particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: pin actions to commit hashes

Browse source
This commit is contained in:
RoyalOughtness 2025-03-06 22:18:01 -08:00 committed by Gerald Pinder
parent 1cc63c86c5
commit f627e969f5
5 changed files with 173 additions and 173 deletions
Download patch file Download diff file Expand all files Collapse all files

142
.github/workflows/build-pr.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository == github.event.pull_request.head.repo.full_name
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -28,7 +28,7 @@ jobs:
earthly org s blue-build
earthly sat s arm
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -36,7 +36,7 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -53,7 +53,7 @@ jobs:
if: github.repository == github.event.pull_request.head.repo.full_name
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -63,7 +63,7 @@ jobs:
earthly org s blue-build
earthly sat s amd
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -71,7 +71,7 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -90,7 +90,7 @@ jobs:
- arm64-prebuild
- amd64-prebuild
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -100,7 +100,7 @@ jobs:
earthly org s blue-build
earthly sat s pr
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -108,7 +108,7 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -124,7 +124,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository == github.event.pull_request.head.repo.full_name
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -135,7 +135,7 @@ jobs:
earthly org s blue-build
earthly sat s pr
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -143,7 +143,7 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -162,12 +162,12 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -184,9 +184,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -203,9 +203,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -227,18 +227,18 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -246,9 +246,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -268,16 +268,16 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
with:
install-dir: /usr/bin
use-sudo: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -285,9 +285,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -309,18 +309,18 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -328,9 +328,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -351,25 +351,25 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- name: Docker Login
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -377,9 +377,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -398,20 +398,20 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -430,20 +430,20 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -462,18 +462,18 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -481,9 +481,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -503,18 +503,18 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -522,9 +522,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:

166
.github/workflows/build.yml vendored
View file

@ -21,9 +21,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -40,9 +40,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -61,12 +61,12 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -78,13 +78,13 @@ jobs:
earthly sat s arm
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: github.token != null
with:
registry: ghcr.io
@ -103,12 +103,12 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -120,13 +120,13 @@ jobs:
earthly sat s amd
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: github.token != null
with:
registry: ghcr.io
@ -144,12 +144,12 @@ jobs:
if: github.repository == 'blue-build/cli'
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -160,7 +160,7 @@ jobs:
earthly org s blue-build
earthly sat s main
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -168,7 +168,7 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -190,12 +190,12 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -207,13 +207,13 @@ jobs:
earthly sat s main
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -239,12 +239,12 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
@ -268,27 +268,27 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -308,24 +308,24 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
with:
install-dir: /usr/bin
use-sudo: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -350,18 +350,18 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -369,9 +369,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -394,35 +394,35 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- name: Docker Login
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -455,33 +455,33 @@ jobs:
# workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY }}
# - name: Maximize build space
# uses: ublue-os/remove-unwanted-software@v6
# uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
# - uses: sigstore/cosign-installer@v3.3.0
# - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v3
# uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
# with:
# install: true
# - uses: actions-rust-lang/setup-rust-toolchain@v1
# - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
# - name: Docker Auth
# id: docker-auth
# uses: "docker/login-action@v3"
# uses: "docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0"
# with:
# username: "oauth2accesstoken"
# password: "${{ steps.auth.outputs.access_token }}"
# registry: us-east1-docker.pkg.dev
# - uses: actions/checkout@v4
# - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# with:
# ref: main
# - name: Expose GitHub Runtime
# uses: crazy-max/ghaction-github-runtime@v3
# uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
# - uses: extractions/setup-just@v1
# - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
# - name: Run Build
# env:
@ -503,20 +503,20 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -538,20 +538,20 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: main
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -573,18 +573,18 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -592,9 +592,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:
@ -617,18 +617,18 @@ jobs:
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
- uses: sigstore/cosign-installer@v3.3.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
install: true
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
@ -636,9 +636,9 @@ jobs:
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- uses: extractions/setup-just@v1
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Run Build
env:

6
.github/workflows/flakehub-tagged.yml vendored
View file

@ -16,12 +16,12 @@ jobs:
id-token: "write"
contents: "read"
steps:
- uses: "actions/checkout@v4"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: "${{ (inputs.tag != null) && format('refs/tags/{0}', inputs.tag) || '' }}"
- uses: "DeterminateSystems/nix-installer-action@main"
- uses: "DeterminateSystems/flakehub-push@main"
- uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d # v16
- uses: DeterminateSystems/flakehub-push@8da9e38b7e77f2b0a8aa08a22e57cc5c6316ea72 # v5
with:
visibility: "public"
name: "blue-build/cli"

26
.github/workflows/tag.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -25,14 +25,14 @@ jobs:
earthly org s blue-build
earthly sat s arm
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
fetch-tags: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: github.token != null
with:
registry: ghcr.io
@ -49,7 +49,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
env:
@ -60,14 +60,14 @@ jobs:
earthly org s blue-build
earthly sat s amd
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
fetch-tags: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: github.token != null
with:
registry: ghcr.io
@ -83,14 +83,14 @@ jobs:
timeout-minutes: 60
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
fetch-tags: true
- uses: dtolnay/rust-toolchain@stable
- uses: earthly/actions-setup@v1
- uses: dtolnay/rust-toolchain@38b70195107dddab2c7bbd522bcf763bac00963b # stable
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
@ -98,7 +98,7 @@ jobs:
earthly sat s tag
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -123,14 +123,14 @@ jobs:
steps:
# Setup repo and add caching
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
fetch-tags: true
- uses: dtolnay/rust-toolchain@stable
- uses: earthly/actions-setup@v1
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
- name: Earthly login
run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
@ -138,7 +138,7 @@ jobs:
earthly sat s tag
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}

6
.github/workflows/zizmor.yml vendored
View file

@ -17,12 +17,12 @@ jobs:
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v4
uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4.2.0
- name: Run zizmor 🌈
run: uvx zizmor --format sarif . > results.sarif
@ -30,7 +30,7 @@ jobs:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d #v3.28.10
with:
sarif_file: results.sarif
category: zizmor