github-ci: sync with master branch

author Jason Ish <jason.ish@oisf.net>

Wed, 16 Oct 2024 18:36:17 +0000 (12:36 -0600)

committer Victor Julien <victor@inliniac.net>

Thu, 17 Oct 2024 10:38:58 +0000 (12:38 +0200)
author Jason Ish <jason.ish@oisf.net>
Wed, 16 Oct 2024 18:36:17 +0000 (12:36 -0600)
committer Victor Julien <victor@inliniac.net>
Thu, 17 Oct 2024 10:38:58 +0000 (12:38 +0200)
diff --git a/.github/workflows/authors-done.yml b/.github/workflows/authors-done.yml

index b1700e1d030df197b11417852c4b8e5ea71098f7..fa449745f9877787d813146a0bda4147c79d998f 100644 (file)
--- a/.github/workflows/authors-done.yml
+++ b/.github/workflows/authors-done.yml
@@ -12,7 +12,7 @@ jobs:
        - run: echo "Author check is complete"
  
        - name: Download artifact new authors
-        uses: actions/github-script@v6
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
          with:
            script: |
              let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
@@ -38,14 +38,13 @@ jobs:
            fi
        - name: Comment on PR
          if: ${{ env.new_authors == 'yes' }}
-        uses: actions/github-script@v6
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
          with:
            github-token: ${{ secrets.GITHUB_TOKEN }}
            script: |
              let fs = require('fs');
              let issue_number = Number(fs.readFileSync('./pr-number.txt'));
-            let new_authors = String(fs.readFileSync('./new-authors.txt'));
-            let msg = 'NOTE: This PR may contain new authors:\n\n```\n' + new_authors + '```';
+            let msg = 'NOTE: This PR may contain new authors.';
              await github.rest.issues.createComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
diff --git a/.github/workflows/authors.yml b/.github/workflows/authors.yml

index 5c4702a13858c2b20a5db112c3810e46297bc077..35b0456ae3477bf7a6502845a3aecbab4525d01d 100644 (file)
--- a/.github/workflows/authors.yml
+++ b/.github/workflows/authors.yml
@@ -3,13 +3,19 @@ name: New Authors Check
  on:
    pull_request:
  
+permissions: read-all
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  jobs:
    check-id:
      name: New Author Check
      runs-on: ubuntu-latest
      steps:
        - name: Checkout PR code
-        uses: actions/checkout@v3
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
          with:
            ref: ${{ github.event.pull_request.head.sha }}
            fetch-depth: 0
@@ -17,13 +23,13 @@ jobs:
        - name: Export known authors from master branch
          run: git log --format="%an <%ae>" origin/master | sort | uniq > authors.txt
        - name: Export authors from new commits
-        run: git log --format="%an <%ae>" origin/${GITHUB_BASE_REF}... | sort | uniq > commit-authors.txt
+        run: git log --format="%an <%ae>" ${{ github.event.pull_request.base.sha }}... | sort | uniq > commit-authors.txt
        - name: Check new authors
          run: |
            touch new-authors.txt
            while read -r author; do
               echo "Checking author: ${author}"
-             if ! grep -q "^${author}\$" authors.txt; then
+             if ! grep -qFx "${author}" authors.txt; then
                   echo "ERROR: ${author} NOT FOUND"
                   echo "::warning ::New author found: ${author}"
                   echo "${author}" >> new-authors.txt
@@ -35,7 +41,7 @@ jobs:
        - run: echo ${{ github.event.number }} > new-authors/pr-number.txt
        - run: ls -l
        - name: Upload new authors
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
          with:
            name: new-authors
            path: new-authors
diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml

index 883c3ea78c2003b9cec087070cd92ba38a66ec6c..df00eeceb63ff5de3751ecfcb9945c7481203e7c 100644 (file)
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -2,6 +2,10 @@ name: builds
  
  on:
    push:
+    paths-ignore:
+      # Don't run this workflow if only files under doc/ have been
+      # modified.
+      - "doc/**"
    pull_request:
    workflow_dispatch:
      inputs:
@@ -12,6 +16,10 @@ on:
        SV_REPO:
        SV_BRANCH:
  
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  permissions: read-all
  
  env:
@@ -147,7 +155,7 @@ jobs:
      runs-on: ubuntu-latest
      steps:
        - name: Cache ~/.cargo
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo
            key: ${{ github.job }}-cargo
@@ -174,13 +182,13 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
  
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            key: ${{ github.job }}-dnf
@@ -290,7 +298,7 @@ jobs:
      needs: [prepare-deps, prepare-cbindgen]
      steps:
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            # TODO: Find some variable that matches the job name.
@@ -299,7 +307,7 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -382,13 +390,13 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
  
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            key: ${{ github.job }}-dnf
@@ -474,13 +482,13 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
  
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            key: ${{ github.job }}-dnf
@@ -528,7 +536,7 @@ jobs:
                  which \
                  zlib-devel
        - name: Download suricata.tar.gz
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: dist
        - run: tar zxvf suricata-*.tar.gz --strip-components=1
@@ -547,7 +555,7 @@ jobs:
            test -e /usr/local/lib/suricata/python/suricata/update/configs/modify.conf
            test -e /usr/local/lib/suricata/python/suricata/update/configs/threshold.in
            test -e /usr/local/lib/suricata/python/suricata/update/configs/update.yaml
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -565,13 +573,13 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
  
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            key: ${{ github.job }}-dnf
@@ -619,9 +627,10 @@ jobs:
        - name: Install Rust
          run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y
        - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
        - uses: ./.github/actions/install-cbindgen
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -645,7 +654,7 @@ jobs:
        - run: llvm-profdata merge -o default.profdata $(find suricata-verify/tests/ -name '*.profraw')
        - run: llvm-cov show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt
        - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238
          with:
            fail_ci_if_error: false
            flags: suricata-verify
@@ -660,13 +669,13 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
  
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            key: ${{ github.job }}-dnf
@@ -714,9 +723,10 @@ jobs:
                  systemd-devel \
                  which \
                  zlib-devel
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
        - uses: ./.github/actions/install-cbindgen
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -767,7 +777,7 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -808,9 +818,10 @@ jobs:
                  sudo \
                  which \
                  zlib-devel
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
        - uses: ./.github/actions/install-cbindgen
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -855,13 +866,13 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
  
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            key: ${{ github.job }}-dnf
@@ -907,9 +918,10 @@ jobs:
                  systemd-devel \
                  which \
                  zlib-devel
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
        - uses: ./.github/actions/install-cbindgen
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -955,7 +967,7 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -996,9 +1008,10 @@ jobs:
                  sudo \
                  which \
                  zlib-devel
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
        - uses: ./.github/actions/install-cbindgen
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1081,9 +1094,10 @@ jobs:
                  which \
                  zlib-devel
        - run: adduser suricata
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
        - uses: ./.github/actions/install-cbindgen
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1125,13 +1139,13 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
  
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            key: ${{ github.job }}-dnf
@@ -1172,8 +1186,9 @@ jobs:
                  sudo \
                  which \
                  zlib-devel
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1195,13 +1210,13 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
  
        - name: Cache RPMs
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: /var/cache/dnf
            key: ${{ github.job }}-dnf
@@ -1224,18 +1239,22 @@ jobs:
            dnf -y install dnf-plugins-core epel-release
            dnf config-manager --set-enabled crb
  
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - uses: ./.github/actions/install-cbindgen
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+      
+      - name: Install minimal dependencies
+        run: ./scripts/docs-almalinux9-minimal-build.sh
+
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
        - run: tar xf prep/libhtp.tar.gz
        - run: ./autogen.sh
-      - uses: ./.github/actions/install-cbindgen
-
-      - name: Install minimal dependencies
-        run: ./scripts/docs-almalinux9-minimal-build.sh
-
        - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
        - run: make -j ${{ env.CPUS }}
        - run: ./src/suricata --build-info # check if we can run Suricata
@@ -1247,7 +1266,7 @@ jobs:
      needs: [prepare-deps, prepare-cbindgen]
      steps:
        - name: Cache ~/.cargo
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -1297,8 +1316,9 @@ jobs:
        # packaged Rust version is too old for coverage, so get from rustup
        - name: Install Rust
          run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1347,7 +1367,7 @@ jobs:
        - run: llvm-profdata-14 merge -o htp-test.profdata /tmp/htp-test.profraw
        - run: llvm-cov-14 show libhtp/test/test_all -instr-profile=htp-test.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt
        - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238
          with:
            fail_ci_if_error: false
            flags: unittests
@@ -1415,8 +1435,9 @@ jobs:
        # packaged Rust version is too old for coverage, so get from rustup
        - name: Install Rust
          run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1447,7 +1468,7 @@ jobs:
        - run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw')
        - run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt
        - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238
          with:
            fail_ci_if_error: false
            flags: fuzzcorpus
@@ -1459,7 +1480,7 @@ jobs:
      needs: [prepare-deps, prepare-cbindgen]
      steps:
        - name: Cache ~/.cargo
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -1503,8 +1524,9 @@ jobs:
                  zlib1g-dev \
                  exuberant-ctags \
                  dpdk-dev
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1543,7 +1565,7 @@ jobs:
      needs: debian-12-dist
      steps:
        - name: Cache ~/.cargo
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -1582,7 +1604,7 @@ jobs:
        - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.62.0 -y
        - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
        - name: Download suricata.tar.gz
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: dist
        - run: tar zxvf suricata-*.tar.gz --strip-components=1
@@ -1605,7 +1627,7 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -1648,8 +1670,9 @@ jobs:
                  zlib1g \
                  zlib1g-dev \
                  exuberant-ctags
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1684,7 +1707,7 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -1723,8 +1746,9 @@ jobs:
                  zlib1g \
                  zlib1g-dev
        - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1741,7 +1765,7 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -1792,12 +1816,20 @@ jobs:
                  linux-headers-$(uname -r)
  
        - name: Checkout Netmap repository
-        uses: actions/checkout@v3.5.3
+        if: steps.netmap-cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
          with:
            repository: luigirizzo/netmap
            # gets cloned to $GITHUB_WORKSPACE/netmap/
            path: netmap/
  
+      - name: Save Netmap Cache
+        if: steps.netmap-cache.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v4
+        with:
+          path: netmap/
+          key: netmap-git
+
        - name: Compile and install Netmap
          run: |
            cd $GITHUB_WORKSPACE/netmap/LINUX
@@ -1805,8 +1837,9 @@ jobs:
            make -j2
            sudo make install
  
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1824,7 +1857,7 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -1839,8 +1872,9 @@ jobs:
              git \
              libtool
  
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1868,7 +1902,7 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -1937,8 +1971,9 @@ jobs:
            ninja -C build install
            ldconfig
            cd $HOME
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -1957,7 +1992,7 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2009,8 +2044,9 @@ jobs:
                texlive-latex-extra \
                zlib1g \
                zlib1g-dev
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -2044,7 +2080,7 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2092,8 +2128,9 @@ jobs:
                texlive-latex-extra \
                zlib1g \
                zlib1g-dev
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -2108,7 +2145,7 @@ jobs:
          run: |
            mkdir dist
            mv suricata-*.tar.gz dist
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
          name: Uploading distribution
          with:
            name: dist
@@ -2122,7 +2159,7 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2171,8 +2208,9 @@ jobs:
                texlive-latex-extra \
                zlib1g \
                zlib1g-dev
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -2204,7 +2242,7 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2248,8 +2286,9 @@ jobs:
        - name: Install Rust
          run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y
        - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -2275,7 +2314,7 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2317,8 +2356,9 @@ jobs:
        - name: Install Rust
          run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y
        - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -2343,7 +2383,7 @@ jobs:
      steps:
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2367,9 +2407,10 @@ jobs:
            rust \
            xz
        - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
        - name: Downloading prep archive
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -2408,7 +2449,7 @@ jobs:
          shell: msys2 {0}
      steps:
        - name: Cache ~/.cargo
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2421,8 +2462,9 @@ jobs:
        # preinstalled one to be picked up by configure
        - name: cbindgen
          run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -2463,7 +2505,7 @@ jobs:
          shell: msys2 {0}
      steps:
        - name: Cache ~/.cargo
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2476,8 +2518,9 @@ jobs:
        # preinstalled one to be picked up by configure
        - name: cbindgen
          run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
@@ -2506,7 +2549,7 @@ jobs:
          shell: msys2 {0}
      steps:
        - name: Cache ~/.cargo
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -2519,8 +2562,9 @@ jobs:
        # preinstalled one to be picked up by configure
        - name: cbindgen
          run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen
-      - uses: actions/checkout@v3.5.3
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
          with:
            name: prep
            path: prep
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml

index c0ea14a8d9730085ec2fd6b002af9fea71d4f334..4d130f38c6644498183df2b4839b69f1be5951f0 100644 (file)
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -6,6 +6,10 @@ on:
      paths-ignore:
        - "doc/**"
  
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  permissions: read-all
  jobs:
   Fuzzing:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml

index 3d13d276b02a1f2cfa725a79588b74ced9b54281..297317efb873020e0669724890145cf834d71bbc 100644 (file)
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -13,6 +13,12 @@ on:
    schedule:
      - cron: '18 21 * * 1'
  
+permissions: read-all
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  jobs:
    analyze:
      name: Analyze
@@ -31,13 +37,14 @@ jobs:
          # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
      steps:
      - name: Checkout repository
-      uses: actions/checkout@v3.5.3
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
  
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3.26.12
        with:
          languages: ${{ matrix.language }}
+        queries: security-extended
  
      - run: |
         sudo apt-get update
@@ -55,4 +62,4 @@ jobs:
         ./configure
         make
      - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3.26.12
diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml

index 12368cb54cfb835479e3572cf71a92cc20629f25..18908ead0bbcfa0e8c7bdc3ead363cdf4585fa7a 100644 (file)
--- a/.github/workflows/commits.yml
+++ b/.github/workflows/commits.yml
@@ -5,6 +5,10 @@ on:
  
  permissions: read-all
  
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  env:
    DEBIAN_FRONTEND: "noninteractive"
  
@@ -16,7 +20,7 @@ jobs:
      container: ubuntu:20.04
      steps:
        - name: Caching ~/.cargo
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo
            key: commit-check-cargo
@@ -71,7 +75,7 @@ jobs:
            cd $HOME/.cargo/bin
            curl -OL https://github.com/eqrion/cbindgen/releases/download/v0.24.3/cbindgen
            chmod 755 cbindgen
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
          with:
            fetch-depth: 0
        # The action above is supposed to do this for us, but it doesn't appear to stick.
@@ -97,7 +101,7 @@ jobs:
                make -ik distclean > /dev/null
            done
        - run: sccache -s
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
          name: Uploading build log
          if: always()
          with:
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml

index 03a8e81169f5b592f1a5ad7b4f9a05613513e75b..1d8900a18b6a9ead7f2effef641b207029213456 100644 (file)
--- a/.github/workflows/formatting.yml
+++ b/.github/workflows/formatting.yml
@@ -12,6 +12,10 @@ on:
      paths-ignore:
        - "doc/**"
  
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  permissions: read-all
  
  env:
@@ -29,7 +33,7 @@ jobs:
  
        # Cache Rust stuff.
        - name: Cache cargo registry
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo/registry
            key: cargo-registry
@@ -85,7 +89,7 @@ jobs:
        # My patience simply ran too short to keep on looking. See follow-on
        # action to manually fix this up.
        - name: Checkout - might be merge commit!
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
          with:
            fetch-depth: 0
          # Use last commit of branch, not potential merge commit!
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml

index b25c1bab5872d09e813752b181d0f26a2f5a51a4..47dcb2f3776fed571812822b2faac8bf96d629ae 100644 (file)
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -11,6 +11,10 @@ on:
  permissions:
    contents: read #  to fetch code (actions/checkout)
  
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  jobs:
    check-rust:
      name: Check Rust
@@ -18,7 +22,7 @@ jobs:
      container: almalinux:9
      steps:
        - name: Cache rust
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo
            key: check-rust
@@ -69,7 +73,7 @@ jobs:
            echo "$HOME/.cargo/bin" >> $GITHUB_PATH
        - name: Install cbindgen
          run: cargo install --debug cbindgen
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
        - run: git config --global --add safe.directory /__w/suricata/suricata
        - run: ./scripts/bundle.sh
        - run: ./autogen.sh
diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml

index ef675297f5afda60f45bcb8d31bb823939513a28..9407471483d57e34327095239bb89261204c0093 100644 (file)
--- a/.github/workflows/scan-build.yml
+++ b/.github/workflows/scan-build.yml
@@ -8,6 +8,12 @@ on:
      paths-ignore:
        - "doc/**"
  
+permissions: read-all
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  jobs:
    scan-build:
      name: Scan-build
@@ -15,7 +21,7 @@ jobs:
      container: ubuntu:24.04
      steps:
        - name: Cache scan-build
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
          with:
            path: ~/.cargo
            key: scan-build
@@ -63,7 +69,8 @@ jobs:
                  software-properties-common \
                  zlib1g \
                  zlib1g-dev
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+      - run: git config --global --add safe.directory /__w/suricata/suricata
        - run: ./scripts/bundle.sh
        - run: ./autogen.sh
        - run: scan-build-18 ./configure --enable-dpdk --enable-nfqueue --enable-nflog
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml

index 3b661284920699f90306394eef8133843c6dcd14..b634de025f71408f1a61f365cbfd8064f6dc7817 100644 (file)
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -7,6 +7,10 @@ on:
    push:
      branches: [ master ]
  
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
  # Declare default permissions as read only.
  permissions: read-all
  
@@ -17,39 +21,36 @@ jobs:
      permissions:
        # Needed to upload the results to code-scanning dashboard.
        security-events: write
-      actions: read
-      contents: read
+      id-token: write
  
      steps:
        - name: "Checkout code"
-        uses: actions/checkout@v3.5.3
-        with:
-          persist-credentials: false
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
  
        - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v1.0.1
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
          with:
            results_file: results.sarif
            results_format: sarif
-          # Read-only PAT token. To create it,
-          # follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
            repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
-          # Publish the results to enable scorecard badges. For more details, see
-          # https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories, `publish_results` will automatically be set to `false`,
-          # regardless of the value entered here.
+          # Scorecard team runs a weekly scan of public GitHub repos,
+          # see https://github.com/ossf/scorecard#public-data.
+          # Setting `publish_results: true` helps us scale by leveraging your workflow to
+          # extract the results instead of relying on our own infrastructure to run scans.
+          # And it's free for you!
            publish_results: true
  
-      # Upload the results as artifacts (optional).
+      # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
+      # Optional.
        - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.1.2
          with:
            name: SARIF file
            path: results.sarif
            retention-days: 5
  
        # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v2 # v1.0.26
+      - name: "Upload SARIF results"
+        uses: github/codeql-action/upload-sarif@ea2cd92c21b192add69983116b8b3222b09da33b # v1
          with:
            sarif_file: results.sarif
author	Jason Ish <jason.ish@oisf.net>
	Wed, 16 Oct 2024 18:36:17 +0000 (12:36 -0600)
committer	Victor Julien <victor@inliniac.net>
	Thu, 17 Oct 2024 10:38:58 +0000 (12:38 +0200)
.github/workflows/authors-done.yml		patch \| blob \| blame \| history
.github/workflows/authors.yml		patch \| blob \| blame \| history
.github/workflows/builds.yml		patch \| blob \| blame \| history
.github/workflows/cifuzz.yml		patch \| blob \| blame \| history
.github/workflows/codeql.yml		patch \| blob \| blame \| history
.github/workflows/commits.yml		patch \| blob \| blame \| history
.github/workflows/formatting.yml		patch \| blob \| blame \| history
.github/workflows/rust.yml		patch \| blob \| blame \| history
.github/workflows/scan-build.yml		patch \| blob \| blame \| history
.github/workflows/scorecards-analysis.yml		patch \| blob \| blame \| history