diff --git a/.github/actions/clone-submodules/action.yml b/.github/actions/clone-submodules/action.yml index 339bb9ac794083..48d4656c8dc1da 100644 --- a/.github/actions/clone-submodules/action.yml +++ b/.github/actions/clone-submodules/action.yml @@ -5,28 +5,28 @@ description: Clone submodules runs: using: composite steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false repository: tc39/test262 path: tasks/coverage/test262 ref: dc0082c5ea347e5ecb585c1d7ebf4555aa429528 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false repository: babel/babel path: tasks/coverage/babel ref: 54a8389fa31ce4fd18b0335b05832dc1ad3cc21f - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false repository: microsoft/TypeScript path: tasks/coverage/typescript ref: d85767abfd83880cea17cea70f9913e9c4496dcc - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false repository: prettier/prettier diff --git a/.github/actions/pnpm/action.yml b/.github/actions/pnpm/action.yml index 1c205c745024eb..955d17b9968802 100644 --- a/.github/actions/pnpm/action.yml +++ b/.github/actions/pnpm/action.yml @@ -3,9 +3,9 @@ name: pnpm runs: using: composite steps: - - uses: pnpm/action-setup@v4.0.0 + - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: .node-version registry-url: "https://registry.npmjs.org" diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index a3786e5014fd98..2db862b3962adb 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -15,7 +15,7 @@ jobs: autofix: runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: @@ -25,21 +25,21 @@ jobs: - name: Restore dprint plugin cache id: cache-restore - uses: actions/cache/restore@v4 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: key: dprint-autofix-ci-${{ runner.os }}-${{ hashFiles('dprint.json') }} path: ~/.cache/dprint - run: just fmt - - uses: autofix-ci/action@v1.3.1 + - uses: autofix-ci/action@2891949f3779a1cafafae1523058501de3d4e944 # v1.3.1 with: fail-fast: false - name: Save dprint plugin cache if: ${{ github.ref_name == 'main' }} id: cache-save - uses: actions/cache/save@v4 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: key: ${{ steps.cache-restore.outputs.cache-primary-key }} path: ~/.cache/dprint diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 7e66fc4ff280fb..6586fc607bba79 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -64,7 +64,7 @@ jobs: steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: @@ -91,7 +91,7 @@ jobs: rm target/codspeed/oxc_benchmark/*.d - name: Run benchmark - uses: CodSpeedHQ/action@v3 + uses: CodSpeedHQ/action@513a19673a831f139e8717bf45ead67e47f00044 # v3 timeout-minutes: 30 with: # Dummy token for tokenless runs, to suppress logging hash of metadata JSON (see `upload.mjs`) @@ -100,7 +100,7 @@ jobs: run: cargo codspeed run - name: Upload bench data artefact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: result-${{ matrix.component }} path: ${{ env.DATA_DIR }} # env.DATA_DIR from `capture.mjs` @@ -115,7 +115,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: @@ -133,7 +133,7 @@ jobs: rm target/codspeed/oxc_benchmark/*.d - name: Upload Binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: if-no-files-found: error name: benchmark-linter @@ -154,10 +154,10 @@ jobs: steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Download Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: benchmark-linter path: ./target/codspeed/oxc_benchmark @@ -168,7 +168,7 @@ jobs: chmod +x ./target/codspeed/oxc_benchmark/* - name: Install codspeed - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cargo-codspeed @@ -182,7 +182,7 @@ jobs: run: node capture.mjs & - name: Run benchmark - uses: CodSpeedHQ/action@v3 + uses: CodSpeedHQ/action@513a19673a831f139e8717bf45ead67e47f00044 # v3 timeout-minutes: 30 env: FIXTURE: ${{ matrix.fixture }} @@ -193,7 +193,7 @@ jobs: run: cargo codspeed run - name: Upload bench data artefact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: result-linter${{ matrix.fixture }} path: ${{ env.DATA_DIR }} # env.DATA_DIR from `capture.mjs` @@ -278,7 +278,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm @@ -287,7 +287,7 @@ jobs: run: node create_temp_dir.mjs - name: Download artefacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true pattern: result-* @@ -300,7 +300,7 @@ jobs: run: node upload.mjs - name: Delete temporary artefacts - uses: geekyeggo/delete-artifact@v5 + uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5 with: name: | result-* diff --git a/.github/workflows/bloat.yml b/.github/workflows/bloat.yml index d5f9fadb48f640..b5663173ce2c24 100644 --- a/.github/workflows/bloat.yml +++ b/.github/workflows/bloat.yml @@ -14,7 +14,7 @@ jobs: name: Cargo Bloat runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: diff --git a/.github/workflows/cargo-llvm-lines.yml b/.github/workflows/cargo-llvm-lines.yml index 7cba5084ae9faf..8761aa1a43ab5d 100644 --- a/.github/workflows/cargo-llvm-lines.yml +++ b/.github/workflows/cargo-llvm-lines.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 - name: Install cargo-llvm-lines - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cargo-llvm-lines diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7633b9487b02d4..440f5be1564fd4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: - os: macos-latest runs-on: ${{ matrix.os }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: # warm cache factory for all other CI jobs @@ -51,11 +51,11 @@ jobs: if: ${{ github.ref_name == 'main' }} runs-on: windows-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 # Unsung heros of the internet, who led me here to speed up window's slowness: # https://github.com/actions/cache/issues/752#issuecomment-1847036770 # https://github.com/astral-sh/uv/blob/502e04200d52de30d3159894833b3db4f0d6644d/.github/workflows/ci.yml#L158 - - uses: samypr100/setup-dev-drive@v3 + - uses: samypr100/setup-dev-drive@d3f2420389ae9ea6e91dd178779e122c42352047 # v3 with: workspace-copy: true drive-size: 8GB @@ -77,7 +77,7 @@ jobs: rustup show git restore . - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2 with: workspaces: ${{ env.DEV_DRIVE_WORKSPACE }} save-if: ${{ github.ref_name == 'main' }} @@ -106,7 +106,7 @@ jobs: # Insta is not able to run on wasmtime, omit the packages that depend on it TEST_FLAGS: "-p oxc_ast -p oxc_cfg -p oxc_regular_expression -- --nocapture" steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: cache-key: wasi @@ -120,7 +120,7 @@ jobs: name: Check wasm32-unknown-unknown runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: @@ -146,7 +146,7 @@ jobs: name: Spell Check runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: crate-ci/typos@v1.28.2 with: files: . @@ -155,7 +155,7 @@ jobs: name: Clippy runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: save-cache: ${{ github.ref_name == 'main' }} @@ -176,7 +176,7 @@ jobs: name: Doc runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: cache-key: warm @@ -187,9 +187,9 @@ jobs: name: Conformance runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter with: filters: | @@ -234,9 +234,9 @@ jobs: name: Minification Size runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter with: filters: | @@ -262,9 +262,9 @@ jobs: name: AST Changes runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter with: filters: ".github/.generated_ast_watch_list.yml" @@ -279,7 +279,7 @@ jobs: - name: Restore dprint plugin cache id: cache-restore - uses: actions/cache/restore@v4 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: key: dprint-autofix-ci-${{ runner.os }}-${{ hashFiles('dprint.json') }} path: ~/.cache/dprint @@ -294,7 +294,7 @@ jobs: - name: Save dprint plugin cache if: ${{ github.ref_name == 'main' }} id: cache-save - uses: actions/cache/save@v4 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: key: ${{ steps.cache-restore.outputs.cache-primary-key }} path: ~/.cache/dprint @@ -303,8 +303,8 @@ jobs: name: Test NAPI runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 - - uses: dorny/paths-filter@v3 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter with: filters: | diff --git a/.github/workflows/ci_security.yml b/.github/workflows/ci_security.yml index bb81dde1151ec3..a6e8fcd031027f 100644 --- a/.github/workflows/ci_security.yml +++ b/.github/workflows/ci_security.yml @@ -21,12 +21,12 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v4 + uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4 - name: Run zizmor 🌈 run: uvx zizmor --format sarif . > results.sarif @@ -34,7 +34,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/ci_vscode.yml b/.github/workflows/ci_vscode.yml index a35496f1a36e5f..226c77d54635f9 100644 --- a/.github/workflows/ci_vscode.yml +++ b/.github/workflows/ci_vscode.yml @@ -28,7 +28,7 @@ jobs: name: Compile runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Compile VSCode @@ -39,7 +39,7 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Lint VSCode @@ -50,7 +50,7 @@ jobs: name: Type-Check runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Type-Check VSCode @@ -61,7 +61,7 @@ jobs: name: Test runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Test VSCode diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 6934341c53cd31..d3b3be40d48b97 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Clone submodules uses: ./.github/actions/clone-submodules @@ -40,7 +40,7 @@ jobs: run: cargo codecov --lcov --output-path lcov.info - name: Upload Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: codecov path: lcov.info @@ -56,17 +56,17 @@ jobs: steps: - name: Checkout if: env.CODECOV_TOKEN - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Download coverage file if: env.CODECOV_TOKEN - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: codecov - name: Upload to codecov.io if: env.CODECOV_TOKEN - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml index 758a32ab33989d..34c828eb52a88d 100644 --- a/.github/workflows/deny.yml +++ b/.github/workflows/deny.yml @@ -25,7 +25,7 @@ jobs: name: Cargo Deny runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: diff --git a/.github/workflows/link-check.yml b/.github/workflows/link-check.yml index 04c8f541c979c4..6ffb6b6e241af9 100644 --- a/.github/workflows/link-check.yml +++ b/.github/workflows/link-check.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check Links uses: lycheeverse/lychee-action@master diff --git a/.github/workflows/lint-rules.yml b/.github/workflows/lint-rules.yml index 0318ded351482a..0ede1a32f4faee 100644 --- a/.github/workflows/lint-rules.yml +++ b/.github/workflows/lint-rules.yml @@ -13,9 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: .node-version diff --git a/.github/workflows/miri.yml b/.github/workflows/miri.yml index 2154c1b5454eb6..b61dd5550570a9 100644 --- a/.github/workflows/miri.yml +++ b/.github/workflows/miri.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index d8fceee14fb2d7..e11181fc72bdda 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -16,13 +16,13 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 - name: Validate PR title id: pr-title - uses: amannn/action-semantic-pull-request@v5 + uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/prepare_release_crates.yml b/.github/workflows/prepare_release_crates.yml index 7c3664a8cfe0d4..e668fcdeb4e042 100644 --- a/.github/workflows/prepare_release_crates.yml +++ b/.github/workflows/prepare_release_crates.yml @@ -12,7 +12,7 @@ jobs: name: Check runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: oxc-project/setup-rust@v1.0.0 with: cache-key: warm @@ -34,9 +34,9 @@ jobs: name: Trigger Monitor Oxc runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: peter-evans/create-or-update-comment@v4 + - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 id: comment with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/prepare_release_oxlint.yml b/.github/workflows/prepare_release_oxlint.yml index 032e5b8488eff8..e7ee42d27c6d9d 100644 --- a/.github/workflows/prepare_release_oxlint.yml +++ b/.github/workflows/prepare_release_oxlint.yml @@ -27,9 +27,9 @@ jobs: pull-requests: write contents: write steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: peter-evans/create-or-update-comment@v4 + - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 id: comment with: token: ${{ secrets.GITHUB_TOKEN }} @@ -51,7 +51,7 @@ jobs: permissions: actions: write steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: benc-uk/workflow-dispatch@v1.3.1 with: repo: oxc-project/oxc-project.github.io diff --git a/.github/workflows/release_crates.yml b/.github/workflows/release_crates.yml index 8c3019881a7f81..de4ba757c312ea 100644 --- a/.github/workflows/release_crates.yml +++ b/.github/workflows/release_crates.yml @@ -20,7 +20,7 @@ jobs: contents: write actions: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ secrets.PAT }} # required for git tag push persist-credentials: false diff --git a/.github/workflows/release_napi_parser.yml b/.github/workflows/release_napi_parser.yml index b4f118b57ef597..e7af2302532718 100644 --- a/.github/workflows/release_napi_parser.yml +++ b/.github/workflows/release_napi_parser.yml @@ -23,7 +23,7 @@ jobs: version: ${{ env.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes uses: EndBug/version-check@v2.46.8 @@ -88,7 +88,7 @@ jobs: name: Package ${{ matrix.target }} runs-on: ${{ matrix.os }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 ### install musl dependencies ### # @@ -99,7 +99,7 @@ jobs: - name: Install cargo-zigbuild if: ${{ contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cargo-zigbuild @@ -107,7 +107,7 @@ jobs: - name: Install cross if: ${{ !contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cross @@ -154,7 +154,7 @@ jobs: run: tar czf ${{ matrix.code-target }}.tar.gz napi/parser/parser.${{ matrix.code-target }}.node - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} @@ -170,12 +170,12 @@ jobs: needs: - build steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Download Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true diff --git a/.github/workflows/release_napi_transform.yml b/.github/workflows/release_napi_transform.yml index 940c7b7626ff93..5023c814005fd5 100644 --- a/.github/workflows/release_napi_transform.yml +++ b/.github/workflows/release_napi_transform.yml @@ -23,7 +23,7 @@ jobs: version: ${{ env.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes uses: EndBug/version-check@v2.46.8 @@ -88,7 +88,7 @@ jobs: name: Package ${{ matrix.target }} runs-on: ${{ matrix.os }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 ### install musl dependencies ### @@ -99,7 +99,7 @@ jobs: - name: Install cargo-zigbuild if: ${{ contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cargo-zigbuild @@ -107,7 +107,7 @@ jobs: - name: Install cross if: ${{ !contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cross @@ -154,7 +154,7 @@ jobs: run: tar czf ${{ matrix.code-target }}.tar.gz napi/transform/transform.${{ matrix.code-target }}.node - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} @@ -170,12 +170,12 @@ jobs: needs: - build steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Download Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true diff --git a/.github/workflows/release_oxlint.yml b/.github/workflows/release_oxlint.yml index 9e03f91d3f2009..9eceb1874beaf1 100644 --- a/.github/workflows/release_oxlint.yml +++ b/.github/workflows/release_oxlint.yml @@ -20,7 +20,7 @@ jobs: version_changed: ${{ steps.version.outputs.changed }} version: ${{ steps.version.outputs.version }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes uses: EndBug/version-check@v2.46.8 @@ -83,10 +83,10 @@ jobs: env: OXC_VERSION: ${{ needs.check.outputs.version }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Install cross - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cross @@ -135,7 +135,7 @@ jobs: tar czf $OXLS_BIN_NAME.tar.gz $OXLS_BIN_NAME - name: Upload Binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} @@ -151,7 +151,7 @@ jobs: contents: write # for softprops/action-gh-release@v1.3.1 id-token: write # for `pnpm publish --provenance` steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 # for changelog persist-credentials: false @@ -172,7 +172,7 @@ jobs: echo EOF } >> $GITHUB_OUTPUT - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true @@ -244,7 +244,7 @@ jobs: name: Update eslint-plugin-oxlint runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: benc-uk/workflow-dispatch@v1.3.1 with: repo: oxc-project/eslint-plugin-oxlint diff --git a/.github/workflows/release_types.yml b/.github/workflows/release_types.yml index 8b7d431b4a5db9..5ad880f9231ec5 100644 --- a/.github/workflows/release_types.yml +++ b/.github/workflows/release_types.yml @@ -20,10 +20,10 @@ jobs: version: ${{ steps.version.outputs.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes - uses: EndBug/version-check@v2 + uses: EndBug/version-check@36ff30f37c7deabe56a30caa043d127be658c425 # v2 id: version with: static-checking: localIsNew @@ -46,7 +46,7 @@ jobs: permissions: id-token: write # for `pnpm publish --provenance` steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm diff --git a/.github/workflows/release_vscode.yml b/.github/workflows/release_vscode.yml index f938653204fbda..b24e998234c16f 100644 --- a/.github/workflows/release_vscode.yml +++ b/.github/workflows/release_vscode.yml @@ -25,7 +25,7 @@ jobs: version: ${{ env.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check vscode version changes uses: EndBug/version-check@v2.46.8 @@ -72,7 +72,7 @@ jobs: name: Package ${{ matrix.code-target }} runs-on: ${{ matrix.os }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm @@ -81,7 +81,7 @@ jobs: run: pnpm run compile - name: Install cross - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cross @@ -117,7 +117,7 @@ jobs: pnpm exec vsce package -o "../../oxc_language_server-${{ matrix.code-target }}.vsix" --target ${{ matrix.code-target }} - name: Upload VSCode extension artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: packages-${{ matrix.code-target }} path: ./oxc_language_server-${{ matrix.code-target }}.vsix @@ -131,10 +131,10 @@ jobs: permissions: contents: write steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Download extension artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true path: editors/vscode diff --git a/.github/workflows/release_wasm.yml b/.github/workflows/release_wasm.yml index 1ffe8188410c3d..12381fd2317f7d 100644 --- a/.github/workflows/release_wasm.yml +++ b/.github/workflows/release_wasm.yml @@ -20,10 +20,10 @@ jobs: version: ${{ steps.version.outputs.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes - uses: EndBug/version-check@v2 + uses: EndBug/version-check@36ff30f37c7deabe56a30caa043d127be658c425 # v2 id: version with: static-checking: localIsNew @@ -46,7 +46,7 @@ jobs: permissions: id-token: write # for `pnpm publish --provenance` steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm diff --git a/.github/workflows/reusable_prepare_release.yml b/.github/workflows/reusable_prepare_release.yml index 11a0d600063962..4e866870f96c66 100644 --- a/.github/workflows/reusable_prepare_release.yml +++ b/.github/workflows/reusable_prepare_release.yml @@ -24,7 +24,7 @@ jobs: pull-request-number: ${{ steps.pr.outputs.pull-request-number }} version: ${{ steps.run.outputs.VERSION }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 persist-credentials: false @@ -51,7 +51,7 @@ jobs: # update `Cargo.lock` - run: cargo check - - uses: peter-evans/create-pull-request@v7 + - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7 id: pr with: # bot account with PAT required for triggering workflow runs