From c044e1d433419390432f7fc4f222dadd5f0a4307 Mon Sep 17 00:00:00 2001 From: Johannes Altmanninger Date: Sat, 7 Feb 2026 15:32:50 +1100 Subject: [PATCH] update-dependencies.sh: update and pin 3rd party github workflows --- .github/workflows/autolabel_prs.yml | 2 +- .github/workflows/build_docker_images.yml | 8 ++++---- .github/workflows/lint-dependencies.yml | 4 ++-- .github/workflows/lint.yml | 6 +++--- .github/workflows/lockthreads.yml | 2 +- .github/workflows/release.yml | 18 +++++++++--------- .github/workflows/test.yml | 12 ++++++------ build_tools/update-dependencies.sh | 22 ++++++++++++++++++++++ 8 files changed, 48 insertions(+), 26 deletions(-) diff --git a/.github/workflows/autolabel_prs.yml b/.github/workflows/autolabel_prs.yml index 564992577..d232660c2 100644 --- a/.github/workflows/autolabel_prs.yml +++ b/.github/workflows/autolabel_prs.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Set label and milestone id: set-label-milestone - uses: actions/github-script@v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8, build_tools/update-dependencies.sh with: script: | const completionsLabel = 'completions'; diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml index 47d0aa095..d0b59188d 100644 --- a/.github/workflows/build_docker_images.yml +++ b/.github/workflows/build_docker_images.yml @@ -37,10 +37,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh - name: Login to Container registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0, build_tools/update-dependencies.sh with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -48,14 +48,14 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0, build_tools/update-dependencies.sh with: images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.NAMESPACE }}/${{ matrix.target }} flavor: | latest=true - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0, build_tools/update-dependencies.sh with: context: docker/context push: true diff --git a/.github/workflows/lint-dependencies.yml b/.github/workflows/lint-dependencies.yml index 035533c30..cd97aae19 100644 --- a/.github/workflows/lint-dependencies.yml +++ b/.github/workflows/lint-dependencies.yml @@ -16,8 +16,8 @@ jobs: cargo-deny: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: EmbarkStudios/cargo-deny-action@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh + - uses: EmbarkStudios/cargo-deny-action@44db170f6a7d12a6e90340e9e0fca1f650d34b14 # v2.0.15, build_tools/update-dependencies.sh with: command: check licenses arguments: --all-features --locked --exclude-dev diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 0b905ce7a..c0c9c58fd 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -9,7 +9,7 @@ jobs: format: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh - uses: ./.github/actions/rust-toolchain@stable with: components: rustfmt @@ -35,7 +35,7 @@ jobs: - rust_version: "msrv" features: "" steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh - uses: ./.github/actions/rust-toolchain with: toolchain_channel: ${{ matrix.rust_version }} @@ -49,7 +49,7 @@ jobs: rustdoc: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh - uses: ./.github/actions/rust-toolchain@stable - name: Install deps run: | diff --git a/.github/workflows/lockthreads.yml b/.github/workflows/lockthreads.yml index 4ab5fe908..60621c1a6 100644 --- a/.github/workflows/lockthreads.yml +++ b/.github/workflows/lockthreads.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write # for dessant/lock-threads to lock PRs runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v6 + - uses: dessant/lock-threads@f5f995c727ac99a91dec92781a8e34e7c839a65e # v6.0.0, build_tools/update-dependencies.sh with: github-token: ${{ github.token }} issue-inactive-days: '365' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4fd0e9eb6..cef6388dc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: name: Pre-release checks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh with: # Workaround for https://github.com/actions/checkout/issues/882 ref: ${{ inputs.version }} @@ -36,7 +36,7 @@ jobs: version: ${{ steps.version.outputs.version }} tarball-name: ${{ steps.version.outputs.tarball-name }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh with: # Workaround for https://github.com/actions/checkout/issues/882 ref: ${{ inputs.version }} @@ -61,7 +61,7 @@ jobs: sed -n 2p "$relnotes" | grep -q '^$' sed -i 1,2d "$relnotes" - name: Upload tarball artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0, build_tools/update-dependencies.sh with: name: source-tarball path: | @@ -74,7 +74,7 @@ jobs: name: Build single-file fish for Linux runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh with: # Workaround for https://github.com/actions/checkout/issues/882 ref: ${{ inputs.version }} @@ -100,7 +100,7 @@ jobs: tar -cazf fish-$(git describe)-linux-$arch.tar.xz \ -C target/$arch-unknown-linux-musl/release fish done - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0, build_tools/update-dependencies.sh with: name: Static builds for Linux path: fish-${{ inputs.version }}-linux-*.tar.xz @@ -114,19 +114,19 @@ jobs: name: Create release draft runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh with: # Workaround for https://github.com/actions/checkout/issues/882 ref: ${{ inputs.version }} - name: Download all artifacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0, build_tools/update-dependencies.sh with: merge-multiple: true path: /tmp/artifacts - name: List artifacts run: find /tmp/artifacts -type f - name: Create draft release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0, build_tools/update-dependencies.sh with: tag_name: ${{ inputs.version }} name: fish ${{ inputs.version }} @@ -142,7 +142,7 @@ jobs: runs-on: macos-latest environment: macos-codesign steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh with: # Workaround for https://github.com/actions/checkout/issues/882 ref: ${{ inputs.version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e7e75a6b0..d367bd6f6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: ubuntu: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh - uses: ./.github/actions/rust-toolchain@oldest-supported - name: Install deps uses: ./.github/actions/install-dependencies @@ -44,7 +44,7 @@ jobs: ubuntu-32bit-static-pcre2: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh - uses: ./.github/actions/rust-toolchain@oldest-supported with: targets: "i586-unknown-linux-gnu" @@ -86,7 +86,7 @@ jobs: RUSTFLAGS: "-Zsanitizer=address" # RUSTFLAGS: "-Zsanitizer=memory -Zsanitizer-memory-track-origins" steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh # All -Z options require running nightly - uses: dtolnay/rust-toolchain@nightly with: @@ -134,7 +134,7 @@ jobs: # of crates.io, so give this a try. It's also sometimes significantly faster on all platforms. CARGO_NET_GIT_FETCH_WITH_CLI: true steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh - uses: ./.github/actions/rust-toolchain@oldest-supported - name: Install deps run: | @@ -161,8 +161,8 @@ jobs: run: shell: msys2 {0} steps: - - uses: actions/checkout@v6 - - uses: msys2/setup-msys2@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0, build_tools/update-dependencies.sh with: update: true msystem: MSYS diff --git a/build_tools/update-dependencies.sh b/build_tools/update-dependencies.sh index 22deec7a5..1fc92cecf 100755 --- a/build_tools/update-dependencies.sh +++ b/build_tools/update-dependencies.sh @@ -13,6 +13,28 @@ sort --version-sort