use sha-versions for most gh actions
PiperOrigin-RevId: 564669796
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index 725822a..91668d3 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -233,14 +233,14 @@
sudo apt install -y ${EXTRA_PACKAGES}
- name: Checkout the source
- uses: actions/checkout@v4
+ uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
submodules: false
fetch-depth: 1
#- name: Checkout VC9 for Python
# if: ${{ runner.os == 'Windows' && matrix.build_system == 'python' && matrix.python_version == '2.7' }}
- # uses: actions/checkout@v4
+ # uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
# with:
# repository: reider-roque/sulley-win-installer
# path: third_party/VCForPython27
@@ -338,7 +338,7 @@
cd integration
mvn -B verify
- - uses: actions/setup-python@v4
+ - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
if: ${{ matrix.build_system == 'python' }}
with:
python-version: ${{ matrix.python_version }}
@@ -367,7 +367,7 @@
steps:
- name: Checkout the source
- uses: actions/checkout@v4
+ uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
submodules: false
fetch-depth: 1
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 0dfd5a8..03da18b 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,11 +31,11 @@
steps:
- name: Checkout repository
- uses: actions/checkout@v4
+ uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@43750fe4fc4f068f04f2215206e6f6a29c78c763 # v2.14.4
with:
languages: ${{ matrix.language }}
# CodeQL is currently crashing on files with large lists:
@@ -47,7 +47,7 @@
- if: matrix.language == 'cpp'
name: Build CPP
- uses: github/codeql-action/autobuild@v2
+ uses: github/codeql-action/autobuild@43750fe4fc4f068f04f2215206e6f6a29c78c763 # v2.14.4
- if: matrix.language == 'cpp' || matrix.language == 'java'
name: Build Java
@@ -57,7 +57,7 @@
- if: matrix.language == 'javascript'
name: Build JS
- uses: github/codeql-action/autobuild@v2
+ uses: github/codeql-action/autobuild@43750fe4fc4f068f04f2215206e6f6a29c78c763 # v2.14.4
- if: matrix.language == 'cpp' || matrix.language == 'python'
name: Build Python
@@ -65,7 +65,7 @@
python setup.py build_ext
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@43750fe4fc4f068f04f2215206e6f6a29c78c763 # v2.14.4
with:
category: "/language:${{matrix.language}}"
ref: "${{ github.ref != 'master' && github.ref || '/refs/heads/master' }}"
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index 2ca7d42..14c2dcb 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -28,7 +28,7 @@
fuzz-seconds: 600
dry-run: false
- name: Upload Crash
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
if: failure()
with:
name: artifacts
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 89acdf3..00b2b33 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -13,6 +13,8 @@
- v*.*.*
release:
types: [ published ]
+ pull_request:
+ types: [opened, reopened, labeled, synchronize]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
@@ -46,12 +48,12 @@
steps:
- name: Checkout the source
- uses: actions/checkout@v4
+ uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
submodules: false
fetch-depth: 1
- - uses: actions/cache@v3
+ - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
id: cache-vcpkg
with:
path: vcpkg
@@ -100,14 +102,13 @@
cmake --build out --config Release --target install
cp LICENSE prefix/bin/LICENSE.brotli
- name: Upload artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: brotli-${{matrix.triplet}}
path: |
prefix/bin/*
- name: Package release zip
- if: github.event_name == 'release'
shell: 'powershell'
run: |
Compress-Archive -Path prefix\bin\* `
@@ -115,7 +116,7 @@
- name: Upload binaries to release
if: github.event_name == 'release'
- uses: AButler/upload-release-assets@v2.0
+ uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
with:
files: brotli-${{matrix.triplet}}.zip
- repo-token: ${{ secrets.GITHUB_TOKEN }}
+ tag_name: dev/null
