diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index d0e3b9982a..4bba08fce7 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -34,15 +34,15 @@ jobs: # For pushes to main, compare against the previous commit BRANCH_NAME: ${{ github.event_name == 'pull_request' && github.base_ref || github.event.before }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 10 # Fetch current commit and its parent - - uses: arduino/setup-protoc@v3 + - uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - - uses: dtolnay/rust-toolchain@master + - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 with: toolchain: stable - - uses: boa-dev/criterion-compare-action@v3 + - uses: boa-dev/criterion-compare-action@adfd3a94634fe2041ce5613eb7df09d247555b87 # v3.2.4 with: branchName: ${{ env.BRANCH_NAME }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4199ecfa1f..2bb319317e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,16 +37,16 @@ jobs: sudo rm -rf /usr/local/lib/android sudo rm -rf /usr/share/dotnet df -h - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - - uses: dtolnay/rust-toolchain@master + - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 with: toolchain: ${{ matrix.rust }} components: rustfmt - name: "Set rustup profile" run: rustup set profile minimal - - uses: arduino/setup-protoc@v3 + - uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Test @@ -54,16 +54,17 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 with: + toolchain: stable components: rustfmt, clippy - - uses: taiki-e/install-action@v2 + - uses: taiki-e/install-action@d4635f2de61c8b8104d59cd4aede2060638378cc # v2.49.45 with: tool: cargo-hack - - uses: arduino/setup-protoc@v3 + - uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Format @@ -76,8 +77,8 @@ jobs: example: [opentelemetry, opentelemetry-sdk, opentelemetry-otlp, opentelemetry-zipkin] runs-on: ubuntu-latest # TODO: Check if this could be covered for Windows. The step used currently fails on Windows. steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@nightly + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dtolnay/rust-toolchain@a02741459ec5e501b9843ed30b535ca0a0376ae4 with: toolchain: nightly-2024-06-30 components: rustfmt @@ -94,11 +95,11 @@ jobs: runs-on: ${{ matrix.os }} continue-on-error: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - name: Set up Rust ${{ matrix.rust }} - uses: dtolnay/rust-toolchain@master + uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 with: toolchain: ${{ matrix.rust }} - name: Patch dependencies versions @@ -109,19 +110,20 @@ jobs: runs-on: ubuntu-latest # This uses the step `EmbarkStudios/cargo-deny-action@v1` which is only supported on Linux continue-on-error: true # Prevent sudden announcement of a new advisory from failing ci steps: - - uses: actions/checkout@v4 - - uses: EmbarkStudios/cargo-deny-action@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: EmbarkStudios/cargo-deny-action@34899fc7ba81ca6268d5947a7a16b4649013fea1 # v2.0.11 with: command: check advisories docs: continue-on-error: true runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 with: + toolchain: stable components: rustfmt - - uses: arduino/setup-protoc@v3 + - uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: doc @@ -134,25 +136,25 @@ jobs: runs-on: ubuntu-latest if: ${{ ! contains(github.event.pull_request.labels.*.name, 'dependencies') }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 with: toolchain: stable components: rustfmt,llvm-tools-preview - - uses: arduino/setup-protoc@v3 + - uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: cargo install cargo-llvm-cov - uses: taiki-e/install-action@cargo-llvm-cov + uses: taiki-e/install-action@5075451c95db43b063f20f0c8fef04c04d5bf0ba # cargo-llvm-cov - name: cargo generate-lockfile if: hashFiles('Cargo.lock') == '' run: cargo generate-lockfile - name: cargo llvm-cov run: cargo llvm-cov --locked --all-features --workspace --lcov --lib --output-path lcov.info - name: Upload to codecov.io - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: @@ -161,13 +163,13 @@ jobs: continue-on-error: true runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - - uses: dtolnay/rust-toolchain@master + - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 with: toolchain: stable - - uses: taiki-e/install-action@v2 + - uses: taiki-e/install-action@d4635f2de61c8b8104d59cd4aede2060638378cc # v2.49.45 with: tool: cargo-machete - name: cargo machete diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 5b134a932a..c26e0578fd 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -18,13 +18,14 @@ jobs: sudo rm -rf /usr/local/lib/android sudo rm -rf /usr/share/dotnet df -h - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 with: + toolchain: stable components: rustfmt - - uses: arduino/setup-protoc@v3 + - uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Run integration tests diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml index f1e1011c7b..bd38d86946 100644 --- a/.github/workflows/markdown-link-check.yml +++ b/.github/workflows/markdown-link-check.yml @@ -14,7 +14,7 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install markdown-link-check run: npm install -g markdown-link-check@3.11.2 diff --git a/.github/workflows/pr_naming.yml b/.github/workflows/pr_naming.yml index 46720f0892..643b4f3366 100644 --- a/.github/workflows/pr_naming.yml +++ b/.github/workflows/pr_naming.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: PR Conventional Commit Validation - uses: ytanikin/pr-conventional-commits@1.4.1 + uses: ytanikin/pr-conventional-commits@8267db1bacc237419f9ed0228bb9d94e94271a1d # 1.4.1 with: task_types: '["build","chore","ci","docs","feat","fix","perf","refactor","revert","test"]' add_label: 'false' diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index 4ab14ddd61..98475ab264 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -11,12 +11,13 @@ jobs: timeout-minutes: 10 if: ${{ github.event.label.name == 'semver-check' || contains(github.event.pull_request.labels.*.name, 'semver-check') }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - name: Install stable - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 with: + toolchain: stable components: rustfmt - name: cargo-semver-checks - uses: obi1kenobi/cargo-semver-checks-action@v2.6 + uses: obi1kenobi/cargo-semver-checks-action@7272cc2caa468d3e009a2b0a9cc366839348237b # v2.6