diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index 31026679d4..1f41aaf05e 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -11,10 +11,10 @@ inputs: runs: using: composite steps: - - uses: cachix/install-nix-action@v18 + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 with: install_url: https://releases.nixos.org/nix/nix-2.13.3/install - - uses: cachix/cachix-action@v12 + - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 with: name: postgrest authToken: ${{ inputs.authToken }} diff --git a/.github/scripts/arm/docker-env/Dockerfile b/.github/scripts/arm/docker-env/Dockerfile index 93ec2d4631..f075d9446f 100644 --- a/.github/scripts/arm/docker-env/Dockerfile +++ b/.github/scripts/arm/docker-env/Dockerfile @@ -1,6 +1,6 @@ # PostgREST docker hub image -FROM ubuntu:focal AS postgrest +FROM ubuntu:jammy@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da AS postgrest RUN apt-get update -y \ && apt install -y --no-install-recommends libpq-dev zlib1g-dev jq gcc libnuma-dev \ diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 684f21335c..ac21620813 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,7 +17,7 @@ jobs: name: Lint & check code style runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -37,7 +37,7 @@ jobs: # https://github.com/actions/runner/issues/241#issuecomment-842566950 shell: script -qec "bash --noprofile --norc -eo pipefail {0}" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -73,7 +73,7 @@ jobs: # https://github.com/actions/runner/issues/241#issuecomment-842566950 shell: script -qec "bash --noprofile --norc -eo pipefail {0}" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -92,7 +92,7 @@ jobs: name: Test memory (Nix) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -105,7 +105,7 @@ jobs: name: Build Linux static (Nix) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: @@ -117,7 +117,7 @@ jobs: - name: Check static executable run: postgrest-check-static result/bin/postgrest - name: Save built executable as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: postgrest-linux-static-x64 path: result/bin/postgrest @@ -126,7 +126,7 @@ jobs: - name: Build Docker image run: nix-build -A docker.image --out-link postgrest-docker.tar.gz - name: Save built Docker image as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: postgrest-docker-x64 path: postgrest-docker.tar.gz @@ -171,9 +171,9 @@ jobs: name: Build ${{ matrix.name }} (Stack) runs-on: ${{ matrix.runs-on }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Stack working files cache - uses: actions/cache@v3 + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4 with: path: ${{ matrix.cache }} key: ${{ runner.os }}-${{ hashFiles('stack.yaml.lock') }} @@ -183,7 +183,7 @@ jobs: - name: Build with Stack run: stack build --local-bin-path result --copy-bins - name: Save built executable as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: ${{ matrix.artifact }} path: | @@ -195,7 +195,7 @@ jobs: name: Get FreeBSD build from CirrusCI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Get FreeBSD executable from CirrusCI env: # GITHUB_SHA does weird things for pull request, so we roll our own: @@ -203,7 +203,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: .github/get_cirrusci_freebsd - name: Save executable as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: postgrest-freebsd-x64 path: postgrest @@ -217,7 +217,7 @@ jobs: name: Build Linux (Cabal, GHC ${{ matrix.ghc }}) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: ghcup run: | ghcup install ghc ${{ matrix.ghc }} @@ -226,7 +226,7 @@ jobs: run: | cp cabal.project.non-nix cabal.project - name: Cache - uses: actions/cache@v3 + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4 with: path: ~/.cabal key: ${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles('**/*.cabal') }}-${{ hashFiles('**/cabal.project') }} @@ -248,7 +248,7 @@ jobs: env: GITHUB_COMMIT: ${{ github.sha }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - id: Remote-Dir name: Unique directory name for the remote build run: echo "remotepath=postgrest-build-$(uuidgen)" >> "$GITHUB_OUTPUT" @@ -288,7 +288,7 @@ jobs: - name: Extract downloaded binaries run: tar -xvf result.tar.xz && rm result.tar.xz - name: Save aarch64 executable as artifact - uses: actions/upload-artifact@v2.3.1 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: postgrest-ubuntu-aarch64 path: result/postgrest @@ -312,7 +312,7 @@ jobs: version: ${{ steps.Identify-Version.outputs.version }} isprerelease: ${{ steps.Identify-Version.outputs.isprerelease }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - id: Identify-Version name: Identify the version to be released run: | @@ -349,7 +349,7 @@ jobs: echo "Relevant extract from CHANGELOG.md:" cat CHANGES.md - name: Save CHANGES.md as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: release-changes path: CHANGES.md @@ -365,9 +365,9 @@ jobs: env: VERSION: ${{ needs.Prepare-Release.outputs.version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Download all artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4 with: path: artifacts - name: Create release bundle with archives for all builds @@ -397,7 +397,7 @@ jobs: artifacts/postgrest-windows-x64/postgrest.exe - name: Save release bundle - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: release-bundle path: release-bundle @@ -431,13 +431,13 @@ jobs: VERSION: ${{ needs.Prepare-Release.outputs.version }} ISPRERELEASE: ${{ needs.Prepare-Release.outputs.isprerelease }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Nix Environment uses: ./.github/actions/setup-nix with: tools: release - name: Download Docker image - uses: actions/download-artifact@v3 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4 with: name: postgrest-docker-x64 - name: Publish images on Docker Hub @@ -491,7 +491,7 @@ jobs: env: REMOTE_DIR: ${{ needs.Build-Cabal-Arm.outputs.remotepath }} steps: - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Remove uploaded files from server uses: appleboy/ssh-action@master with: diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 3319799f99..cdd8a2c4cf 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -15,8 +15,8 @@ jobs: name: Build docs runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 - run: nix-env -f docs/default.nix -iA build - run: postgrest-docs-build @@ -24,8 +24,8 @@ jobs: name: Run spellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 - run: nix-env -f docs/default.nix -iA spellcheck - run: postgrest-docs-spellcheck @@ -33,8 +33,8 @@ jobs: name: Run dictcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 - run: nix-env -f docs/default.nix -iA dictcheck - run: postgrest-docs-dictcheck @@ -43,8 +43,8 @@ jobs: if: github.base_ref == 'main' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 - run: nix-env -f docs/default.nix -iA linkcheck - run: postgrest-docs-linkcheck diff --git a/.github/workflows/loadtest.yaml b/.github/workflows/loadtest.yaml index b14f7c11b0..5e773c325c 100644 --- a/.github/workflows/loadtest.yaml +++ b/.github/workflows/loadtest.yaml @@ -15,7 +15,7 @@ jobs: name: Loadtest (Nix) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: Setup Nix Environment @@ -27,7 +27,7 @@ jobs: postgrest-loadtest-against main postgrest-loadtest-report > loadtest/loadtest.md - name: Upload report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: loadtest.md path: loadtest/loadtest.md diff --git a/.github/workflows/report.yaml b/.github/workflows/report.yaml index 7e5e457914..ce5782b56f 100644 --- a/.github/workflows/report.yaml +++ b/.github/workflows/report.yaml @@ -22,7 +22,7 @@ jobs: name: loadtest.md path: artifacts - name: Upload to GitHub Checks - uses: LouisBrunner/checks-action@v1.5.0 + uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} sha: ${{ github.event.workflow_run.head_sha }}