From 980d6b259f5cda94dd051d4154a30cf5e83efd1f Mon Sep 17 00:00:00 2001 From: Koral Kulacoglu Date: Fri, 10 Oct 2025 13:00:55 -0400 Subject: [PATCH] fix: pin GitHub Actions to SHA hashes --- .github/workflows/cron-daily-fuzz.yml | 2 +- .../workflows/cron-weekly-update-nightly.yml | 4 ++-- .github/workflows/rust.yml | 20 +++++++++---------- .github/workflows/shellcheck.yml | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/cron-daily-fuzz.yml b/.github/workflows/cron-daily-fuzz.yml index 6d8c00208..aeb2e6699 100644 --- a/.github/workflows/cron-daily-fuzz.yml +++ b/.github/workflows/cron-daily-fuzz.yml @@ -47,7 +47,7 @@ roundtrip_semantic, fuzz/target target key: cache-${{ matrix.target }}-${{ hashFiles('**/Cargo.toml','**/Cargo.lock') }} - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable with: toolchain: '1.65.0' - name: fuzz diff --git a/.github/workflows/cron-weekly-update-nightly.yml b/.github/workflows/cron-weekly-update-nightly.yml index b31ad20cc..c6457d374 100644 --- a/.github/workflows/cron-weekly-update-nightly.yml +++ b/.github/workflows/cron-weekly-update-nightly.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@nightly + - uses: dtolnay/rust-toolchain@55d80eb3c5a4228eec5390a083c092095115c6f1 # nightly - name: Update rust.yml to use latest nightly run: | set -x @@ -29,7 +29,7 @@ jobs: fi - name: Create Pull Request if: env.changes_made == 'true' - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: token: ${{ secrets.APOELSTRA_CREATE_PR_TOKEN }} author: Update Nightly Rustc Bot diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 5c2097b1a..ff54cdf41 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -37,7 +37,7 @@ jobs: ref: c3324024ced9bb1eb854397686919c3ff7d97e1e path: maintainer-tools - name: "Select toolchain" - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable - name: "Set dependencies" run: cp Cargo-${{ matrix.dep }}.lock Cargo.lock - name: "Run test script" @@ -61,7 +61,7 @@ jobs: ref: c3324024ced9bb1eb854397686919c3ff7d97e1e path: maintainer-tools - name: "Select toolchain" - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ needs.Prepare.outputs.nightly_version }} - name: "Set dependencies" @@ -86,7 +86,7 @@ jobs: ref: c3324024ced9bb1eb854397686919c3ff7d97e1e path: maintainer-tools - name: "Select toolchain" - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable with: toolchain: "1.63.0" - name: "Set dependencies" @@ -112,7 +112,7 @@ jobs: ref: c3324024ced9bb1eb854397686919c3ff7d97e1e path: maintainer-tools - name: "Select toolchain" - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ needs.Prepare.outputs.nightly_version }} - name: "Install clippy" @@ -139,7 +139,7 @@ jobs: ref: c3324024ced9bb1eb854397686919c3ff7d97e1e path: maintainer-tools - name: "Select toolchain" - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable - name: "Set dependencies" run: cp Cargo-${{ matrix.dep }}.lock Cargo.lock - name: "Run test script" @@ -163,7 +163,7 @@ jobs: ref: c3324024ced9bb1eb854397686919c3ff7d97e1e path: maintainer-tools - name: "Select toolchain" - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ needs.Prepare.outputs.nightly_version }} - name: "Set dependencies" @@ -189,7 +189,7 @@ jobs: ref: c3324024ced9bb1eb854397686919c3ff7d97e1e path: maintainer-tools - name: "Select toolchain" - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ needs.Prepare.outputs.nightly_version }} - name: "Set dependencies" @@ -207,7 +207,7 @@ jobs: - name: "Checkout repo" uses: actions/checkout@v4 - name: "Select toolchain" - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ needs.Prepare.outputs.nightly_version }} - name: "Install rustfmt" @@ -245,7 +245,7 @@ jobs: - name: "Checkout repo" uses: actions/checkout@v4 - name: "Select toolchain" - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable - name: "Run integration tests" run: cd bitcoind-tests && cargo test --features=${{ matrix.feature }} @@ -257,7 +257,7 @@ jobs: - name: Set up QEMU run: sudo apt update && sudo apt install -y qemu-system-arm gcc-arm-none-eabi - name: Checkout Toolchain - uses: actions-rs/toolchain@v1 + uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 with: profile: minimal toolchain: nightly diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 2762d90ac..11107b6f9 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -11,6 +11,6 @@ jobs: steps: - uses: actions/checkout@v4 - name: Run ShellCheck - uses: ludeeus/action-shellcheck@2.0.0 + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 env: SHELLCHECK_OPTS: -x # allow outside sources