diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c81ea38..e144ddaa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,27 +34,27 @@ jobs: runs-on: ${{ matrix.runsOn || matrix.os }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: workspaces: src/Temporalio/Bridge - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 with: # Specific .NET version required because GitHub macos ARM image has # bad pre-installed .NET version dotnet-version: '10.x' - name: Install protoc - uses: arduino/setup-protoc@v3 + uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3 with: # TODO(cretz): Can upgrade proto when https://github.com/arduino/setup-protoc/issues/99 fixed version: "23.x" @@ -74,7 +74,7 @@ jobs: git diff --cached --exit-code - name: Upload generator diff - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() with: name: generator-diff @@ -93,7 +93,7 @@ jobs: - name: Upload test failure if: ${{ failure() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: test-fail-${{ matrix.os }} path: tests/Temporalio.Tests/TestResults @@ -131,7 +131,7 @@ jobs: run: dotnet run --project tests/Temporalio.Tests -- -verbose -method "*.TemporalCloudOperationsClientTests.*" - name: Upload native symbols - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: ${{ failure() }} with: name: symbols-native-${{ matrix.os }} @@ -143,7 +143,7 @@ jobs: src/Temporalio/Bridge/sdk-core/target/debug/*.so - name: Upload managed symbols - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: ${{ failure() }} with: name: symbols-managed-${{ matrix.os }} diff --git a/.github/workflows/nightly-throughput-stress.yml b/.github/workflows/nightly-throughput-stress.yml index da6a16e6..a5f86356 100644 --- a/.github/workflows/nightly-throughput-stress.yml +++ b/.github/workflows/nightly-throughput-stress.yml @@ -70,12 +70,12 @@ jobs: echo "==========================================" - name: Checkout SDK - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Checkout OMES - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: ${{ env.OMES_REPO }} ref: ${{ env.OMES_REF }} @@ -83,26 +83,26 @@ jobs: submodules: recursive - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version-file: omes/go.mod cache-dependency-path: omes/go.sum - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: workspaces: src/Temporalio/Bridge - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 with: dotnet-version: '10.x' - name: Install protoc - uses: arduino/setup-protoc@v3 + uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3 with: version: '23.x' repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -111,7 +111,7 @@ jobs: run: dotnet build - name: Install Temporal CLI - uses: temporalio/setup-temporal@v0 + uses: temporalio/setup-temporal@1059a504f87e7fa2f385e3fa40d1aa7e62f1c6ca # v0 - name: Install Prometheus run: | @@ -166,7 +166,7 @@ jobs: - name: Configure AWS credentials if: always() - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@51635dbf418c2cdd8b3e1497529334d8db7e4063 # v6 with: role-to-assume: ${{ env.AWS_S3_METRICS_UPLOAD_ROLE_ARN }} aws-region: us-west-2 @@ -186,7 +186,7 @@ jobs: - name: Upload logs on failure if: failure() || cancelled() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: throughput-stress-logs path: ${{ env.WORKER_LOG_DIR }} @@ -194,7 +194,7 @@ jobs: - name: Notify Slack on failure if: failure() || cancelled() - uses: slackapi/slack-github-action@v2 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3 with: webhook-type: incoming-webhook payload: | diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index 8ece025a..43a0cec9 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -70,27 +70,27 @@ jobs: runs-on: ${{ matrix.runsOn || matrix.os }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Install Rust if: ${{ !matrix.container }} - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: stable - name: Setup Rust cache if: ${{ !matrix.container }} # Fixed version due to https://github.com/Swatinem/rust-cache/issues/183#issuecomment-1893979126 - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: workspaces: src/Temporalio/Bridge key: ${{ matrix.os }} - name: Install protoc if: ${{ !matrix.container }} - uses: arduino/setup-protoc@v3 + uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3 with: version: "23.x" repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -129,7 +129,7 @@ jobs: ' - name: Upload bridge library - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: ${{ matrix.out-prefix }}-bridge path: src/Temporalio/Bridge/sdk-core/target/release-lto/${{ matrix.out-file }} @@ -143,17 +143,17 @@ jobs: RestoreLockedMode: true steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Download bridge libraries - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: path: bridge-libraries - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 with: dotnet-version: 10.x @@ -161,7 +161,7 @@ jobs: run: dotnet pack -c Release /p:BridgeLibraryRoot=${{ github.workspace }}/bridge-libraries - name: Upload NuGet artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: nuget-package path: | @@ -208,18 +208,18 @@ jobs: runs-on: ${{ matrix.runsOn || matrix.os }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Download NuGet artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: nuget-package path: ${{ github.workspace }}/nuget-package - name: Setup .NET (non-Alpine) - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 if: ${{ !contains(matrix.os, 'alpine') }} with: # Specific .NET version required because GitHub macos ARM image has @@ -251,7 +251,7 @@ jobs: - name: Setup msbuild (Windows x64 only) if: ${{ matrix.os == 'windows-latest' }} - uses: microsoft/setup-msbuild@v2 + uses: microsoft/setup-msbuild@30375c66a4eea26614e0d39710365f22f8b0af57 # v3 - name: Run .NET framework smoke test (Windows x64 only) if: ${{ matrix.os == 'windows-latest' }} diff --git a/.github/workflows/run-bench.yml b/.github/workflows/run-bench.yml index eed24630..8f0f8fba 100644 --- a/.github/workflows/run-bench.yml +++ b/.github/workflows/run-bench.yml @@ -12,25 +12,25 @@ jobs: RestoreLockedMode: true steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: workspaces: src/Temporalio/Bridge - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 with: dotnet-version: '10.x' - name: Install protoc - uses: arduino/setup-protoc@v3 + uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3 with: # TODO: Upgrade proto once https://github.com/arduino/setup-protoc/issues/99 is fixed version: '23.x'