diff --git a/.github/ISSUE_TEMPLATE/release-workspace-members.md b/.github/ISSUE_TEMPLATE/release-workspace-members.md index 78ef518e4..8eb00310b 100644 --- a/.github/ISSUE_TEMPLATE/release-workspace-members.md +++ b/.github/ISSUE_TEMPLATE/release-workspace-members.md @@ -39,6 +39,7 @@ Replace the items in the task lists below with the applicable Pull Requests 2. Adjust the version `RUST_TOOLCHAIN_VERSION` in the workflows: - `.github/workflows/build.yml` - `.github/workflows/pre_commit.yaml` + - `.github/workflows/publish-docs.yaml` 3. Add a changelog entry. 4. Update any actions (using the Git commit hash) in the workflows. Hint: Also make sure that the `cargo-udeps` action is up-to-date, otherwise the CI might diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b1a682d62..6dde1df81 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,11 +17,13 @@ env: CARGO_TERM_COLOR: always CARGO_INCREMENTAL: '0' CARGO_PROFILE_DEV_DEBUG: '0' - RUST_TOOLCHAIN_VERSION: "1.82.0" + RUST_TOOLCHAIN_VERSION: "1.84.1" RUSTFLAGS: "-D warnings" RUSTDOCFLAGS: "-D warnings" RUST_LOG: "info" +permissions: {} + jobs: # Identify unused dependencies run_udeps: @@ -30,14 +32,16 @@ jobs: env: RUSTC_BOOTSTRAP: 1 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 with: key: udeps - - run: cargo install --locked cargo-udeps@0.1.50 + - run: cargo install --locked cargo-udeps@0.1.55 - run: cargo udeps --all-targets --all-features run_cargodeny: @@ -53,8 +57,10 @@ jobs: continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1.6.3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - uses: EmbarkStudios/cargo-deny-action@0484eedcba649433ebd03d9b7c9c002746bbc4b9 # v2.0.6 with: command: check ${{ matrix.checks }} @@ -62,12 +68,14 @@ jobs: name: Run Rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt - - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 with: key: fmt - run: cargo fmt --all -- --check @@ -80,14 +88,15 @@ jobs: run: | sudo apt-get update sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: + persist-credentials: false submodules: recursive - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: clippy - - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 with: key: clippy - name: Run clippy action to produce annotations @@ -112,12 +121,14 @@ jobs: name: Run RustDoc runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt - - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 with: key: doc - run: cargo doc --document-private-items @@ -130,7 +141,9 @@ jobs: - run_rustdoc runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} @@ -138,7 +151,7 @@ jobs: # for our cases. # See: https://github.com/dtolnay/trybuild/issues/236#issuecomment-1620950759 components: rust-src - - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 with: key: test - run: cargo test --all-features diff --git a/.github/workflows/daily_security.yml b/.github/workflows/daily_security.yml index 80a434347..e071feea7 100644 --- a/.github/workflows/daily_security.yml +++ b/.github/workflows/daily_security.yml @@ -6,11 +6,15 @@ on: - cron: '15 4 * * *' workflow_dispatch: +permissions: {} + jobs: audit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr_pre-commit.yaml b/.github/workflows/pr_pre-commit.yaml index 73590cf69..cad006a1b 100644 --- a/.github/workflows/pr_pre-commit.yaml +++ b/.github/workflows/pr_pre-commit.yaml @@ -7,16 +7,18 @@ on: env: CARGO_TERM_COLOR: always RUST_TOOLCHAIN_VERSION: "nightly-2025-01-15" - HADOLINT_VERSION: "v1.17.6" + +permissions: {} jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: + persist-credentials: false fetch-depth: 0 - - uses: stackabletech/actions/run-pre-commit@9bd13255f286e4b7a654617268abe1b2f37c3e0a # v0.3.0 + - uses: stackabletech/actions/run-pre-commit@2d3d7ddad981ae09901d45a0f6bf30c2658b1b78 # v0.7.0 with: rust: ${{ env.RUST_TOOLCHAIN_VERSION }} # rust-src is required for trybuild stderr output comparison to work diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index e16f83eaa..3ab7055da 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -13,7 +13,9 @@ on: - crates/** env: - RUST_TOOLCHAIN_VERSION: "1.82.0" + RUST_TOOLCHAIN_VERSION: "1.84.1" + +permissions: {} jobs: build-docs: @@ -21,6 +23,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - uses: dtolnay/rust-toolchain@master with: diff --git a/rust-toolchain.toml b/rust-toolchain.toml index 2e2b8c852..fcb78ec56 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,2 +1,2 @@ [toolchain] -channel = "1.82.0" +channel = "1.84.1"