_benchmark.yml @@ -19,7 +19,7 @@ jobs: contents: read steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 @@ -44,7 +44,7 @@ jobs: MANIFEST: ${{ matrix.ROLE }}/manifest.txt steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ matrix.GITHUB_REF }} fetch-depth: 1 @@ -60,7 +60,7 @@ jobs: git -C ${{ matrix.ROLE }} rev-parse HEAD >> $MANIFEST - name: Archive the manifest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: manifest_${{ matrix.ROLE }} path: ${{ env.MANIFEST }} @@ -109,7 +109,7 @@ jobs: done - name: Upload all as a single artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: perf__all__${{ github.run_id }} path: csvs/**/* diff --git a/.github/workflows/pmem_ras.yml b/.github/workflows/pmem_ras.yml index 9f196df91d1..6fd11d1166f 100644 --- a/.github/workflows/pmem_ras.yml +++ b/.github/workflows/pmem_ras.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Variables, such as $ras_runner are set on the controller platform # as environment variables. diff --git a/.github/workflows/pmem_test_matrix.yml b/.github/workflows/pmem_test_matrix.yml index 4b62b0c6788..b337893c1a2 100644 --- a/.github/workflows/pmem_test_matrix.yml +++ b/.github/workflows/pmem_test_matrix.yml @@ -33,7 +33,7 @@ jobs: steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Test prepare uses: ./.github/actions/pmem_test_prepare diff --git a/.github/workflows/pmem_tests.yml b/.github/workflows/pmem_tests.yml index 67eca2d1837..1bf9a1b22c7 100644 --- a/.github/workflows/pmem_tests.yml +++ b/.github/workflows/pmem_tests.yml @@ -55,7 +55,7 @@ jobs: build: [static_debug, static_nondebug] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Test prepare uses: ./.github/actions/pmem_test_prepare @@ -76,7 +76,7 @@ jobs: runs-on: [self-hosted, rhel] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Test prepare uses: ./.github/actions/pmem_test_prepare @@ -102,7 +102,7 @@ jobs: runs-on: [self-hosted, rhel] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Test prepare uses: ./.github/actions/pmem_test_prepare diff --git a/.github/workflows/scan_bandit.yml b/.github/workflows/scan_bandit.yml index ead974e30fa..c7b60300301 100644 --- a/.github/workflows/scan_bandit.yml +++ b/.github/workflows/scan_bandit.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Bandit run: sudo apt-get -y install bandit diff --git a/.github/workflows/scan_codeql.yml b/.github/workflows/scan_codeql.yml index ce5a625834b..85d10c87917 100644 --- a/.github/workflows/scan_codeql.yml +++ b/.github/workflows/scan_codeql.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install pmem/valgrind (including dependencies) run: | @@ -36,7 +36,7 @@ jobs: && sudo ./utils/docker/images/install-valgrind.sh - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: languages: cpp, python @@ -44,4 +44,4 @@ jobs: run: make test -j$(nproc) - name: CodeQL scan - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 diff --git a/.github/workflows/scan_coverage.yml b/.github/workflows/scan_coverage.yml index 6fcef3d30a1..410728d0cc8 100644 --- a/.github/workflows/scan_coverage.yml +++ b/.github/workflows/scan_coverage.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Pull the image run: cd $WORKDIR && ./pull-or-rebuild-image.sh @@ -39,7 +39,7 @@ jobs: run: cd $WORKDIR && ./build-CI.sh - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: root_dir: /home/runner/work/pmdk/pmdk/ directory: /home/runner/work/pmdk/pmdk/ diff --git a/.github/workflows/scan_coverity.yml b/.github/workflows/scan_coverity.yml index 4c1c5703046..575f7b04c6a 100644 --- a/.github/workflows/scan_coverity.yml +++ b/.github/workflows/scan_coverity.yml @@ -30,7 +30,7 @@ jobs: CONFIG: ["OS=ubuntu OS_VER=22.04"] steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Pull or rebuild the image run: cd $WORKDIR && ${{ matrix.CONFIG }} ./pull-or-rebuild-image.sh diff --git a/.github/workflows/scan_documentation.yml b/.github/workflows/scan_documentation.yml index 16c4993ea4d..bfe4b48d322 100644 --- a/.github/workflows/scan_documentation.yml +++ b/.github/workflows/scan_documentation.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install required packages run: | diff --git a/.github/workflows/scan_log_calls.yml b/.github/workflows/scan_log_calls.yml index 406ce1275a5..b5d5b646735 100644 --- a/.github/workflows/scan_log_calls.yml +++ b/.github/workflows/scan_log_calls.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Generate log calls' diff working-directory: ${{ env.WORKING_DIRECTORY }} @@ -30,7 +30,7 @@ jobs: - name: Upload artifacts if: steps.log_calls_diff.outputs.length != '0' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: log_calls_diff path: ${{ env.WORKING_DIRECTORY }}/log_calls.diff diff --git a/.github/workflows/scan_stack_usage.yml b/.github/workflows/scan_stack_usage.yml index a5b1ecc8984..fc786695c32 100644 --- a/.github/workflows/scan_stack_usage.yml +++ b/.github/workflows/scan_stack_usage.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: pmdk @@ -77,7 +77,7 @@ jobs: rm -f ${{ env.TEMP }} - name: Upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: call_stacks_data path: | diff --git a/.github/workflows/scan_ubsan.yml b/.github/workflows/scan_ubsan.yml index 3693783ca22..a18c1b5ac07 100644 --- a/.github/workflows/scan_ubsan.yml +++ b/.github/workflows/scan_ubsan.yml @@ -28,7 +28,7 @@ jobs: build: ['debug', 'nondebug'] steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Pull the image run: cd $WORKDIR && ./pull-or-rebuild-image.sh diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f4108465068..feeb94164c2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false @@ -69,6 +69,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 7874483f567..edce664f50e 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -27,7 +27,7 @@ jobs: TEST_BUILD: ['debug', 'nondebug'] steps: - name: Clone the git repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 50 @@ -46,7 +46,7 @@ jobs: - name: Archive logs if: steps.build.outcome != 'success' - uses: actions/upload-artifact@v4.2.0 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: logs-${{ matrix.TEST_BUILD }} path: ${{env.HOST_WORKDIR}}/src/test/**/*.log