From 7496aac3392d9947930d077e08d1c46cdb9a5107 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Wed, 8 Apr 2026 16:55:21 +0200 Subject: [PATCH 1/2] chore: pin actions to SHA in .github/workflows/publish.yml --- .github/workflows/publish.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0bc72fa..4ce2ee0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,7 +15,7 @@ jobs: GIT_TAG: ${{ steps.params.outputs.GIT_TAG }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 fetch-tags: true @@ -101,16 +101,16 @@ jobs: steps: - name: Notification run: echo "::notice::Building ${{ matrix.asset_name }} for release ${{ needs.setup.outputs.GIT_TAG }}..." - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 # BUILD - name: Static build with musl if: matrix.build == 'musl' - uses: mariodfinity/rust-musl-action@master + uses: mariodfinity/rust-musl-action@cd060e3b2ae563fffefa0d6981d45947febf988e # master with: args: make ${{ matrix.make_target }} - name: Install toolchain (ARM) if: matrix.name == 'arm' - uses: actions-rs/toolchain@v1 + uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 with: profile: minimal toolchain: ${{ matrix.rust }} @@ -121,7 +121,7 @@ jobs: run: make ${{ matrix.make_target }} - name: Cross build if: matrix.name == 'arm' - uses: actions-rs/cargo@v1 + uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 with: use-cross: true command: build @@ -156,7 +156,7 @@ jobs: include: - package: idl2json steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Publish ${{ matrix.package }} env: CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} @@ -171,7 +171,7 @@ jobs: include: - package: idl2json_cli steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Publish ${{ matrix.package }} env: CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} @@ -181,7 +181,7 @@ jobs: name: Publish GitHub release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Publish GitHub release run: | GIT_TAG=${{ needs.setup.outputs.GIT_TAG }} From 1ee9fefc3ee6189fd9244bf32635cd215a436839 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Wed, 8 Apr 2026 16:55:23 +0200 Subject: [PATCH 2/2] chore: pin actions to SHA in .github/workflows/rust.yaml --- .github/workflows/rust.yaml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/rust.yaml b/.github/workflows/rust.yaml index 79c47bd..ffcfe9c 100644 --- a/.github/workflows/rust.yaml +++ b/.github/workflows/rust.yaml @@ -9,40 +9,40 @@ jobs: name: Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 with: profile: minimal toolchain: stable override: true - - uses: actions-rs/cargo@v1 + - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 with: command: check test: name: Test Suite runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 with: profile: minimal toolchain: stable override: true - - uses: actions-rs/cargo@v1 + - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 with: command: test fmt: name: Rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 with: profile: minimal toolchain: stable override: true - run: rustup component add rustfmt - - uses: actions-rs/cargo@v1 + - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 with: command: fmt args: --all -- --check @@ -50,14 +50,14 @@ jobs: name: Clippy runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 with: profile: minimal toolchain: stable override: true - run: rustup component add clippy - - uses: actions-rs/cargo@v1 + - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 with: command: clippy args: --tests --benches -- -D clippy::all @@ -66,20 +66,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Install stable toolchain - uses: actions-rs/toolchain@v1 + uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 with: toolchain: stable override: true - name: Run cargo-tarpaulin - uses: actions-rs/tarpaulin@v0.1 + uses: actions-rs/tarpaulin@044a1e5bdace8dd2f727b1af63c1d9a1d3572068 # v0.1 with: version: '0.16.0' args: '--out Json -- --test-threads 1' out-type: 'Html' - name: Archive code coverage results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: code-coverage-report path: tarpaulin-report.html