Skip to content

Commit e3f2c8b

Browse files
felixhandtefelixhandte
committed
Pin actions/checkout Dependency to Specific Commit Hash
It's a bit silly, because if we can't trust GitHub, what are we doing here? But OSSF complains about it, so let's fix it.
1 parent ea19987 commit e3f2c8b

File tree

4 files changed

+55
-55
lines changed

4 files changed

+55
-55
lines changed

.github/workflows/dev-long-tests.yml

+22-22
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
make-all:
1414
runs-on: ubuntu-latest
1515
steps:
16-
- uses: actions/checkout@v3
16+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
1717
- name: make all
1818
run: make all
1919

@@ -24,52 +24,52 @@ jobs:
2424
DEVNULLRIGHTS: 1
2525
READFROMBLOCKDEVICE: 1
2626
steps:
27-
- uses: actions/checkout@v3
27+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
2828
- name: make test
2929
run: make test
3030

3131
# lasts ~26mn
3232
make-test-osx:
3333
runs-on: macos-latest
3434
steps:
35-
- uses: actions/checkout@v3
35+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
3636
- name: OS-X test
3737
run: make test # make -c lib all doesn't work because of the fact that it's not a tty
3838

3939
no-intrinsics-fuzztest:
4040
runs-on: ubuntu-latest
4141
steps:
42-
- uses: actions/checkout@v3
42+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
4343
- name: no intrinsics fuzztest
4444
run: MOREFLAGS="-DZSTD_NO_INTRINSICS" make -C tests fuzztest
4545

4646
tsan-zstreamtest:
4747
runs-on: ubuntu-latest
4848
steps:
49-
- uses: actions/checkout@v3
49+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
5050
- name: thread sanitizer zstreamtest
5151
run: CC=clang ZSTREAM_TESTTIME=-T3mn make tsan-test-zstream
5252

5353
ubsan-zstreamtest:
5454
runs-on: ubuntu-latest
5555
steps:
56-
- uses: actions/checkout@v3
56+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
5757
- name: undefined behavior sanitizer zstreamtest
5858
run: CC=clang make uasan-test-zstream
5959

6060
# lasts ~15mn
6161
tsan-fuzztest:
6262
runs-on: ubuntu-latest
6363
steps:
64-
- uses: actions/checkout@v3
64+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
6565
- name: thread sanitizer fuzztest
6666
run: CC=clang make tsan-fuzztest
6767

6868
# lasts ~23mn
6969
gcc-8-asan-ubsan-testzstd:
7070
runs-on: ubuntu-latest
7171
steps:
72-
- uses: actions/checkout@v3
72+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
7373
- name: gcc-8 + ASan + UBSan + Test Zstd
7474
# See https://askubuntu.com/a/1428822
7575
run: |
@@ -81,14 +81,14 @@ jobs:
8181
clang-asan-ubsan-testzstd:
8282
runs-on: ubuntu-latest
8383
steps:
84-
- uses: actions/checkout@v3
84+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
8585
- name: clang + ASan + UBSan + Test Zstd
8686
run: CC=clang make -j uasan-test-zstd </dev/null V=1
8787

8888
gcc-asan-ubsan-testzstd-32bit:
8989
runs-on: ubuntu-latest
9090
steps:
91-
- uses: actions/checkout@v3
91+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
9292
- name: ASan + UBSan + Test Zstd, 32bit mode
9393
run: |
9494
sudo apt-get -qqq update
@@ -102,7 +102,7 @@ jobs:
102102
gcc-8-asan-ubsan-fuzz:
103103
runs-on: ubuntu-latest
104104
steps:
105-
- uses: actions/checkout@v3
105+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
106106
- name: gcc-8 + ASan + UBSan + Fuzz Test
107107
# See https://askubuntu.com/a/1428822
108108
run: |
@@ -114,14 +114,14 @@ jobs:
114114
clang-asan-ubsan-fuzz:
115115
runs-on: ubuntu-latest
116116
steps:
117-
- uses: actions/checkout@v3
117+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
118118
- name: clang + ASan + UBSan + Fuzz Test
119119
run: CC=clang FUZZER_FLAGS="--long-tests" make clean uasan-fuzztest
120120

121121
gcc-asan-ubsan-fuzz32:
122122
runs-on: ubuntu-latest
123123
steps:
124-
- uses: actions/checkout@v3
124+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
125125
- name: ASan + UBSan + Fuzz Test 32bit
126126
run: |
127127
sudo apt-get -qqq update
@@ -131,7 +131,7 @@ jobs:
131131
clang-asan-ubsan-fuzz32:
132132
runs-on: ubuntu-latest
133133
steps:
134-
- uses: actions/checkout@v3
134+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
135135
- name: clang + ASan + UBSan + Fuzz Test 32bit
136136
run: |
137137
sudo apt-get -qqq update
@@ -141,28 +141,28 @@ jobs:
141141
asan-ubsan-regression:
142142
runs-on: ubuntu-latest
143143
steps:
144-
- uses: actions/checkout@v3
144+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
145145
- name: ASan + UBSan + Regression Test
146146
run: make -j uasanregressiontest
147147

148148
clang-ubsan-regression:
149149
runs-on: ubuntu-latest
150150
steps:
151-
- uses: actions/checkout@v3
151+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
152152
- name: clang + ASan + UBSan + Regression Test
153153
run: CC=clang make -j uasanregressiontest
154154

155155
msan-regression:
156156
runs-on: ubuntu-latest
157157
steps:
158-
- uses: actions/checkout@v3
158+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
159159
- name: MSan + Regression Test
160160
run: make -j msanregressiontest
161161

162162
clang-msan-fuzz:
163163
runs-on: ubuntu-latest
164164
steps:
165-
- uses: actions/checkout@v3
165+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
166166
- name: clang + MSan + Fuzz Test
167167
run: |
168168
sudo apt-get -qqq update
@@ -173,7 +173,7 @@ jobs:
173173
clang-msan-testzstd:
174174
runs-on: ubuntu-latest
175175
steps:
176-
- uses: actions/checkout@v3
176+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
177177
- name: clang + MSan + Test Zstd
178178
run: |
179179
sudo apt-get update
@@ -183,7 +183,7 @@ jobs:
183183
armfuzz:
184184
runs-on: ubuntu-latest
185185
steps:
186-
- uses: actions/checkout@v3
186+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
187187
- name: Qemu ARM emulation + Fuzz Test
188188
run: |
189189
sudo apt-get -qqq update
@@ -193,7 +193,7 @@ jobs:
193193
valgrind-fuzz-test:
194194
runs-on: ubuntu-latest
195195
steps:
196-
- uses: actions/checkout@v3
196+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
197197
- name: valgrind + fuzz test stack mode # ~ 7mn
198198
shell: 'script -q -e -c "bash {0}"'
199199
run: |
@@ -213,7 +213,7 @@ jobs:
213213
{ compiler: gcc, platform: x64, action: test, script: ""},
214214
]
215215
steps:
216-
- uses: actions/checkout@v3
216+
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3
217217
- name: Mingw long test
218218
run: |
219219
$env:PATH_ORIGINAL = $env:PATH

0 commit comments

Comments
 (0)