From b87d6249824ff89b5b947beee2d4844b8a55c8dd Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Wed, 8 Apr 2026 18:30:24 +0200 Subject: [PATCH 1/4] chore: pin actions to SHA in .github/workflows/canbench-post-comment.yml --- .github/workflows/canbench-post-comment.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/canbench-post-comment.yml b/.github/workflows/canbench-post-comment.yml index 83e5260a..68503832 100644 --- a/.github/workflows/canbench-post-comment.yml +++ b/.github/workflows/canbench-post-comment.yml @@ -13,7 +13,7 @@ jobs: matrix: ${{ steps.set-benchmarks.outputs.matrix }} pr_number: ${{ steps.set-benchmarks.outputs.pr_number }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe with: @@ -29,7 +29,7 @@ jobs: matrix: ${{fromJSON(needs.download-results.outputs.matrix)}} steps: - name: Post comment - uses: thollander/actions-comment-pull-request@v2 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: message: | ${{ matrix.benchmark.result }} From 448d912f0b5c77325736a3bcdf444290399e7348 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Wed, 8 Apr 2026 18:30:26 +0200 Subject: [PATCH 2/4] chore: pin actions to SHA in .github/workflows/ci-notify-slack.yml --- .github/workflows/ci-notify-slack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-notify-slack.yml b/.github/workflows/ci-notify-slack.yml index 956e4bd3..d01656b3 100644 --- a/.github/workflows/ci-notify-slack.yml +++ b/.github/workflows/ci-notify-slack.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Sanitize PR title id: sanitize From a1c155437d438bb7b9f5c8b04a1aaf62252d9e40 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Wed, 8 Apr 2026 18:30:27 +0200 Subject: [PATCH 3/4] chore: pin actions to SHA in .github/workflows/ci.yml --- .github/workflows/ci.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bb819cc2..32ca426e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,10 +15,10 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cargo/registry @@ -67,15 +67,15 @@ jobs: steps: - name: Checkout current PR - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Checkout baseline branch - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: ref: main path: _canbench_baseline_branch - - uses: actions/cache@v3 + - uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3.5.0 with: path: | ~/.cargo/registry @@ -93,17 +93,17 @@ jobs: run: | bash ./scripts/ci_run_benchmark.sh $PROJECT_DIR ${{ matrix.name }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: canbench_result_${{ matrix.name }} path: /tmp/canbench_result_${{ matrix.name }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: canbench_results_persisted_${{ matrix.name }}_yml path: /tmp/canbench_results_persisted_${{ matrix.name }}.yml - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: canbench_results_${{ matrix.name }}_csv path: /tmp/canbench_results_${{ matrix.name }}.csv @@ -116,9 +116,9 @@ jobs: name: ShellCheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master + uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master env: SHELLCHECK_OPTS: -e SC1090 -e SC2119 -e SC1091 @@ -126,13 +126,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Save PR number run: | echo ${{ github.event.number }} > /tmp/pr_number - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: pr_number path: /tmp/pr_number From 97e17b8528a8191118637f6e0c20aedb228c92ae Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Wed, 8 Apr 2026 18:30:28 +0200 Subject: [PATCH 4/4] chore: pin actions to SHA in .github/workflows/publish.yml --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3da969fd..56895aca 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,9 +16,9 @@ jobs: id-token: write # Required for OIDC token exchange steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - - uses: rust-lang/crates-io-auth-action@v1 + - uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1 id: auth - run: echo "Preparing to cargo publish ${{ github.ref_name }}."