diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index f468b48059..bc0ea4f77c 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -26,7 +26,7 @@ jobs: BRANCH: ${{ github.event.inputs.target_branch }} PR: ${{ github.event.inputs.pr }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: fetch-depth: 0 token: ${{ secrets.BACKPORT_TOKEN }} diff --git a/.github/workflows/everything.yml b/.github/workflows/everything.yml index 1629273a89..f4d7607895 100644 --- a/.github/workflows/everything.yml +++ b/.github/workflows/everything.yml @@ -58,7 +58,7 @@ jobs: outputs: num_code_changes: ${{ steps.get_code_changes.outputs.num_code_changes }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: fetch-depth: 0 - name: Check for appropriately named topic branch @@ -87,10 +87,10 @@ jobs: image: ghcr.io/ornladios/adios2:ci-formatting steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: path: gha - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: ref: ${{ github.event.pull_request.head.sha }} path: source @@ -186,10 +186,10 @@ jobs: arch: aarch64 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: path: gha - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: ref: ${{ github.event.pull_request.head.sha }} path: source @@ -255,10 +255,10 @@ jobs: parallel: [mpich] steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: path: gha - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: ref: ${{ github.event.pull_request.head.sha }} path: source @@ -330,10 +330,10 @@ jobs: name: macos (${{ matrix.image }}, ${{ matrix.compiler}}, ${{ matrix.arch }}, ${{ matrix.shared }}, ${{ matrix.parallel }}) steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: path: gha - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: ref: ${{ github.event.pull_request.head.sha }} path: source @@ -407,10 +407,10 @@ jobs: shell: bash steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: path: gha - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: ref: ${{ github.event.pull_request.head.sha }} path: source @@ -444,7 +444,7 @@ jobs: baseos: [ubuntu-bionic] steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: ref: ${{ github.event.pull_request.head.sha }} path: ci-source @@ -521,7 +521,7 @@ jobs: shell: bash -c "docker exec adios2-ci bash --login -e $(echo {0} | sed 's|/home/runner/work|/__w|g')" steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 if: ${{ matrix.repo != '' }} with: repository: ${{ matrix.repo }} @@ -580,10 +580,10 @@ jobs: language: [ 'cpp' ] steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: path: gha - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: ref: ${{ github.event.pull_request.head.sha }} path: source @@ -596,7 +596,7 @@ jobs: ccache-codeql - run: ccache -z - name: Initialize CodeQL - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 + uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v3 with: languages: ${{ matrix.language }} source-root: source @@ -609,7 +609,7 @@ jobs: - name: Build run: gha/scripts/ci/gh-actions/run.sh build - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 + uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v3 with: category: "/language:${{matrix.language}}" output: sarif-results @@ -624,7 +624,7 @@ jobs: input: sarif-results/cpp.sarif output: sarif-results/cpp.sarif - name: Upload SARIF - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 + uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v3 with: sarif_file: sarif-results/cpp.sarif - name: Upload loc as a Build Artifact diff --git a/.github/workflows/external.yml b/.github/workflows/external.yml index a87732f6d8..dd26d05102 100644 --- a/.github/workflows/external.yml +++ b/.github/workflows/external.yml @@ -17,7 +17,7 @@ jobs: contents: read statuses: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 - uses: Kitware/cdash-status@697751fc655b300a9e16e285f2e2ee981f59e45a # release with: project: ADIOS diff --git a/.github/workflows/pypackaging.yml b/.github/workflows/pypackaging.yml index b96ab2e62f..630837e845 100644 --- a/.github/workflows/pypackaging.yml +++ b/.github/workflows/pypackaging.yml @@ -47,7 +47,7 @@ jobs: contents: read actions: write # for upload-artifact steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: fetch-depth: 0 @@ -69,7 +69,7 @@ jobs: contents: read actions: write # for upload-artifact steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: fetch-depth: 0 - name: Generate common version file @@ -93,7 +93,7 @@ jobs: contents: read actions: write # for upload-artifact steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: fetch-depth: 0 - name: Generate common version file @@ -115,7 +115,7 @@ jobs: contents: read actions: write # for upload-artifact steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: fetch-depth: 0 - name: Generate common version file diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 18492b2682..65ff926bcb 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -20,6 +20,6 @@ jobs: reuse: runs-on: ubuntu-slim steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Check REUSE compliance run: pipx run reuse lint diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index c1d9163e3b..eca85cf2b5 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -15,7 +15,7 @@ jobs: sbom: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Generate SPDX SBOM run: pipx run reuse spdx -o adios2-sbom.spdx diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index aafeb31e85..55b132cb18 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4 with: persist-credentials: false @@ -46,6 +46,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 with: sarif_file: results.sarif