From: Jason Ish Date: Fri, 21 Jan 2022 21:29:48 +0000 (-0600) Subject: github-ci: pin actions to specific versions X-Git-Tag: suricata-7.0.0-beta1~961 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=234a44bf852dd2e98c8a53e3fb9381199c3d8842;p=thirdparty%2Fsuricata.git github-ci: pin actions to specific versions Resolve the GitHub scanning pinned-dependencies for most of our GitHub actions. The oss-fuzz actions have not been updated. --- diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 2f97b5f9e5..18e8211db8 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Cache ~/.cargo - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo key: cargo @@ -113,7 +113,7 @@ jobs: - name: Cleaning up run: rm -rf libhtp suricata-update suricata-verify - name: Uploading prep archive - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 with: name: prep path: . @@ -123,7 +123,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Cache ~/.cargo - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo key: cbindgen @@ -137,7 +137,7 @@ jobs: cargo install --target x86_64-unknown-linux-musl --debug cbindgen cp $HOME/.cargo/bin/cbindgen . - name: Uploading prep archive - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 with: name: prep path: . @@ -150,12 +150,12 @@ jobs: steps: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry - - uses: actions/checkout@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # Prebuild check for duplicat SIDs - name: Check for duplicate SIDs @@ -168,7 +168,7 @@ jobs: # Download and extract dependency archives created during prep # job. - - uses: actions/download-artifact@v2 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -249,7 +249,7 @@ jobs: run: | mkdir dist mv suricata-*.tar.gz dist - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 name: Uploading distribution with: name: dist @@ -295,7 +295,7 @@ jobs: which \ zlib-devel - name: Download suricata.tar.gz - uses: actions/download-artifact@v2 + uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: dist - run: tar zxvf suricata-*.tar.gz --strip-components=1 @@ -312,7 +312,7 @@ jobs: - run: make distcheck - run: make clean - run: make -j2 - - uses: actions/download-artifact@v2 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -328,7 +328,7 @@ jobs: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -369,8 +369,8 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -415,7 +415,7 @@ jobs: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -456,8 +456,8 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -502,7 +502,7 @@ jobs: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -542,8 +542,8 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -576,7 +576,7 @@ jobs: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -614,8 +614,8 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -683,8 +683,8 @@ jobs: exuberant-ctags \ curl \ dpdk-dev - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -761,8 +761,8 @@ jobs: exuberant-ctags \ curl \ dpdk-dev - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -842,8 +842,8 @@ jobs: time \ wget \ dpdk-dev - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -913,8 +913,8 @@ jobs: zlib1g-dev \ exuberant-ctags \ dpdk-dev - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -989,7 +989,7 @@ jobs: - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.33.0 -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Download suricata.tar.gz - uses: actions/download-artifact@v2 + uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: dist - run: tar zxvf suricata-*.tar.gz --strip-components=1 @@ -1010,7 +1010,7 @@ jobs: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -1051,8 +1051,8 @@ jobs: zlib1g \ zlib1g-dev \ exuberant-ctags - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -1081,7 +1081,7 @@ jobs: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -1135,8 +1135,8 @@ jobs: - name: Install Coccinelle run: | apt -y install coccinelle - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -1175,7 +1175,7 @@ jobs: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -1213,8 +1213,8 @@ jobs: zlib1g \ zlib1g-dev - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -1266,7 +1266,7 @@ jobs: run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain ${RUST_VERSION_MIN} -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Download suricata.tar.gz - uses: actions/download-artifact@v2 + uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: dist - name: Extract @@ -1289,7 +1289,7 @@ jobs: steps: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -1332,8 +1332,8 @@ jobs: - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -1393,8 +1393,8 @@ jobs: - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -1421,7 +1421,7 @@ jobs: steps: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -1446,9 +1446,9 @@ jobs: run: cargo install --force --debug --version 0.14.1 cbindgen - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: pip3 install PyYAML - - uses: actions/checkout@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 - name: Downloading prep archive - uses: actions/download-artifact@v2 + uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep @@ -1469,8 +1469,8 @@ jobs: run: shell: msys2 {0} steps: - - uses: actions/checkout@v2 - - uses: msys2/setup-msys2@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: msys2/setup-msys2@fa138fa56e2558760b9f2205135313c7345c5f3f with: msystem: MINGW64 update: true @@ -1479,8 +1479,8 @@ jobs: # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.14.1 cbindgen - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 + - uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 with: name: prep path: prep diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index fac19f9966..d7af311291 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -13,7 +13,7 @@ jobs: container: ubuntu:18.04 steps: - name: Caching ~/.cargo - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo key: commit-check-cargo @@ -67,7 +67,7 @@ jobs: cd $HOME/.cargo/bin curl -OL https://github.com/eqrion/cbindgen/releases/download/v0.15.0/cbindgen chmod 755 cbindgen - - uses: actions/checkout@v1 + - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 - run: git fetch - run: git clone https://github.com/OISF/libhtp -b 0.5.x - name: Building all commits @@ -86,7 +86,7 @@ jobs: make -ik distclean > /dev/null done - run: sccache -s - - uses: actions/upload-artifact@v2-preview + - uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 name: Uploading build log if: always() with: diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index b1c040058f..7671a69686 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -22,7 +22,7 @@ jobs: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -82,7 +82,7 @@ jobs: # My patience simply ran too short to keep on looking. See follow-on # action to manually fix this up. - name: Checkout - might be merge commit! - uses: actions/checkout@v1 + uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # Use last commit of branch, not potential merge commit! # # This works perfectly well on pull requests within forked repos, but