From f627e969f5bbc413c4ec72a6b66fc7fcc2b43d92 Mon Sep 17 00:00:00 2001 From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com> Date: Thu, 6 Mar 2025 22:18:01 -0800 Subject: [PATCH] chore: pin actions to commit hashes --- .github/workflows/build-pr.yml | 142 +++++++++++----------- .github/workflows/build.yml | 166 +++++++++++++------------- .github/workflows/flakehub-tagged.yml | 6 +- .github/workflows/tag.yml | 26 ++-- .github/workflows/zizmor.yml | 6 +- 5 files changed, 173 insertions(+), 173 deletions(-) diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index 4a05e87..a694c32 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest if: github.repository == github.event.pull_request.head.repo.full_name steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -28,7 +28,7 @@ jobs: earthly org s blue-build earthly sat s arm - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -36,7 +36,7 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -53,7 +53,7 @@ jobs: if: github.repository == github.event.pull_request.head.repo.full_name steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -63,7 +63,7 @@ jobs: earthly org s blue-build earthly sat s amd - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -71,7 +71,7 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -90,7 +90,7 @@ jobs: - arm64-prebuild - amd64-prebuild steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -100,7 +100,7 @@ jobs: earthly org s blue-build earthly sat s pr - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -108,7 +108,7 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -124,7 +124,7 @@ jobs: runs-on: ubuntu-latest if: github.repository == github.event.pull_request.head.repo.full_name steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -135,7 +135,7 @@ jobs: earthly org s blue-build earthly sat s pr - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -143,7 +143,7 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -162,12 +162,12 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -184,9 +184,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -203,9 +203,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -227,18 +227,18 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -246,9 +246,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -268,16 +268,16 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 with: install-dir: /usr/bin use-sudo: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -285,9 +285,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -309,18 +309,18 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -328,9 +328,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -351,25 +351,25 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - name: Docker Login - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -377,9 +377,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -398,20 +398,20 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -430,20 +430,20 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -462,18 +462,18 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -481,9 +481,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -503,18 +503,18 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -522,9 +522,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4115d80..3733235 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,9 +21,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -40,9 +40,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -61,12 +61,12 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN == null - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -78,13 +78,13 @@ jobs: earthly sat s arm # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: github.token != null with: registry: ghcr.io @@ -103,12 +103,12 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN == null - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -120,13 +120,13 @@ jobs: earthly sat s amd # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: github.token != null with: registry: ghcr.io @@ -144,12 +144,12 @@ jobs: if: github.repository == 'blue-build/cli' steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN == null - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -160,7 +160,7 @@ jobs: earthly org s blue-build earthly sat s main - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -168,7 +168,7 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -190,12 +190,12 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN == null - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -207,13 +207,13 @@ jobs: earthly sat s main # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -239,12 +239,12 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main @@ -268,27 +268,27 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -308,24 +308,24 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 with: install-dir: /usr/bin use-sudo: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -350,18 +350,18 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -369,9 +369,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -394,35 +394,35 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - name: Docker Login - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -455,33 +455,33 @@ jobs: # workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY }} # - name: Maximize build space - # uses: ublue-os/remove-unwanted-software@v6 + # uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - # - uses: sigstore/cosign-installer@v3.3.0 + # - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v3 + # uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 # with: # install: true - # - uses: actions-rust-lang/setup-rust-toolchain@v1 + # - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 # - name: Docker Auth # id: docker-auth - # uses: "docker/login-action@v3" + # uses: "docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0" # with: # username: "oauth2accesstoken" # password: "${{ steps.auth.outputs.access_token }}" # registry: us-east1-docker.pkg.dev - # - uses: actions/checkout@v4 + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # with: # ref: main # - name: Expose GitHub Runtime - # uses: crazy-max/ghaction-github-runtime@v3 + # uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - # - uses: extractions/setup-just@v1 + # - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 # - name: Run Build # env: @@ -503,20 +503,20 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -538,20 +538,20 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: main - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -573,18 +573,18 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -592,9 +592,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: @@ -617,18 +617,18 @@ jobs: steps: - name: Maximize build space - uses: ublue-os/remove-unwanted-software@v6 + uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - - uses: sigstore/cosign-installer@v3.3.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -636,9 +636,9 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - - uses: extractions/setup-just@v1 + - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: diff --git a/.github/workflows/flakehub-tagged.yml b/.github/workflows/flakehub-tagged.yml index 2c2b484..873036c 100644 --- a/.github/workflows/flakehub-tagged.yml +++ b/.github/workflows/flakehub-tagged.yml @@ -16,12 +16,12 @@ jobs: id-token: "write" contents: "read" steps: - - uses: "actions/checkout@v4" + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: "${{ (inputs.tag != null) && format('refs/tags/{0}', inputs.tag) || '' }}" - - uses: "DeterminateSystems/nix-installer-action@main" - - uses: "DeterminateSystems/flakehub-push@main" + - uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d # v16 + - uses: DeterminateSystems/flakehub-push@8da9e38b7e77f2b0a8aa08a22e57cc5c6316ea72 # v5 with: visibility: "public" name: "blue-build/cli" diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index 626d21a..32ad8a9 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -25,14 +25,14 @@ jobs: earthly org s blue-build earthly sat s arm - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 fetch-tags: true - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: github.token != null with: registry: ghcr.io @@ -49,7 +49,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: @@ -60,14 +60,14 @@ jobs: earthly org s blue-build earthly sat s amd - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 fetch-tags: true - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: github.token != null with: registry: ghcr.io @@ -83,14 +83,14 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 fetch-tags: true - - uses: dtolnay/rust-toolchain@stable - - uses: earthly/actions-setup@v1 + - uses: dtolnay/rust-toolchain@38b70195107dddab2c7bbd522bcf763bac00963b # stable + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null @@ -98,7 +98,7 @@ jobs: earthly sat s tag - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -123,14 +123,14 @@ jobs: steps: # Setup repo and add caching - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 fetch-tags: true - uses: dtolnay/rust-toolchain@stable - - uses: earthly/actions-setup@v1 + - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null @@ -138,7 +138,7 @@ jobs: earthly sat s tag - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index d59a969..f0a44f9 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -17,12 +17,12 @@ jobs: actions: read steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v4 + uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4.2.0 - name: Run zizmor 🌈 run: uvx zizmor --format sarif . > results.sarif @@ -30,7 +30,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d #v3.28.10 with: sarif_file: results.sarif category: zizmor