From 63402aa8afb25d03fd710402bdeb84a8ae2208fc Mon Sep 17 00:00:00 2001 From: Evgenii Kliuchnikov Date: Tue, 12 Sep 2023 05:48:59 -0700 Subject: [PATCH] use sha-versions for most gh actions PiperOrigin-RevId: 564692809 --- .github/workflows/build_test.yml | 8 ++++---- .github/workflows/codeql.yml | 10 +++++----- .github/workflows/fuzz.yml | 2 +- .github/workflows/release.yaml | 13 +++++++------ 4 files changed, 17 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 725822afa..91668d3e2 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -233,14 +233,14 @@ jobs: sudo apt install -y ${EXTRA_PACKAGES} - name: Checkout the source - uses: actions/checkout@v4 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: submodules: false fetch-depth: 1 #- name: Checkout VC9 for Python # if: ${{ runner.os == 'Windows' && matrix.build_system == 'python' && matrix.python_version == '2.7' }} - # uses: actions/checkout@v4 + # uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 # with: # repository: reider-roque/sulley-win-installer # path: third_party/VCForPython27 @@ -338,7 +338,7 @@ jobs: cd integration mvn -B verify - - uses: actions/setup-python@v4 + - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 if: ${{ matrix.build_system == 'python' }} with: python-version: ${{ matrix.python_version }} @@ -367,7 +367,7 @@ jobs: steps: - name: Checkout the source - uses: actions/checkout@v4 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: submodules: false fetch-depth: 1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0dfd5a831..03da18bfe 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,11 +31,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@43750fe4fc4f068f04f2215206e6f6a29c78c763 # v2.14.4 with: languages: ${{ matrix.language }} # CodeQL is currently crashing on files with large lists: @@ -47,7 +47,7 @@ jobs: - if: matrix.language == 'cpp' name: Build CPP - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@43750fe4fc4f068f04f2215206e6f6a29c78c763 # v2.14.4 - if: matrix.language == 'cpp' || matrix.language == 'java' name: Build Java @@ -57,7 +57,7 @@ jobs: - if: matrix.language == 'javascript' name: Build JS - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@43750fe4fc4f068f04f2215206e6f6a29c78c763 # v2.14.4 - if: matrix.language == 'cpp' || matrix.language == 'python' name: Build Python @@ -65,7 +65,7 @@ jobs: python setup.py build_ext - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@43750fe4fc4f068f04f2215206e6f6a29c78c763 # v2.14.4 with: category: "/language:${{matrix.language}}" ref: "${{ github.ref != 'master' && github.ref || '/refs/heads/master' }}" diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 2ca7d42e2..14c2dcb00 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -28,7 +28,7 @@ jobs: fuzz-seconds: 600 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 if: failure() with: name: artifacts diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 89acdf34e..00b2b33d3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,6 +13,8 @@ on: - v*.*.* release: types: [ published ] + pull_request: + types: [opened, reopened, labeled, synchronize] concurrency: group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} @@ -46,12 +48,12 @@ jobs: steps: - name: Checkout the source - uses: actions/checkout@v4 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: submodules: false fetch-depth: 1 - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 id: cache-vcpkg with: path: vcpkg @@ -100,14 +102,13 @@ jobs: cmake --build out --config Release --target install cp LICENSE prefix/bin/LICENSE.brotli - name: Upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: brotli-${{matrix.triplet}} path: | prefix/bin/* - name: Package release zip - if: github.event_name == 'release' shell: 'powershell' run: | Compress-Archive -Path prefix\bin\* ` @@ -115,7 +116,7 @@ jobs: - name: Upload binaries to release if: github.event_name == 'release' - uses: AButler/upload-release-assets@v2.0 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 with: files: brotli-${{matrix.triplet}}.zip - repo-token: ${{ secrets.GITHUB_TOKEN }} + tag_name: dev/null