diff --git a/.github/workflows/authors.yml b/.github/workflows/authors.yml index 633d4b73ec04..2b56565ece49 100644 --- a/.github/workflows/authors.yml +++ b/.github/workflows/authors.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout PR code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 diff --git a/.github/workflows/build-centos-7.yml b/.github/workflows/build-centos-7.yml index 49744252de25..83e0520259da 100644 --- a/.github/workflows/build-centos-7.yml +++ b/.github/workflows/build-centos-7.yml @@ -144,7 +144,7 @@ jobs: # Now checkout Suricata for the bundle script. - name: Checking out Suricata - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - run: ./scripts/bundle.sh diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 42f6d79a977d..302de29ace23 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -105,7 +105,7 @@ jobs: # Now checkout Suricata for the bundle script. - name: Checking out Suricata - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - name: Fetching libhtp run: | @@ -193,7 +193,7 @@ jobs: - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # Download and extract dependency archives created during prep # job. @@ -350,7 +350,7 @@ jobs: - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # Download and extract dependency archives created during prep # job. @@ -441,7 +441,7 @@ jobs: - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # Prebuild check for duplicate SIDs - name: Check for duplicate SIDs @@ -767,7 +767,7 @@ jobs: - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -864,7 +864,7 @@ jobs: systemd-devel \ which \ zlib-devel - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -959,7 +959,7 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1059,7 +1059,7 @@ jobs: systemd-devel \ which \ zlib-devel - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1149,7 +1149,7 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1235,7 +1235,7 @@ jobs: which \ zlib-devel - run: adduser suricata - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1327,7 +1327,7 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1401,7 +1401,7 @@ jobs: # packaged Rust version is too old for coverage, so get from rustup - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1530,7 +1530,7 @@ jobs: # packaged Rust version is too old for coverage, so get from rustup - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1629,7 +1629,7 @@ jobs: zlib1g-dev \ exuberant-ctags \ dpdk-dev - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1787,7 +1787,7 @@ jobs: zlib1g \ zlib1g-dev \ exuberant-ctags - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1873,7 +1873,7 @@ jobs: zlib1g \ zlib1g-dev - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -1953,7 +1953,7 @@ jobs: linux-headers-$(uname -r) - name: Checkout Netmap repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 with: repository: luigirizzo/netmap # gets cloned to $GITHUB_WORKSPACE/netmap/ @@ -1966,7 +1966,7 @@ jobs: make -j ${{ env.CPUS }} sudo make install - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2070,7 +2070,7 @@ jobs: ninja -C build install ldconfig cd $HOME - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2153,7 +2153,7 @@ jobs: texlive-latex-extra \ zlib1g \ zlib1g-dev - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2238,7 +2238,7 @@ jobs: texlive-latex-extra \ zlib1g \ zlib1g-dev - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2319,7 +2319,7 @@ jobs: texlive-latex-extra \ zlib1g \ zlib1g-dev - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2408,7 +2408,7 @@ jobs: - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2488,7 +2488,7 @@ jobs: - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2547,7 +2547,7 @@ jobs: run: cargo install --debug --version 0.24.3 cbindgen - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: pip3 install PyYAML - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - name: Downloading prep archive uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: @@ -2580,7 +2580,7 @@ jobs: with: path: ~/.cargo key: ${{ github.job }}-cargo - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 @@ -2590,7 +2590,7 @@ jobs: # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2636,7 +2636,7 @@ jobs: with: path: ~/.cargo key: ${{ github.job }}-cargo - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 @@ -2646,7 +2646,7 @@ jobs: # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep @@ -2680,7 +2680,7 @@ jobs: with: path: ~/.cargo key: ${{ github.job }}-cargo - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 @@ -2690,7 +2690,7 @@ jobs: # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: prep diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 57b202665022..38b3d430d733 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,7 +37,7 @@ jobs: # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index 7d1d87350bf8..6f0ed5cb4018 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -74,7 +74,7 @@ jobs: cd $HOME/.cargo/bin curl -OL https://github.com/eqrion/cbindgen/releases/download/v0.24.3/cbindgen chmod 755 cbindgen - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 with: fetch-depth: 0 # The action above is supposed to do this for us, but it doesn't appear to stick. diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index 5adf1dd86f2e..62ac63c66eb1 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -89,7 +89,7 @@ jobs: # My patience simply ran too short to keep on looking. See follow-on # action to manually fix this up. - name: Checkout - might be merge commit! - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 with: fetch-depth: 0 # Use last commit of branch, not potential merge commit! diff --git a/.github/workflows/rust-checks.yml b/.github/workflows/rust-checks.yml index 5ac2739bf3d7..03b5589ab23f 100644 --- a/.github/workflows/rust-checks.yml +++ b/.github/workflows/rust-checks.yml @@ -83,7 +83,7 @@ jobs: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Install Cargo Audit run: cargo install cargo-audit - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - name: Configure Suricata run: | ./scripts/bundle.sh libhtp @@ -166,7 +166,7 @@ jobs: run: | curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain ${RUST_VERSION_MIN} -y echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - name: Configure Suricata run: | ./scripts/bundle.sh libhtp diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index eebf43c13eb8..73e5a5784cab 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -72,7 +72,7 @@ jobs: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Install cbindgen run: cargo install --debug cbindgen - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - run: git config --global --add safe.directory /__w/suricata/suricata - run: ./scripts/bundle.sh - run: ./autogen.sh diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml index 966139d10a57..b96449154e6b 100644 --- a/.github/workflows/scan-build.yml +++ b/.github/workflows/scan-build.yml @@ -68,7 +68,7 @@ jobs: software-properties-common \ zlib1g \ zlib1g-dev - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - run: ./scripts/bundle.sh - run: ./autogen.sh - run: scan-build-16 ./configure --enable-dpdk --enable-nfqueue --enable-nflog diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 1174246cab0f..c84d474c008d 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: "Run analysis" uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1