Skip to content

Commit af537a2

Browse files
elopezelopez
committed
Pin GitHub Actions to commit SHAs
1 parent cffb401 commit af537a2

File tree

5 files changed

+35
-35
lines changed

5 files changed

+35
-35
lines changed

.github/workflows/action.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,10 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- name: Checkout
16-
uses: actions/checkout@v6
16+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
1717

1818
- name: Assert test
19-
uses: crytic/echidna-action@v2
19+
uses: crytic/echidna-action@f7e374e42bf7131f7307a92f5549ed6b2fd17c9d # v2
2020
with:
2121
files: "tests/solidity/basic/assert.sol"
2222
contract: "TestAssert"
@@ -25,7 +25,7 @@ jobs:
2525
negate-exit-status: 1
2626

2727
- name: Multi-abi test
28-
uses: crytic/echidna-action@v2
28+
uses: crytic/echidna-action@f7e374e42bf7131f7307a92f5549ed6b2fd17c9d # v2
2929
with:
3030
files: "tests/solidity/basic/multi-abi.sol"
3131
contract: "B"

.github/workflows/ci.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
run: brew install automake
3939

4040
- name: Get Packages (Windows)
41-
uses: msys2/setup-msys2@v2
41+
uses: msys2/setup-msys2@cafece8e6baf9247cf9b1bf95097b0b983cc558d # v2
4242
if: runner.os == 'Windows'
4343
id: msys2
4444
with:
@@ -61,7 +61,7 @@ jobs:
6161
openssl:p
6262
6363
- name: Install Stack
64-
uses: haskell-actions/setup@v2
64+
uses: haskell-actions/setup@f9150cb1d140e9a9271700670baa38991e6fa25c # v2
6565
id: stack
6666
if: matrix.container == ''
6767
with:
@@ -128,10 +128,10 @@ jobs:
128128
MSYS2_LOCATION: ${{ steps.msys2.outputs.msys2-location }}
129129

130130
- name: Checkout
131-
uses: actions/checkout@v6
131+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
132132

133133
- name: Cache Local
134-
uses: actions/cache@v5
134+
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
135135
with:
136136
path: |
137137
~/.local
@@ -143,7 +143,7 @@ jobs:
143143
printf "\nflags:\n hevm:\n static-secp256k1: true\n echidna:\n static: true\n" >> stack.yaml
144144
145145
- name: Cache Stack & Cabal
146-
uses: actions/cache@v5
146+
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
147147
with:
148148
path: |
149149
.stack-work
@@ -188,7 +188,7 @@ jobs:
188188
run: GZIP=-9 tar -czf echidna.tar.gz -C $APPDATA/local/bin/ echidna.exe
189189

190190
- name: Upload artifact
191-
uses: actions/upload-artifact@v7
191+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
192192
with:
193193
name: echidna-${{ runner.os }}
194194
path: echidna.tar.gz
@@ -202,7 +202,7 @@ jobs:
202202
203203
- name: Upload testsuite
204204
if: runner.os != 'macOS'
205-
uses: actions/upload-artifact@v7
205+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
206206
with:
207207
name: echidna-testsuite-${{ runner.os }}
208208
path: echidna-testsuite*
@@ -231,12 +231,12 @@ jobs:
231231

232232
steps:
233233
- name: Checkout
234-
uses: actions/checkout@v6
234+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
235235
with:
236236
submodules: recursive
237237

238238
- name: Setup Python
239-
uses: actions/setup-python@v6
239+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
240240
with:
241241
python-version: '3.10'
242242

@@ -252,10 +252,10 @@ jobs:
252252
SOLC_VER: ${{ matrix.solc }}
253253

254254
- name: Install Foundry
255-
uses: foundry-rs/foundry-toolchain@v1
255+
uses: foundry-rs/foundry-toolchain@8789b3e21e6c11b2697f5eb56eddae542f746c10 # v1
256256

257257
- name: Download testsuite
258-
uses: actions/download-artifact@v8
258+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
259259
with:
260260
name: echidna-testsuite-${{ runner.os }}
261261

.github/workflows/docker.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,14 +27,14 @@ jobs:
2727
PLATFORM: "${{ matrix.platform }}"
2828

2929
- name: Set up Docker Buildx
30-
uses: docker/setup-buildx-action@v4
30+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
3131
id: buildx
3232
with:
3333
install: true
3434

3535
- name: Set Docker metadata (Ubuntu & NVM variant)
3636
id: meta-ubuntu
37-
uses: docker/metadata-action@v6
37+
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
3838
with:
3939
images: |
4040
ghcr.io/${{ github.repository }}/echidna
@@ -53,21 +53,21 @@ jobs:
5353
} >> "$GITHUB_OUTPUT"
5454
5555
- name: GitHub Container Registry Login
56-
uses: docker/login-action@v4
56+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
5757
with:
5858
registry: ghcr.io
5959
username: ${{ github.actor }}
6060
password: ${{ secrets.GITHUB_TOKEN }}
6161

6262
- name: Docker Hub Login
63-
uses: docker/login-action@v4
63+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
6464
if: github.repository == 'crytic/echidna'
6565
with:
6666
username: ${{ secrets.DOCKERHUB_USERNAME }}
6767
password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
6868

6969
- name: Docker Build and Push (Ubuntu & NVM variant)
70-
uses: docker/build-push-action@v7
70+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7
7171
id: build-ubuntu
7272
with:
7373
platforms: ${{ matrix.platform }}
@@ -87,7 +87,7 @@ jobs:
8787
DIGEST_UBUNTU: "${{ steps.build-ubuntu.outputs.digest }}"
8888

8989
- name: Upload digest
90-
uses: actions/upload-artifact@v7
90+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
9191
with:
9292
name: digests-${{ env.PLATFORM_PAIR }}
9393
path: ${{ runner.temp }}/digests/*
@@ -101,32 +101,32 @@ jobs:
101101
- build
102102
steps:
103103
- name: Download digests
104-
uses: actions/download-artifact@v8
104+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
105105
with:
106106
path: ${{ runner.temp }}/digests
107107
pattern: digests-*
108108
merge-multiple: true
109109

110110
- name: GitHub Container Registry Login
111-
uses: docker/login-action@v4
111+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
112112
with:
113113
registry: ghcr.io
114114
username: ${{ github.actor }}
115115
password: ${{ secrets.GITHUB_TOKEN }}
116116

117117
- name: Docker Hub Login
118-
uses: docker/login-action@v4
118+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
119119
if: github.repository == 'crytic/echidna'
120120
with:
121121
username: ${{ secrets.DOCKERHUB_USERNAME }}
122122
password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
123123

124124
- name: Set up Docker Buildx
125-
uses: docker/setup-buildx-action@v4
125+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
126126

127127
- name: Set Docker metadata (Ubuntu & NVM variant)
128128
id: meta-ubuntu
129-
uses: docker/metadata-action@v6
129+
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
130130
with:
131131
images: |
132132
ghcr.io/${{ github.repository }}/echidna

.github/workflows/hlint.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,10 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- name: Checkout
16-
uses: actions/checkout@v6
16+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
1717

1818
- name: Install Nix
19-
uses: cachix/install-nix-action@v31
19+
uses: cachix/install-nix-action@51f3067b56fe8ae331890c77d4e454f6d60615ff # v31
2020
with:
2121
nix_path: nixpkgs=channel:nixos-unstable
2222

.github/workflows/release.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -41,13 +41,13 @@ jobs:
4141
system: aarch64-darwin
4242
steps:
4343
- name: Checkout
44-
uses: actions/checkout@v6
44+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
4545

4646
- name: Install Nix
47-
uses: DeterminateSystems/nix-installer-action@v21
47+
uses: DeterminateSystems/nix-installer-action@c5a866b6ab867e88becbed4467b93592bce69f8a # v21
4848

4949
- name: Configure Cachix
50-
uses: cachix/cachix-action@v17
50+
uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c # v17
5151
with:
5252
name: trailofbits
5353
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -77,7 +77,7 @@ jobs:
7777
NIX_SYSTEM: ${{ matrix.system }}
7878

7979
- name: Upload artifact
80-
uses: actions/upload-artifact@v7
80+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
8181
with:
8282
name: echidna-redistributable-${{ matrix.tuple }}
8383
path: echidna-${{ steps.version.outputs.version }}-${{ matrix.tuple }}.tar.gz
@@ -93,21 +93,21 @@ jobs:
9393
id-token: write
9494
steps:
9595
- name: Checkout
96-
uses: actions/checkout@v6
96+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
9797

9898
- name: Download binaries
99-
uses: actions/download-artifact@v8
99+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
100100
with:
101101
pattern: echidna-redistributable-*
102102
merge-multiple: true
103103

104104
- name: Sign binaries
105-
uses: sigstore/gh-action-sigstore-python@v3.2.0
105+
uses: sigstore/gh-action-sigstore-python@a5caf349bc536fbef3668a10ed7f5cd309a4b53d # v3.2.0
106106
with:
107107
inputs: ./echidna-*.tar.gz
108108

109109
- name: Create GitHub release and upload binaries
110-
uses: softprops/action-gh-release@v2.6.1
110+
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
111111
with:
112112
draft: true
113113
name: "Echidna ${{ needs.nixBuild.outputs.version }}"

0 commit comments

Comments
 (0)