diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 91aa869b62..d7440d3f70 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Build in Docker run: scripts/build-in-docker.sh @@ -39,7 +39,7 @@ jobs: - name: Rename Binary run: mv target/*/release/sentry-cli sentry-cli-Linux-${{ matrix.arch }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: artifact-bin-linux-${{ matrix.arch }} path: sentry-cli-Linux-${{ matrix.arch }} @@ -59,7 +59,7 @@ jobs: runs-on: macos-14 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Add Rustup Target run: rustup target add ${{ matrix.target }} @@ -70,7 +70,7 @@ jobs: - name: Rename Binary run: mv target/${{ matrix.target }}/release/sentry-cli sentry-cli-Darwin-${{ matrix.arch }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: unsigned-bin-macos-${{ matrix.arch }} path: sentry-cli-Darwin-${{ matrix.arch }} @@ -82,7 +82,7 @@ jobs: runs-on: macos-14 steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1 with: pattern: unsigned-bin-macos-* merge-multiple: true @@ -90,7 +90,7 @@ jobs: - name: Link universal binary run: lipo -create -output sentry-cli-Darwin-universal sentry-cli-Darwin-x86_64 sentry-cli-Darwin-arm64 - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: unsigned-bin-macos-universal path: sentry-cli-Darwin-universal @@ -115,7 +115,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Install `rcodesign` run: | @@ -135,7 +135,7 @@ jobs: echo "$APPLE_API_KEY" | base64 --decode > ${{ env.APPLE_API_KEY_PATH }} - name: Download unsigned binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1 with: name: unsigned-bin-macos-${{ matrix.arch }} @@ -160,7 +160,7 @@ jobs: sentry-cli-Darwin-${{ matrix.arch }}.zip - name: Upload signed binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: artifact-bin-macos-${{ matrix.arch }} path: sentry-cli-Darwin-${{ matrix.arch }} @@ -179,7 +179,7 @@ jobs: runs-on: windows-2019 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 # When rustup is updated, it tries to replace its binary, which on Windows is somehow locked. # This can result in the CI failure, see: https://github.com/rust-lang/rustup/issues/3029 @@ -196,7 +196,7 @@ jobs: - name: Rename Binary run: mv target/${{ env.TARGET }}/release/sentry-cli.exe sentry-cli-Windows-${{ matrix.arch }}.exe - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: artifact-bin-windows-${{ matrix.arch }} path: sentry-cli-Windows-${{ matrix.arch }}.exe @@ -208,14 +208,14 @@ jobs: needs: [linux, macos, macos_universal, windows] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - - uses: actions/setup-node@v1 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # 4.3.0 with: node-version: '20.10.0' - name: Download compiled binaries - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1 with: pattern: artifact-bin-* merge-multiple: true @@ -228,7 +228,7 @@ jobs: - run: npm pack - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: artifact-pkg-node path: '*.tgz' @@ -238,14 +238,14 @@ jobs: name: python (base) runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Add Rustup Target run: rustup target add x86_64-unknown-linux-musl - - uses: actions/setup-python@v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # 5.4.0 with: python-version: '3.11' - run: python3 -m pip install build && python3 -m build - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: python-base path: dist/* @@ -256,22 +256,22 @@ jobs: runs-on: ubuntu-24.04 needs: [linux, sign-macos-binaries, windows, python-base] steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # 5.4.0 with: python-version: '3.11' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1 with: pattern: artifact-bin-* merge-multiple: true path: binaries - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1 with: name: python-base merge-multiple: true path: python-base - run: scripts/wheels --binaries binaries --base python-base --dest dist - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: artifact-pkg-python path: dist/* @@ -282,11 +282,11 @@ jobs: runs-on: ubuntu-24.04 needs: [linux, sign-macos-binaries, windows] steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # 4.3.0 with: node-version: '20.10.0' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1 with: pattern: artifact-bin-* merge-multiple: true @@ -313,7 +313,7 @@ jobs: done - name: Upload packaged npm binary distributions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: artifact-npm-binary-distributions path: npm-binary-distributions/*/*.tgz @@ -333,20 +333,20 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # 6.15.0 with: context: . push: true @@ -363,7 +363,7 @@ jobs: packages: write steps: - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -380,7 +380,7 @@ jobs: runs-on: ubuntu-24.04 needs: [linux, sign-macos-binaries, windows, npm-distributions, node, python] steps: - - uses: actions/upload-artifact/merge@v4 + - uses: actions/upload-artifact/merge@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: # Craft expects release assets to be a single artifact named after the sha. name: ${{ github.sha }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9482905f77..95608e42f3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,12 +17,12 @@ jobs: name: Lint runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Install Rust Toolchain run: rustup toolchain install stable --profile minimal --component clippy --component rustfmt --no-self-update - - uses: swatinem/rust-cache@v2 + - uses: swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # 2.7.8 - name: Run Rustfmt run: cargo fmt --all -- --check @@ -40,9 +40,9 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - - uses: swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b # pin@v1 + - uses: swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # 2.7.8 with: key: ${{ github.job }} @@ -59,10 +59,10 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # 4.3.0 with: node-version: ${{ matrix.node-version }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a97be20a38..44e98fcfb1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -33,11 +33,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@e0e5ded33cabb451ae0a9768fc7b0410bad9ad44 # pin@v2 + uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # 3.28.12 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -48,7 +48,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@e0e5ded33cabb451ae0a9768fc7b0410bad9ad44 # pin@v2 + uses: github/codeql-action/autobuild@5f8171a638ada777af81d42b55959a643bb29017 # 3.28.12 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions @@ -59,4 +59,4 @@ jobs: # make bootstrap # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e0e5ded33cabb451ae0a9768fc7b0410bad9ad44 # pin@v2 + uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # 3.28.12 diff --git a/.github/workflows/release-ghcr-latest-tag.yml b/.github/workflows/release-ghcr-latest-tag.yml index c40a5e7373..194dd13670 100644 --- a/.github/workflows/release-ghcr-latest-tag.yml +++ b/.github/workflows/release-ghcr-latest-tag.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Log in to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/release-ghcr-version-tag.yml b/.github/workflows/release-ghcr-version-tag.yml index 36351d2855..6dd3784f80 100644 --- a/.github/workflows/release-ghcr-version-tag.yml +++ b/.github/workflows/release-ghcr-version-tag.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Log in to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 328e761916..31354b033d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,12 +22,12 @@ jobs: with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Prepare release - uses: getsentry/action-prepare-release@v1 + uses: getsentry/action-prepare-release@3cea80dc3938c0baf5ec4ce752ecb311f8780cdc # 1.6.4 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: