diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5ace460 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1c68f92..4546e2e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,13 +33,13 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master with: toolchain: ${{ matrix.rust }} # Only run tests on latest stable and above - name: Install cargo-nextest if: ${{ matrix.rust != '1.88' }} # MSRV - uses: taiki-e/install-action@nextest + uses: taiki-e/install-action@de179ea33fa5f5c434a81563f0e8a1c4f7ab8fe2 # nextest - name: build if: ${{ matrix.rust == '1.88' }} # MSRV run: cargo build --workspace ${{ matrix.flags }} @@ -54,8 +54,10 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@stable - - uses: Swatinem/rust-cache@v2 + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master + with: + toolchain: stable + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - run: cargo test --workspace --doc @@ -68,9 +70,11 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@stable - - uses: taiki-e/install-action@cargo-hack - - uses: Swatinem/rust-cache@v2 + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master + with: + toolchain: stable + - uses: taiki-e/install-action@c9a06c0e5d38d182732372ae4390adb6ddbfd51b # cargo-hack + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - name: cargo hack @@ -83,8 +87,11 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@clippy - - uses: Swatinem/rust-cache@v2 + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master + with: + toolchain: nightly + components: clippy + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - run: cargo clippy --workspace --all-targets --all-features @@ -98,8 +105,10 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@nightly - - uses: Swatinem/rust-cache@v2 + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master + with: + toolchain: nightly + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - run: cargo doc --workspace --all-features --no-deps --document-private-items @@ -113,13 +122,14 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@nightly + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master with: + toolchain: nightly components: rustfmt - run: cargo fmt --all --check deny: - uses: ithacaxyz/ci/.github/workflows/deny.yml@main + uses: ithacaxyz/ci/.github/workflows/deny.yml@9c8d0dc20e7ad02455d3fdab2378a05f29907630 # main ci-success: runs-on: ubuntu-latest @@ -136,6 +146,6 @@ jobs: timeout-minutes: 30 steps: - name: Decide whether the needed jobs succeeded or failed - uses: re-actors/alls-green@release/v1 + uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1 with: jobs: ${{ toJSON(needs) }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dd672fa..d2566ff 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,5 +1,8 @@ name: CodeQL +permissions: + contents: read + on: push: branches: ["main"] @@ -19,9 +22,7 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - packages: read actions: read - contents: read strategy: fail-fast: false