From 23f7dd8160c9c9037e1617f97aef25cbfc752ab2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 24 Feb 2024 17:41:26 +0000 Subject: [PATCH] chore(deps): pin dependencies --- .github/actions/setup-nix/action.yaml | 4 ++-- .github/scripts/arm/docker-env/Dockerfile | 2 +- .github/workflows/build.yaml | 22 +++++++++++----------- .github/workflows/ci.yaml | 22 +++++++++++----------- .github/workflows/docs.yaml | 6 +++--- .github/workflows/report.yaml | 4 ++-- .github/workflows/test.yaml | 14 +++++++------- 7 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index 324a9d1a813..aaeb54723fe 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -11,8 +11,8 @@ inputs: runs: using: composite steps: - - uses: nixbuild/nix-quick-install-action@v26 - - uses: cachix/cachix-action@v14 + - uses: nixbuild/nix-quick-install-action@1fe9e97a7bb9eea2f717fa55360c33293d5e2524 # v26 + - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 with: name: postgrest authToken: ${{ inputs.authToken }} diff --git a/.github/scripts/arm/docker-env/Dockerfile b/.github/scripts/arm/docker-env/Dockerfile index b94fcaaeeeb..8d040a88afc 100644 --- a/.github/scripts/arm/docker-env/Dockerfile +++ b/.github/scripts/arm/docker-env/Dockerfile @@ -1,6 +1,6 @@ # PostgREST docker hub image -FROM ubuntu:focal AS postgrest +FROM ubuntu:focal@sha256:bb1c41682308d7040f74d103022816d41c50d7b0c89e9d706a74b4e548636e54 AS postgrest RUN apt-get update -y \ && apt install -y --no-install-recommends libpq-dev zlib1g-dev jq gcc libnuma-dev \ diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 9f11f65f47b..7b3c768eee3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -33,7 +33,7 @@ jobs: name: Nix - Linux static runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -42,7 +42,7 @@ jobs: - name: Build static executable run: nix-build -A postgrestStatic - name: Save built executable as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: postgrest-linux-static-x64 path: result/bin/postgrest @@ -51,7 +51,7 @@ jobs: - name: Build Docker image run: nix-build -A docker.image --out-link postgrest-docker.tar.gz - name: Save built Docker image as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: postgrest-docker-x64 path: postgrest-docker.tar.gz @@ -62,7 +62,7 @@ jobs: name: Nix - MacOS runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -104,9 +104,9 @@ jobs: name: Stack - ${{ matrix.name }} runs-on: ${{ matrix.runs-on }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Stack working files cache - uses: actions/cache@v4 + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4 with: path: ${{ matrix.cache }} key: cache-stack-${{ runner.os }}-${{ hashFiles('stack.yaml.lock') }} @@ -121,7 +121,7 @@ jobs: run: strip result/postgrest* - name: Save built executable as artifact if: matrix.artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: ${{ matrix.artifact }} path: | @@ -134,7 +134,7 @@ jobs: name: Stack - FreeBSD from CirrusCI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Get FreeBSD executable from CirrusCI env: # GITHUB_SHA does weird things for pull request, so we roll our own: @@ -142,7 +142,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: .github/get_cirrusci_freebsd - name: Save executable as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: postgrest-freebsd-x64 path: postgrest @@ -157,7 +157,7 @@ jobs: name: Cabal - Linux GHC ${{ matrix.ghc }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: ghcup run: | # GHC 9.8.2 is not available in regular release channel, yet. @@ -169,7 +169,7 @@ jobs: mkdir ~/.cabal cp cabal.project.non-nix cabal.project - name: Cache - uses: actions/cache@v4 + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4 with: path: | ~/.cabal/packages diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2247a6708ea..0fc9029c214 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -44,7 +44,7 @@ jobs: GITHUB_COMMIT: ${{ github.sha }} GHC_VERSION: '9.4.8' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - id: Remote-Dir name: Unique directory name for the remote build run: echo "remotepath=postgrest-build-$(uuidgen)" >> "$GITHUB_OUTPUT" @@ -96,7 +96,7 @@ jobs: - name: Extract downloaded binaries run: tar -xvf result.tar.xz && rm result.tar.xz - name: Save aarch64 executable as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: postgrest-ubuntu-aarch64 path: result/postgrest @@ -118,7 +118,7 @@ jobs: version: ${{ steps.Identify-Version.outputs.version }} isprerelease: ${{ steps.Identify-Version.outputs.isprerelease }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - id: Identify-Version name: Identify the version to be released run: | @@ -155,7 +155,7 @@ jobs: echo "Relevant extract from CHANGELOG.md:" cat CHANGES.md - name: Save CHANGES.md as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: release-changes path: CHANGES.md @@ -171,9 +171,9 @@ jobs: env: VERSION: ${{ needs.prepare.outputs.version }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Download all artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4 with: path: artifacts - name: Create release bundle with archives for all builds @@ -198,7 +198,7 @@ jobs: artifacts/postgrest-windows-x64/postgrest.exe - name: Save release bundle - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: release-bundle path: release-bundle @@ -231,14 +231,14 @@ jobs: VERSION: ${{ needs.prepare.outputs.version }} ISPRERELEASE: ${{ needs.prepare.outputs.isprerelease }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' tools: release - name: Download Docker image - uses: actions/download-artifact@v4 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4 with: name: postgrest-docker-x64 - name: Publish images on Docker Hub @@ -286,7 +286,7 @@ jobs: VERSION: ${{ needs.prepare.outputs.version }} ISPRERELEASE: ${{ needs.prepare.outputs.isprerelease }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Publish images for ARM builds on Docker Hub uses: appleboy/ssh-action@master env: @@ -311,7 +311,7 @@ jobs: env: REMOTE_DIR: ${{ needs.arm.outputs.remotepath }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Remove uploaded files from server uses: appleboy/ssh-action@master with: diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index ec481e06129..2cdc6d661e0 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -24,7 +24,7 @@ jobs: name: Build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -37,7 +37,7 @@ jobs: name: Spellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -53,7 +53,7 @@ jobs: if: github.base_ref == 'main' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: diff --git a/.github/workflows/report.yaml b/.github/workflows/report.yaml index 61433fa5680..6b5c118480a 100644 --- a/.github/workflows/report.yaml +++ b/.github/workflows/report.yaml @@ -17,14 +17,14 @@ jobs: if: github.event.workflow_run.conclusion == 'success' || github.event.workflow_run.conclusion == 'failure' steps: - name: Download from Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4 with: github-token: ${{ github.token }} run-id: ${{ github.event.workflow_run.id }} name: loadtest.md path: artifacts - name: Upload to GitHub Checks - uses: LouisBrunner/checks-action@v2.0.0 + uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} sha: ${{ github.event.workflow_run.head_sha }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 76ed9f6f2f2..6aa8372619e 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -34,7 +34,7 @@ jobs: name: Lint & Style runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -55,7 +55,7 @@ jobs: # https://github.com/actions/runner/issues/241#issuecomment-842566950 shell: script -qec "bash --noprofile --norc -eo pipefail {0}" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -92,7 +92,7 @@ jobs: # https://github.com/actions/runner/issues/241#issuecomment-842566950 shell: script -qec "bash --noprofile --norc -eo pipefail {0}" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -112,7 +112,7 @@ jobs: name: Memory runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -126,14 +126,14 @@ jobs: name: Loadtest runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: tools: loadtest - - uses: actions-ecosystem/action-get-latest-tag@v1 + - uses: actions-ecosystem/action-get-latest-tag@b7c32daec3395a9616f88548363a42652b22d435 # v1 id: get-latest-tag with: semver_only: true @@ -142,7 +142,7 @@ jobs: postgrest-loadtest-against main ${{ steps.get-latest-tag.outputs.tag }} postgrest-loadtest-report > loadtest/loadtest.md - name: Upload report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: loadtest.md path: loadtest/loadtest.md