diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0ef53b9a..7290bd0b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,7 +41,7 @@ jobs: outputs: py: ${{ steps.filter.outputs.py }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -87,7 +87,7 @@ jobs: security-events: write actions: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -139,7 +139,7 @@ jobs: # the build on warnings regardless of this step. - name: Upload SARIF to code scanning if: always() && hashFiles('rust-clippy-results.sarif') != '' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: sarif_file: rust-clippy-results.sarif category: clippy @@ -149,7 +149,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -212,7 +212,7 @@ jobs: steps: # Integration snapshots live in the big-code-analysis-output # submodule under tests/repositories/; tests require it. - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: recursive @@ -220,7 +220,7 @@ jobs: with: toolchain: stable - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 - - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + - uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-nextest # nextest runs the lib / bins / integration tests and writes the JUnit @@ -264,7 +264,7 @@ jobs: steps: # Coverage instruments and runs the full test suite, so it needs the # big-code-analysis-output submodule exactly like the test job above. - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: recursive @@ -280,7 +280,7 @@ jobs: - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 with: key: coverage - - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + - uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-nextest,cargo-llvm-cov # nextest is the same runner the `test` job uses, so instrumenting it @@ -315,7 +315,7 @@ jobs: # fail_ci_if_error stays off so a Codecov outage or a credential-less # fork PR cannot red-X the merge gate — coverage is informational. - name: Upload coverage to Codecov - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 + uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 with: files: codecov.json flags: rust @@ -327,7 +327,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -370,7 +370,7 @@ jobs: - name: no-default-features (web) flags: --no-default-features -p big-code-analysis-web steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -388,7 +388,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -401,7 +401,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -409,7 +409,7 @@ jobs: with: toolchain: stable - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 - - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + - uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-about@0.8.4 # Fails if any dep in either binary crate's transitive closure @@ -440,7 +440,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -472,7 +472,7 @@ jobs: tar -xzf /tmp/rumdl.tgz -C /tmp rumdl install -m 0755 /tmp/rumdl /usr/local/bin/rumdl rumdl --version - - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + - uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: taplo-cli@0.10.0,shellcheck@0.10.0,shfmt@3.12.0 # actionlint 1.7.12's prebuilt binary is not yet in @@ -607,7 +607,7 @@ jobs: # snapshot store). Skip recursive submodules to avoid pulling # ~hundreds of MB of unused fixtures and to avoid blocking on a # missing/force-pushed submodule SHA. - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -697,7 +697,7 @@ jobs: # big-code-analysis-output submodule is for Rust integration # snapshots and would otherwise gate this matrix on its # availability. - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -773,7 +773,7 @@ jobs: # job (informational, fork-PR-safe). - name: Upload coverage to Codecov if: runner.os == 'Linux' && matrix.python == '3.12' - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 + uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 with: files: big-code-analysis-py/coverage.xml flags: python @@ -798,7 +798,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -858,7 +858,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0f6cbe9f..8033e2e0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,15 +35,15 @@ jobs: - { language: python, build-mode: none } - { language: rust, build-mode: none } steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Initialize CodeQL - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: category: /language:${{ matrix.language }} diff --git a/.github/workflows/mutation-test.yml b/.github/workflows/mutation-test.yml index 90dd1190..6878bb77 100644 --- a/.github/workflows/mutation-test.yml +++ b/.github/workflows/mutation-test.yml @@ -30,7 +30,7 @@ jobs: timeout-minutes: 720 steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: submodules: recursive @@ -41,7 +41,7 @@ jobs: uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 - name: Install cargo-mutants - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-mutants diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index b2fc4a08..f628e0a6 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -94,7 +94,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -175,7 +175,7 @@ jobs: # commit — the baseline keys are sensitive to which files the # walker actually visits. steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: # `--since "origin/${GITHUB_BASE_REF:-main}"` (set via # BCA_SINCE on the threshold-gate step below, #387) resolves a @@ -307,7 +307,7 @@ jobs: # distinct analysis from ci.yml's `category: clippy` upload. - name: Upload self-scan SARIF to code scanning if: always() && hashFiles('bca.sarif') != '' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: sarif_file: bca.sarif category: bca diff --git a/.github/workflows/python-cli-wheels.yml b/.github/workflows/python-cli-wheels.yml index 361a90cb..319791c4 100644 --- a/.github/workflows/python-cli-wheels.yml +++ b/.github/workflows/python-cli-wheels.yml @@ -131,7 +131,7 @@ jobs: runs-on: ${{ matrix.runs-on }} timeout-minutes: 45 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -152,7 +152,7 @@ jobs: targets: ${{ matrix.target }} - name: Install cargo-about - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-about@${{ env.CARGO_ABOUT_VERSION }} @@ -255,7 +255,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false diff --git a/.github/workflows/python-wheels.yml b/.github/workflows/python-wheels.yml index 5b6b548a..e8290f2d 100644 --- a/.github/workflows/python-wheels.yml +++ b/.github/workflows/python-wheels.yml @@ -122,7 +122,7 @@ jobs: timeout-minutes: 45 steps: # No submodules — the bindings' fixtures are in-tree. - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false @@ -204,7 +204,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 submodules: false diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index be7f5ba7..e3fb3c8c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -87,7 +87,7 @@ jobs: # Always check out the tag ref, not the event SHA. Critical for # workflow_dispatch where github.sha points at the branch HEAD. - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ steps.tag.outputs.tag }} @@ -248,7 +248,7 @@ jobs: - { target: x86_64-pc-windows-msvc, runner: windows-latest, cross: false } - { target: aarch64-pc-windows-msvc, runner: windows-latest, cross: false } steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ needs.preflight.outputs.ref }} @@ -260,12 +260,12 @@ jobs: - name: Install cross (Linux cross-compile) if: matrix.cross - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cross@${{ env.CROSS_VERSION }} - name: Install cargo-about - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-about@${{ env.CARGO_ABOUT_VERSION }} @@ -489,7 +489,7 @@ jobs: - { crate: big-code-analysis-web, target: x86_64-unknown-linux-gnu, deb_arch: amd64 } - { crate: big-code-analysis-web, target: aarch64-unknown-linux-gnu, deb_arch: arm64 } steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ needs.preflight.outputs.ref }} @@ -499,7 +499,7 @@ jobs: toolchain: ${{ env.RUST_TOOLCHAIN }} targets: ${{ matrix.target }} - - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + - uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-deb@${{ env.CARGO_DEB_VERSION }} @@ -574,7 +574,7 @@ jobs: - { crate: big-code-analysis-web, target: x86_64-unknown-linux-gnu, rpm_arch: x86_64 } - { crate: big-code-analysis-web, target: aarch64-unknown-linux-gnu, rpm_arch: aarch64 } steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ needs.preflight.outputs.ref }} @@ -584,7 +584,7 @@ jobs: toolchain: ${{ env.RUST_TOOLCHAIN }} targets: ${{ matrix.target }} - - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + - uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-generate-rpm@${{ env.CARGO_GENERATE_RPM_VERSION }} @@ -669,7 +669,7 @@ jobs: - { target: x86_64-unknown-linux-musl, apk_arch: x86_64 } - { target: aarch64-unknown-linux-musl, apk_arch: aarch64 } steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ needs.preflight.outputs.ref }} @@ -1054,7 +1054,7 @@ jobs: id-token: write attestations: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ needs.preflight.outputs.ref }} @@ -1115,7 +1115,7 @@ jobs: - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # stable tip with: toolchain: ${{ env.RUST_TOOLCHAIN }} - - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0 + - uses: taiki-e/install-action@56545b37b57562edd73171cb6c62cc509db4c34e # v2.81.7 with: tool: cargo-cyclonedx@${{ env.CARGO_CYCLONEDX_VERSION }} @@ -1215,7 +1215,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ needs.preflight.outputs.ref }} @@ -1404,7 +1404,7 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ needs.preflight.outputs.ref }} @@ -1524,7 +1524,7 @@ jobs: contents: read attestations: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ needs.preflight.outputs.ref }}