diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a4035454..93948303 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,28 +41,28 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@v2 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Python 3.10 - uses: actions/setup-python@v5 + uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5 with: python-version: '3.10' - name: Install packages run: | brew update - brew install gcovr ninja || brew link --overwrite python + brew install gcovr || brew link --overwrite python # ninja - name: Install Python modules run: pip3 install meson pytest - name: Install dependencies - uses: kiwix/kiwix-build/actions/dl_deps_archive@main + uses: kiwix/kiwix-build/actions/dl_deps_archive@77592b12ffa8f2b51f9b28e6f34643eb2d99ac62 # main with: target_platform: ${{ matrix.target }} @@ -102,15 +102,15 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@v2 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup python 3.10 - uses: actions/setup-python@v5 + uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5 with: python-version: '3.10' @@ -122,12 +122,12 @@ jobs: run: pip3 install meson - name: Setup MSVC compiler - uses: bus1/cabuild/action/msdevshell@v1 + uses: bus1/cabuild/action/msdevshell@e22aba57d6e74891d059d66501b6b5aed8123c4d # v1 with: architecture: x64 - name: Install dependencies - uses: kiwix/kiwix-build/actions/dl_deps_archive@main + uses: kiwix/kiwix-build/actions/dl_deps_archive@77592b12ffa8f2b51f9b28e6f34643eb2d99ac62 # main with: target_platform: win-x86_64-dyn @@ -215,18 +215,18 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@v2 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2 with: egress-policy: audit - name: Install dependencies if: ${{ !contains(matrix.target, 'musl') }} - uses: kiwix/kiwix-build/actions/dl_deps_archive@main + uses: kiwix/kiwix-build/actions/dl_deps_archive@77592b12ffa8f2b51f9b28e6f34643eb2d99ac62 # main with: target_platform: ${{ matrix.target }} - name: Retrieve source code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Compile source code shell: bash @@ -277,10 +277,10 @@ jobs: fi - name: Upload code coverage - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 + uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5 if: matrix.coverage with: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + token: ${{ secrets.CODECOV_TOKEN }} OSSF-Scorecard: name: OSSF Scorecard @@ -337,6 +337,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3 with: sarif_file: results.sarif \ No newline at end of file