Skip to content

Commit

Permalink
Merge branch 'lukas/gh/maint-26-pin-github-actions' into maint-26
Browse files Browse the repository at this point in the history
* lukas/gh/maint-26-pin-github-actions:
  gh: Pin all github actions versions
  • Loading branch information
garazdawi committed Nov 13, 2024
2 parents 1e0c517 + 993a687 commit 23c81bb
Show file tree
Hide file tree
Showing 7 changed files with 56 additions and 56 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/actions-updater.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,17 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: actions/[email protected]
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # ratchet:actions/create-github-app-token@v1.11.0
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PEM }}

- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
with:
token: ${{ steps.generate_token.outputs.token }}

- name: Run GitHub Actions Version Updater
uses: saadmk11/[email protected]
uses: saadmk11/github-actions-version-updater@64be81ba69383f81f2be476703ea6570c4c8686e # ratchet:saadmk11/github-actions-version-updater@v0.8.1
with:
token: ${{ steps.generate_token.outputs.token }}
pull_request_branch: "github/actions-update"
Expand Down
76 changes: 38 additions & 38 deletions .github/workflows/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
c-code-changes: ${{ steps.c-code-changes.outputs.changes }}
all: ${{ steps.apps.outputs.all }}
steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
- uses: ./.github/actions/build-base-image
with:
BASE_BRANCH: ${{ env.BASE_BRANCH }}
Expand All @@ -61,7 +61,7 @@ jobs:
ALL_APPS=$(jq -n --arg inarr "${ALL_APPS}" '$inarr | split("\n")' | tr '\n' ' ')
echo "all=${ALL_APPS}" >> $GITHUB_OUTPUT
- name: Check which applications have changed
uses: dorny/[email protected]
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # ratchet:dorny/paths-filter@v3.0.2
id: app-changes
with:
filters: .github/scripts/path-filters.yaml
Expand All @@ -77,19 +77,19 @@ jobs:
echo "changes=${CHANGED_APPS}" >> "$GITHUB_OUTPUT"
fi
- name: Check if there are any C-code changes, if not then limit CI run
uses: dorny/[email protected]
uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # ratchet:dorny/paths-filter@v3.0.0
id: c-code-changes
with:
filters: .github/scripts/c-code-path-filters.yaml
- name: Cache pre-built src
uses: actions/[email protected]
uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # ratchet:actions/cache@v4.1.1
with:
path: otp_src.tar.gz
key: prebuilt-src-${{ github.ref_name }}-${{ github.sha }}
restore-keys: |
prebuilt-src-${{ github.base_ref }}-${{ github.event.pull_request.base.sha }}
- name: Cache pre-built binaries
uses: actions/[email protected]
uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # ratchet:actions/cache@v4.1.1
with:
path: otp_cache.tar.gz
key: prebuilt-cache-64-bit-${{ github.ref_name }}-${{ github.sha }}
Expand All @@ -98,12 +98,12 @@ jobs:
- name: Create initial pre-release tar
run: .github/scripts/init-pre-release.sh otp_archive.tar.gz otp_src.tar.gz
- name: Upload source tar archive
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: otp_git_archive
path: otp_archive.tar.gz
- name: Check how we can use the pre-built cache
uses: dorny/[email protected]
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # ratchet:dorny/paths-filter@v3.0.2
id: cache
with:
filters: |
Expand Down Expand Up @@ -142,7 +142,7 @@ jobs:
"`pwd`/.github/otp.tar.gz" \
"`pwd`/otp_archive.tar.gz"
- name: Upload restored cache
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
if: runner.debug == 1
with:
name: restored-cache
Expand All @@ -169,7 +169,7 @@ jobs:
bash -c 'set -x; C_APPS=$(ls -d ./lib/*/c_src); find Makefile ./make ./erts ./bin/`erts/autoconf/config.guess` ./lib/erl_interface ./lib/jinterface ${C_APPS} `echo "${C_APPS}" | sed -e 's:c_src$:priv:'` -type f -newer README.md \! -name "*.beam" \! -path "*/doc/*" | xargs tar --transform "s:^./:otp/:" -uvf /github/otp_cache.tar'
gzip otp_cache.tar
- name: Upload pre-built tar archives
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: otp_prebuilt
path: |
Expand All @@ -185,16 +185,16 @@ jobs:
WXWIDGETS_VERSION: 3.2.6
MACOS_VERSION: 15
steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1

- name: Download source archive
uses: actions/[email protected]
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8
with:
name: otp_prebuilt

- name: Cache wxWidgets
id: wxwidgets-cache
uses: actions/[email protected]
uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # ratchet:actions/cache@v4.1.1
with:
path: wxWidgets
key: wxWidgets-${{ env.WXWIDGETS_VERSION }}-${{ runner.os }}-${{ hashFiles('.github/scripts/build-macos-wxwidgets.sh') }}-${{ env.MACOS_VERSION }}
Expand All @@ -220,7 +220,7 @@ jobs:
./bin/erl -noshell -eval '{wx_ref,_,_,_} = wx:new(), io:format("wx ok~n"), halt().'
- name: Upload tarball
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: otp_prebuilt_macos_x86-64
path: otp/otp_macos_*_x86-64.tar.gz
Expand All @@ -233,9 +233,9 @@ jobs:
runs-on: macos-15
needs: pack
steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
- name: Download source archive
uses: actions/[email protected]
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8
with:
name: otp_prebuilt

Expand All @@ -254,7 +254,7 @@ jobs:
xcodebuild -create-xcframework -output ./liberlang.xcframework -library liberlang.a
- name: Upload framework
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: ios_framework_${{ env.TARGET_ARCH }}
path: otp/liberlang.xcframework
Expand All @@ -270,7 +270,7 @@ jobs:
needs: pack
if: needs.pack.outputs.c-code-changes
steps:
- uses: Vampire/[email protected]
- uses: Vampire/setup-wsl@23f94bc31caaddc08bd1230a00b89f872633d8d7 # ratchet:Vampire/setup-wsl@v3.1.3
with:
distribution: Ubuntu-18.04

Expand All @@ -284,7 +284,7 @@ jobs:
IF EXIST "c:\\Program Files\\OpenSSL-Win64" (move "c:\\Program Files\\OpenSSL-Win64" "c:\\OpenSSL-Win64") ELSE (move "c:\\Program Files\\OpenSSL" "c:\\OpenSSL-Win64")
- name: Cache wxWidgets
uses: actions/[email protected]
uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # ratchet:actions/cache@v4.1.1
with:
path: wxWidgets
key: wxWidgets-${{ env.WXWIDGETS_VERSION }}-${{ runner.os }}
Expand Down Expand Up @@ -326,7 +326,7 @@ jobs:
nmake TARGET_CPU=amd64 BUILD=release SHARED=0 DIR_SUFFIX_CPU= -f makefile.vc
- name: Download source archive
uses: actions/[email protected]
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8
with:
name: otp_prebuilt

Expand Down Expand Up @@ -354,7 +354,7 @@ jobs:
./otp_build installer_win32
- name: Upload installer
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: otp_win32_installer
path: otp/release/win32/otp*.exe
Expand All @@ -366,7 +366,7 @@ jobs:
if: needs.pack.outputs.c-code-changes

steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
- uses: ./.github/actions/build-base-image
with:
BASE_BRANCH: ${{ env.BASE_BRANCH }}
Expand Down Expand Up @@ -394,7 +394,7 @@ jobs:
fail-fast: false

steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
- uses: ./.github/actions/build-base-image
with:
BASE_BRANCH: ${{ env.BASE_BRANCH }}
Expand All @@ -405,7 +405,7 @@ jobs:
runs-on: ubuntu-latest
needs: pack
steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
- uses: ./.github/actions/build-base-image
with:
BASE_BRANCH: ${{ env.BASE_BRANCH }}
Expand All @@ -427,12 +427,12 @@ jobs:
rm -rf man
tar czf ../otp_doc_html.tar.gz *
- name: Upload html documentation archive
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: otp_doc_html
path: otp_doc_html.tar.gz
- name: Upload man documentation archive
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: otp_doc_man
path: otp_doc_man.tar.gz
Expand All @@ -447,7 +447,7 @@ jobs:
runs-on: ubuntu-latest
needs: pack
steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
- uses: ./.github/actions/build-base-image
with:
BASE_BRANCH: ${{ env.BASE_BRANCH }}
Expand Down Expand Up @@ -476,7 +476,7 @@ jobs:
# type: ["os_mon","sasl"]
fail-fast: false
steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
- uses: ./.github/actions/build-base-image
with:
BASE_BRANCH: ${{ env.BASE_BRANCH }}
Expand Down Expand Up @@ -513,7 +513,7 @@ jobs:
sudo bash -c "chown -R `whoami` make_test_dir && chmod -R +r make_test_dir"
tar czf ${{ matrix.type }}_test_results.tar.gz make_test_dir
- name: Upload test results
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
if: ${{ !cancelled() }}
with:
name: ${{ matrix.type }}_test_results
Expand All @@ -525,12 +525,12 @@ jobs:
if: ${{ !cancelled() }} # Run even if the need has failed
needs: test
steps:
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1
- uses: ./.github/actions/build-base-image
with:
BASE_BRANCH: ${{ env.BASE_BRANCH }}
- name: Download test results
uses: actions/[email protected]
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8
- name: Merge test results
run: |
shopt -s nullglob
Expand Down Expand Up @@ -560,14 +560,14 @@ jobs:
-e 's:\(file="erts/\)make_test_dir/[^/]*:\1test:g' \
make_test_dir/*_junit.xml
- name: Upload test results
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
if: ${{ !cancelled() }}
with:
name: test_results
path: test_results.tar.gz
- name: Upload Test Results
if: ${{ !cancelled() }}
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: Unit Test Results
path: |
Expand All @@ -594,19 +594,19 @@ jobs:
echo "tag=${TAG}" >> $GITHUB_OUTPUT
echo "vsn=${VSN}" >> $GITHUB_OUTPUT
- uses: actions/[email protected]
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # ratchet:actions/checkout@v4.2.1

## Publish the pre-built archive and docs
- name: Download source archive
uses: actions/[email protected]
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8
with:
name: otp_prebuilt
- name: Download html docs
uses: actions/[email protected]
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8
with:
name: otp_doc_html
- name: Download man docs
uses: actions/[email protected]
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4.1.8
with:
name: otp_doc_man

Expand All @@ -625,7 +625,7 @@ jobs:
sha256sum $FILES > SHA256.txt
- name: Upload pre-built and doc tar archives
uses: softprops/[email protected]
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # ratchet:softprops/action-gh-release@v2.0.8
with:
name: OTP ${{ steps.tag.outputs.vsn }}
files: |
Expand All @@ -644,7 +644,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Upload
uses: actions/[email protected]
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # ratchet:actions/upload-artifact@v4.4.3
with:
name: Event File
path: ${{ github.event_path }}
6 changes: 3 additions & 3 deletions .github/workflows/osv-scanner-scheduled.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
outputs:
versions: ${{ steps.get-versions.outputs.versions }}
steps:
- uses: actions/[email protected]
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4.1.7
- id: get-versions
name: Fetch latest 3 OTP versions
run: |
Expand All @@ -46,7 +46,7 @@ jobs:
permissions:
actions: write
steps:
- uses: actions/[email protected]
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4.1.7
with:
ref: ${{ matrix.type }}

Expand Down Expand Up @@ -74,4 +74,4 @@ jobs:
security-events: write
# Only needs to read contents
contents: read
uses: "google/osv-scanner-action/.github/workflows/[email protected]"
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f0e6719deb666cd19a0b56bc56d01161bd848b4f" # ratchet:google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5
Loading

0 comments on commit 23c81bb

Please sign in to comment.