From a7120dee0d0cb9057e3b7011eee419a16008bbde Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 14:12:39 +0200 Subject: [PATCH 1/5] chore: pin actions to SHA in .github/workflows/canbench-post-comment.yml --- .github/workflows/canbench-post-comment.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/canbench-post-comment.yml b/.github/workflows/canbench-post-comment.yml index 25737eb1..0fb647c4 100644 --- a/.github/workflows/canbench-post-comment.yml +++ b/.github/workflows/canbench-post-comment.yml @@ -13,7 +13,7 @@ jobs: matrix: ${{ steps.set-benchmarks.outputs.matrix }} pr_number: ${{ steps.set-benchmarks.outputs.pr_number }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 with: @@ -29,7 +29,7 @@ jobs: matrix: ${{fromJSON(needs.download-results.outputs.matrix)}} steps: - name: Post comment - uses: thollander/actions-comment-pull-request@v3 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: message: | ${{ matrix.benchmark.result }} From 69b19592db2cc7156993a99795a5b4e2307de26c Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 14:12:40 +0200 Subject: [PATCH 2/5] chore: pin actions to SHA in .github/workflows/ci-notify-slack.yml --- .github/workflows/ci-notify-slack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-notify-slack.yml b/.github/workflows/ci-notify-slack.yml index 56327500..3f17c4c8 100644 --- a/.github/workflows/ci-notify-slack.yml +++ b/.github/workflows/ci-notify-slack.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Sanitize PR title id: sanitize From 6219a9fea4daf3fdfa4e9ac77cb00a1bedf00749 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 14:12:42 +0200 Subject: [PATCH 3/5] chore: pin actions to SHA in .github/workflows/ci.yml --- .github/workflows/ci.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fd1d2db9..9cc4b032 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,10 +10,10 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cargo/registry @@ -54,8 +54,8 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 - - uses: actions/cache@v4 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cargo/registry @@ -114,15 +114,15 @@ jobs: steps: - name: Checkout current PR - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Checkout baseline branch - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: ref: main path: _canbench_baseline_branch - - uses: actions/cache@v4 + - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cargo/registry @@ -140,17 +140,17 @@ jobs: run: | bash ./scripts/ci_run_benchmark.sh $PROJECT_DIR ${{ matrix.name }} - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: canbench_result_${{ matrix.name }} path: /tmp/canbench_result_${{ matrix.name }} - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: canbench_results_persisted_${{ matrix.name }}_yml path: /tmp/canbench_results_persisted_${{ matrix.name }}.yml - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: canbench_results_${{ matrix.name }}_csv path: /tmp/canbench_results_${{ matrix.name }}.csv @@ -163,13 +163,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Save PR number run: | echo ${{ github.event.number }} > /tmp/pr_number - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: pr_number path: /tmp/pr_number From afbeb308bccfe619bd271bc1aacc498df43efb2e Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 14:12:43 +0200 Subject: [PATCH 4/5] chore: pin actions to SHA in .github/workflows/pages.yml --- .github/workflows/pages.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index a7f82b1e..f15469bb 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -25,7 +25,7 @@ jobs: MDBOOK_LINKCHECK_VERSION: 0.7.7 RUST_VERSION: 1.84.0 # Use the same version as in `rust-toolchain.toml` steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Install Rust run: | @@ -46,12 +46,12 @@ jobs: mdbook build - name: Upload artifact - uses: actions/upload-pages-artifact@v4 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 with: path: ./docs/book - name: Deploy - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4 if: ${{ github.ref == 'refs/heads/main' }} with: github_token: ${{ secrets.GITHUB_TOKEN }} From 0ef79e6751314d154ef14ffdb49c78f004541ef8 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 14:12:45 +0200 Subject: [PATCH 5/5] chore: pin actions to SHA in .github/workflows/publish.yml --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5ab69362..deaea83f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,9 +16,9 @@ jobs: id-token: write # Required for OIDC token exchange steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - - uses: rust-lang/crates-io-auth-action@v1 + - uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1 id: auth - run: echo "Preparing to cargo publish ${{ github.ref_name }}."