From 573efb3cb60e40ae3edad3d3abbed0d870dcb8d5 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Fri, 10 Apr 2026 10:38:50 +0200 Subject: [PATCH 1/3] chore: pin actions to SHA in .github/workflows/ci.yml --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0927ff4..6450189 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout' - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: 'Run clippy' run: cargo clippy --locked --all-targets --all-features -- -D clippy::all @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Cargo doc run: | cargo doc --workspace --no-deps @@ -49,7 +49,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout' - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: 'Run unit tests' run: cargo test --locked --workspace --exclude http_canister --exclude json_rpc_canister --exclude multi_canister @@ -64,7 +64,7 @@ jobs: HTTPBIN_URL: http://localhost steps: - name: 'Checkout' - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: 'Build example canisters' run: | @@ -84,7 +84,7 @@ jobs: echo "PROXY_CANISTER_WASM_PATH=${PROXY_CANISTER_WASM_PATH}/proxy.wasm" >> $GITHUB_ENV - name: 'Install PocketIC server' - uses: dfinity/pocketic@main + uses: dfinity/pocketic@20c33db1aa87cc6ece50857ac632c37acf5e0322 # main with: pocket-ic-server-version: "12.0.0" From e7c1f75d03f54f6dab0a4ddc35471bdaeb9ca205 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Fri, 10 Apr 2026 10:38:52 +0200 Subject: [PATCH 2/3] chore: pin actions to SHA in .github/workflows/publish.yml --- .github/workflows/publish.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index da5ba21..608cb58 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -17,16 +17,16 @@ jobs: cancel-in-progress: true steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 - name: "Install parse-changelog" - uses: taiki-e/install-action@parse-changelog + uses: taiki-e/install-action@eb170ab528b4949b44322b05ed3a64beb7bc52f2 # parse-changelog - name: "Authenticate with crates.io" id: auth - uses: rust-lang/crates-io-auth-action@v1 + uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1 - name: "Run release-plz" id: release-plz @@ -59,7 +59,7 @@ jobs: CHANGELOG="$notes" envsubst < release_notes.md >> ${{ github.workspace }}-RELEASE.txt - name: "Create Github release" - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 with: draft: true tag_name: ${{ env.RELEASE_TAG}} From 78158da1f81054df5b4a6d9b1028ea0a234c1f11 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Fri, 10 Apr 2026 10:38:54 +0200 Subject: [PATCH 3/3] chore: pin actions to SHA in .github/workflows/release.yml --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e33395b..25e5eb0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: cancel-in-progress: false steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 - name: Run release-plz