From dbdb46dcd2c15eafdd8677d462a1db43df16bf4d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 17 Mar 2025 09:44:48 +0100 Subject: [PATCH] Pin dependencies (#16791) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [CodSpeedHQ/action](https://redirect.github.com/CodSpeedHQ/action) | action | pinDigest | -> `0010eb0` | | [PyO3/maturin-action](https://redirect.github.com/PyO3/maturin-action) | action | pinDigest | -> `36db840` | | [SebRollen/toml-action](https://redirect.github.com/SebRollen/toml-action) | action | pinDigest | -> `b1b3628` | | [Swatinem/rust-cache](https://redirect.github.com/Swatinem/rust-cache) | action | pinDigest | -> `f0deed1` | | [actions/cache](https://redirect.github.com/actions/cache) | action | pinDigest | -> `d4323d4` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | pinDigest | -> `11bd719` | | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | pinDigest | -> `cc20338` | | [actions/github-script](https://redirect.github.com/actions/github-script) | action | pinDigest | -> `60a0d83` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | pinDigest | -> `cdca736` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | pinDigest | -> `4237552` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | pinDigest | -> `4cec3d8` | | [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv) | action | pinDigest | -> `f94ec6b` | | [dawidd6/action-download-artifact](https://redirect.github.com/dawidd6/action-download-artifact) | action | pinDigest | -> `20319c5` | | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | pinDigest | -> `471d1dc` | | [docker/login-action](https://redirect.github.com/docker/login-action) | action | pinDigest | -> `74a5d14` | | [docker/metadata-action](https://redirect.github.com/docker/metadata-action) | action | pinDigest | -> `902fa8e` | | [docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action) | action | pinDigest | -> `b5ca514` | | [extractions/setup-just](https://redirect.github.com/extractions/setup-just) | action | pinDigest | -> `dd310ad` | | [jetli/wasm-bindgen-action](https://redirect.github.com/jetli/wasm-bindgen-action) | action | pinDigest | -> `20b33e2` | | [jetli/wasm-pack-action](https://redirect.github.com/jetli/wasm-pack-action) | action | pinDigest | -> `0d096b0` | | [peter-evans/create-or-update-comment](https://redirect.github.com/peter-evans/create-or-update-comment) | action | pinDigest | -> `71345be` | | [peter-evans/find-comment](https://redirect.github.com/peter-evans/find-comment) | action | pinDigest | -> `3eae4d3` | | [taiki-e/install-action](https://redirect.github.com/taiki-e/install-action) | action | pinDigest | -> `2c41309` | | [uraimo/run-on-arch-action](https://redirect.github.com/uraimo/run-on-arch-action) | action | pinDigest | -> `ac33288` | | [webfactory/ssh-agent](https://redirect.github.com/webfactory/ssh-agent) | action | pinDigest | -> `dc588b6` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build-binaries.yml | 82 ++++++------- .github/workflows/build-docker.yml | 36 +++--- .github/workflows/ci.yaml | 128 ++++++++++---------- .github/workflows/daily_fuzz.yaml | 8 +- .github/workflows/daily_property_tests.yaml | 6 +- .github/workflows/mypy_primer.yaml | 10 +- .github/workflows/mypy_primer_comment.yaml | 8 +- .github/workflows/notify-dependents.yml | 2 +- .github/workflows/pr-comment.yaml | 8 +- .github/workflows/publish-docs.yml | 8 +- .github/workflows/publish-playground.yml | 8 +- .github/workflows/publish-pypi.yml | 4 +- .github/workflows/publish-wasm.yml | 8 +- .github/workflows/release.yml | 26 ++-- .github/workflows/sync_typeshed.yaml | 6 +- 15 files changed, 174 insertions(+), 174 deletions(-) diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index cfc59a3f70..955033a2a9 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -39,17 +39,17 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build sdist" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: command: sdist args: --out dist @@ -59,7 +59,7 @@ jobs: "${MODULE_NAME}" --help python -m "${MODULE_NAME}" --help - name: "Upload sdist" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: wheels-sdist path: dist @@ -68,23 +68,23 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }} runs-on: macos-14 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: x64 - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build wheels - x86_64" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: x86_64 args: --release --locked --out dist - name: "Upload wheels" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: wheels-macos-x86_64 path: dist @@ -99,7 +99,7 @@ jobs: tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-macos-x86_64 path: | @@ -110,18 +110,18 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }} runs-on: macos-14 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: arm64 - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build wheels - aarch64" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: aarch64 args: --release --locked --out dist @@ -131,7 +131,7 @@ jobs: ruff --help python -m ruff --help - name: "Upload wheels" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: wheels-aarch64-apple-darwin path: dist @@ -146,7 +146,7 @@ jobs: tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-aarch64-apple-darwin path: | @@ -166,18 +166,18 @@ jobs: - target: aarch64-pc-windows-msvc arch: x64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: ${{ matrix.platform.arch }} - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} args: --release --locked --out dist @@ -192,7 +192,7 @@ jobs: "${MODULE_NAME}" --help python -m "${MODULE_NAME}" --help - name: "Upload wheels" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: wheels-${{ matrix.platform.target }} path: dist @@ -203,7 +203,7 @@ jobs: 7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/ruff.exe sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-${{ matrix.platform.target }} path: | @@ -219,18 +219,18 @@ jobs: - x86_64-unknown-linux-gnu - i686-unknown-linux-gnu steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: x64 - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.target }} manylinux: auto @@ -242,7 +242,7 @@ jobs: "${MODULE_NAME}" --help python -m "${MODULE_NAME}" --help - name: "Upload wheels" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: wheels-${{ matrix.target }} path: dist @@ -260,7 +260,7 @@ jobs: tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-${{ matrix.target }} path: | @@ -294,23 +294,23 @@ jobs: arch: arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} manylinux: auto docker-options: ${{ matrix.platform.maturin_docker_options }} args: --release --locked --out dist - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 if: matrix.platform.arch != 'ppc64' name: Test wheel with: @@ -325,7 +325,7 @@ jobs: pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall ruff --help - name: "Upload wheels" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: wheels-${{ matrix.platform.target }} path: dist @@ -343,7 +343,7 @@ jobs: tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-${{ matrix.platform.target }} path: | @@ -359,18 +359,18 @@ jobs: - x86_64-unknown-linux-musl - i686-unknown-linux-musl steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: x64 - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.target }} manylinux: musllinux_1_2 @@ -387,7 +387,7 @@ jobs: .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall .venv/bin/${{ env.MODULE_NAME }} --help - name: "Upload wheels" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: wheels-${{ matrix.target }} path: dist @@ -405,7 +405,7 @@ jobs: tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-${{ matrix.target }} path: | @@ -425,23 +425,23 @@ jobs: arch: armv7 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} manylinux: musllinux_1_2 args: --release --locked --out dist docker-options: ${{ matrix.platform.maturin_docker_options }} - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 name: Test wheel with: arch: ${{ matrix.platform.arch }} @@ -454,7 +454,7 @@ jobs: .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall .venv/bin/${{ env.MODULE_NAME }} --help - name: "Upload wheels" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: wheels-${{ matrix.platform.target }} path: dist @@ -472,7 +472,7 @@ jobs: tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-${{ matrix.platform.target }} path: | diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index e6a6c9b008..ed62686e32 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -33,14 +33,14 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive persist-credentials: false - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -63,7 +63,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: images: ${{ env.RUFF_BASE_IMG }} # Defining this makes sure the org.opencontainers.image.version OCI label becomes the actual release version and not the branch name @@ -79,7 +79,7 @@ jobs: # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/ - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 with: context: . platforms: ${{ matrix.platform }} @@ -96,7 +96,7 @@ jobs: touch "/tmp/digests/${digest#sha256:}" - name: Upload digests - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: digests-${{ env.PLATFORM_TUPLE }} path: /tmp/digests/* @@ -113,17 +113,17 @@ jobs: if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: path: /tmp/digests pattern: digests-* merge-multiple: true - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: images: ${{ env.RUFF_BASE_IMG }} # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version @@ -131,7 +131,7 @@ jobs: type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }} type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }} - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -167,9 +167,9 @@ jobs: - debian:bookworm-slim,bookworm-slim,debian-slim - buildpack-deps:bookworm,bookworm,debian steps: - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -219,7 +219,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 # ghcr.io prefers index level annotations env: DOCKER_METADATA_ANNOTATIONS_LEVELS: index @@ -231,7 +231,7 @@ jobs: ${{ env.TAG_PATTERNS }} - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 with: context: . platforms: linux/amd64,linux/arm64 @@ -256,17 +256,17 @@ jobs: if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: path: /tmp/digests pattern: digests-* merge-multiple: true - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 env: DOCKER_METADATA_ANNOTATIONS_LEVELS: index with: @@ -276,7 +276,7 @@ jobs: type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }} type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }} - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a3abb70acf..51721721a6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -37,7 +37,7 @@ jobs: # Flag that is raised when any code that affects the fuzzer is changed fuzz: "true" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 persist-credentials: false @@ -100,7 +100,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: "Install Rust toolchain" @@ -114,10 +114,10 @@ jobs: if: ${{ needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main' }} timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: | rustup component add clippy @@ -134,20 +134,20 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - name: "Install mold" uses: rui314/setup-mold@v1 - name: "Install cargo nextest" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2c41309d51ede152b6f2ee6bf3b71e6dc9a8b7df # v2 with: tool: cargo-nextest - name: "Install cargo insta" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2c41309d51ede152b6f2ee6bf3b71e6dc9a8b7df # v2 with: tool: cargo-insta - name: "Run tests" @@ -168,7 +168,7 @@ jobs: env: # Setting RUSTDOCFLAGS because `cargo doc --check` isn't yet implemented (https://github.com/rust-lang/cargo/issues/10025). RUSTDOCFLAGS: "-D warnings" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: ruff path: target/debug/ruff @@ -180,20 +180,20 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - name: "Install mold" uses: rui314/setup-mold@v1 - name: "Install cargo nextest" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2c41309d51ede152b6f2ee6bf3b71e6dc9a8b7df # v2 with: tool: cargo-nextest - name: "Install cargo insta" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2c41309d51ede152b6f2ee6bf3b71e6dc9a8b7df # v2 with: tool: cargo-insta - name: "Run tests" @@ -209,14 +209,14 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - name: "Install cargo nextest" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2c41309d51ede152b6f2ee6bf3b71e6dc9a8b7df # v2 with: tool: cargo-nextest - name: "Run tests" @@ -236,18 +236,18 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup target add wasm32-unknown-unknown - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 20 cache: "npm" cache-dependency-path: playground/package-lock.json - - uses: jetli/wasm-pack-action@v0.4.0 + - uses: jetli/wasm-pack-action@0d096b08b4e5a7de8c28de67e11e945404e9eefa # v0.4.0 with: version: v0.13.1 - name: "Test ruff_wasm" @@ -265,10 +265,10 @@ jobs: if: ${{ github.ref == 'refs/heads/main' }} timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - name: "Install mold" @@ -283,15 +283,15 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: SebRollen/toml-action@v1.2.0 + - uses: SebRollen/toml-action@b1b3628f55fc3a28208d4203ada8b737e9687876 # v1.2.0 id: msrv with: file: "Cargo.toml" field: "workspace.package.rust-version" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" env: MSRV: ${{ steps.msrv.outputs.value }} @@ -299,11 +299,11 @@ jobs: - name: "Install mold" uses: rui314/setup-mold@v1 - name: "Install cargo nextest" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2c41309d51ede152b6f2ee6bf3b71e6dc9a8b7df # v2 with: tool: cargo-nextest - name: "Install cargo insta" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2c41309d51ede152b6f2ee6bf3b71e6dc9a8b7df # v2 with: tool: cargo-insta - name: "Run tests" @@ -320,10 +320,10 @@ jobs: if: ${{ github.ref == 'refs/heads/main' || needs.determine_changes.outputs.fuzz == 'true' || needs.determine_changes.outputs.code == 'true' }} timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: "fuzz -> target" - name: "Install Rust toolchain" @@ -348,11 +348,11 @@ jobs: env: FORCE_COLOR: 1 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: astral-sh/setup-uv@v5 - - uses: actions/download-artifact@v4 + - uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 + - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 name: Download Ruff binary to test id: download-cached-binary with: @@ -382,10 +382,10 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} timeout-minutes: 5 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup component add rustfmt # Run all code generation scripts, and verify that the current output is @@ -414,21 +414,21 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && github.event_name == 'pull_request' && needs.determine_changes.outputs.code == 'true' }} timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 name: Download comparison Ruff binary id: ruff-target with: name: ruff path: target/debug - - uses: dawidd6/action-download-artifact@v8 + - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 name: Download baseline Ruff binary with: name: ruff @@ -516,13 +516,13 @@ jobs: run: | echo ${{ github.event.number }} > pr-number - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 name: Upload PR Number with: name: pr-number path: pr-number - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 name: Upload Results with: name: ecosystem-result @@ -534,7 +534,7 @@ jobs: needs: determine_changes if: ${{ needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - uses: cargo-bins/cargo-binstall@main @@ -547,18 +547,18 @@ jobs: timeout-minutes: 20 if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: x64 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: args: --out dist - name: "Test wheel" @@ -574,19 +574,19 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - name: "Install pre-commit" run: pip install pre-commit - name: "Cache pre-commit" - uses: actions/cache@v4 + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 with: path: ~/.cache/pre-commit key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} @@ -608,22 +608,22 @@ jobs: env: MKDOCS_INSIDERS_SSH_KEY_EXISTS: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY != '' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "3.13" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Add SSH key" if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }} - uses: webfactory/ssh-agent@v0.9.0 + uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 with: ssh-private-key: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY }} - name: "Install Rust toolchain" run: rustup show - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - name: "Install Insiders dependencies" if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }} run: uv pip install -r docs/requirements-insiders.txt --system @@ -650,10 +650,10 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.formatter == 'true' || github.ref == 'refs/heads/main') }} timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - name: "Run checks" @@ -672,21 +672,21 @@ jobs: - determine_changes if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} steps: - - uses: extractions/setup-just@v2 + - uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6 # v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 name: "Download ruff-lsp source" with: persist-credentials: false repository: "astral-sh/ruff-lsp" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 name: Download development ruff binary id: ruff-target with: @@ -716,17 +716,17 @@ jobs: timeout-minutes: 20 steps: - name: "Checkout Branch" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - name: "Install codspeed" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2c41309d51ede152b6f2ee6bf3b71e6dc9a8b7df # v2 with: tool: cargo-codspeed @@ -734,7 +734,7 @@ jobs: run: cargo codspeed build --features codspeed -p ruff_benchmark - name: "Run benchmarks" - uses: CodSpeedHQ/action@v3 + uses: CodSpeedHQ/action@0010eb0ca6e89b80c88e8edaaa07cfe5f3e6664d # v3 with: run: cargo codspeed run token: ${{ secrets.CODSPEED_TOKEN }} diff --git a/.github/workflows/daily_fuzz.yaml b/.github/workflows/daily_fuzz.yaml index f3636d75ae..b02f8115aa 100644 --- a/.github/workflows/daily_fuzz.yaml +++ b/.github/workflows/daily_fuzz.yaml @@ -31,15 +31,15 @@ jobs: # Don't run the cron job on forks: if: ${{ github.repository == 'astral-sh/ruff' || github.event_name != 'schedule' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: astral-sh/setup-uv@v5 + - uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - name: "Install Rust toolchain" run: rustup show - name: "Install mold" uses: rui314/setup-mold@v1 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: Build ruff # A debug build means the script runs slower once it gets started, # but this is outweighed by the fact that a release build takes *much* longer to compile in CI @@ -65,7 +65,7 @@ jobs: permissions: issues: write steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/daily_property_tests.yaml b/.github/workflows/daily_property_tests.yaml index 540faf7607..ef8bbb9443 100644 --- a/.github/workflows/daily_property_tests.yaml +++ b/.github/workflows/daily_property_tests.yaml @@ -30,14 +30,14 @@ jobs: # Don't run the cron job on forks: if: ${{ github.repository == 'astral-sh/ruff' || github.event_name != 'schedule' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: "Install Rust toolchain" run: rustup show - name: "Install mold" uses: rui314/setup-mold@v1 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: Build Red Knot # A release build takes longer (2 min vs 1 min), but the property tests run much faster in release # mode (1.5 min vs 14 min), so the overall time is shorter with a release build. @@ -59,7 +59,7 @@ jobs: permissions: issues: write steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/mypy_primer.yaml b/.github/workflows/mypy_primer.yaml index e20e65a327..950c284786 100644 --- a/.github/workflows/mypy_primer.yaml +++ b/.github/workflows/mypy_primer.yaml @@ -28,16 +28,16 @@ jobs: runs-on: ubuntu-24.04 timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: path: ruff fetch-depth: 0 persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: "ruff" - name: Install Rust toolchain @@ -81,13 +81,13 @@ jobs: echo ${{ github.event.number }} > pr-number - name: Upload diff - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: mypy_primer_diff path: mypy_primer.diff - name: Upload pr-number - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: pr-number path: pr-number diff --git a/.github/workflows/mypy_primer_comment.yaml b/.github/workflows/mypy_primer_comment.yaml index c9d95f9e6e..593a38e79f 100644 --- a/.github/workflows/mypy_primer_comment.yaml +++ b/.github/workflows/mypy_primer_comment.yaml @@ -16,7 +16,7 @@ jobs: permissions: pull-requests: write steps: - - uses: dawidd6/action-download-artifact@v8 + - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 name: Download PR number with: name: pr-number @@ -32,7 +32,7 @@ jobs: echo "pr-number=$(> "$GITHUB_OUTPUT" fi - - uses: dawidd6/action-download-artifact@v8 + - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 name: "Download mypy_primer results" id: download-mypy_primer_diff if: steps.pr-number.outputs.pr-number @@ -79,7 +79,7 @@ jobs: echo 'EOF' >> "$GITHUB_OUTPUT" - name: Find existing comment - uses: peter-evans/find-comment@v3 + uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3 if: steps.generate-comment.outcome == 'success' id: find-comment with: @@ -89,7 +89,7 @@ jobs: - name: Create or update comment if: steps.find-comment.outcome == 'success' - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 with: comment-id: ${{ steps.find-comment.outputs.comment-id }} issue-number: ${{ steps.pr-number.outputs.pr-number }} diff --git a/.github/workflows/notify-dependents.yml b/.github/workflows/notify-dependents.yml index 54ddbb19ab..5b5c450e80 100644 --- a/.github/workflows/notify-dependents.yml +++ b/.github/workflows/notify-dependents.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Update pre-commit mirror" - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 with: github-token: ${{ secrets.RUFF_PRE_COMMIT_PAT }} script: | diff --git a/.github/workflows/pr-comment.yaml b/.github/workflows/pr-comment.yaml index 1a91670c58..e0fad2358a 100644 --- a/.github/workflows/pr-comment.yaml +++ b/.github/workflows/pr-comment.yaml @@ -16,7 +16,7 @@ jobs: permissions: pull-requests: write steps: - - uses: dawidd6/action-download-artifact@v8 + - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 name: Download pull request number with: name: pr-number @@ -32,7 +32,7 @@ jobs: echo "pr-number=$(> "$GITHUB_OUTPUT" fi - - uses: dawidd6/action-download-artifact@v8 + - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 name: "Download ecosystem results" id: download-ecosystem-result if: steps.pr-number.outputs.pr-number @@ -70,7 +70,7 @@ jobs: echo 'EOF' >> "$GITHUB_OUTPUT" - name: Find existing comment - uses: peter-evans/find-comment@v3 + uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3 if: steps.generate-comment.outcome == 'success' id: find-comment with: @@ -80,7 +80,7 @@ jobs: - name: Create or update comment if: steps.find-comment.outcome == 'success' - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 with: comment-id: ${{ steps.find-comment.outputs.comment-id }} issue-number: ${{ steps.pr-number.outputs.pr-number }} diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 72ee0da06c..08b53b4b68 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -23,12 +23,12 @@ jobs: env: MKDOCS_INSIDERS_SSH_KEY_EXISTS: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY != '' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ inputs.ref }} persist-credentials: true - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: 3.12 @@ -61,14 +61,14 @@ jobs: - name: "Add SSH key" if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }} - uses: webfactory/ssh-agent@v0.9.0 + uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 with: ssh-private-key: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY }} - name: "Install Rust toolchain" run: rustup show - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Insiders dependencies" if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }} diff --git a/.github/workflows/publish-playground.yml b/.github/workflows/publish-playground.yml index ad79300861..b0698b9484 100644 --- a/.github/workflows/publish-playground.yml +++ b/.github/workflows/publish-playground.yml @@ -24,20 +24,20 @@ jobs: env: CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: "Install Rust toolchain" run: rustup target add wasm32-unknown-unknown - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 20 cache: "npm" cache-dependency-path: playground/package-lock.json - - uses: jetli/wasm-pack-action@v0.4.0 + - uses: jetli/wasm-pack-action@0d096b08b4e5a7de8c28de67e11e945404e9eefa # v0.4.0 with: version: v0.13.1 - - uses: jetli/wasm-bindgen-action@v0.2.0 + - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0 - name: "Run wasm-pack" run: wasm-pack build --target web --out-dir ../../playground/src/pkg crates/ruff_wasm - name: "Install Node dependencies" diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index f4218d982f..ca61b9645f 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -22,8 +22,8 @@ jobs: id-token: write steps: - name: "Install uv" - uses: astral-sh/setup-uv@v5 - - uses: actions/download-artifact@v4 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 + - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: pattern: wheels-* path: wheels diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index 3069d60524..fb968663d0 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -29,15 +29,15 @@ jobs: target: [web, bundler, nodejs] fail-fast: false steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: "Install Rust toolchain" run: rustup target add wasm32-unknown-unknown - - uses: jetli/wasm-pack-action@v0.4.0 + - uses: jetli/wasm-pack-action@0d096b08b4e5a7de8c28de67e11e945404e9eefa # v0.4.0 with: version: v0.13.1 - - uses: jetli/wasm-bindgen-action@v0.2.0 + - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0 - name: "Run wasm-pack build" run: wasm-pack build --target ${{ matrix.target }} crates/ruff_wasm - name: "Rename generated package" @@ -45,7 +45,7 @@ jobs: jq '.name="@astral-sh/ruff-wasm-${{ matrix.target }}"' crates/ruff_wasm/pkg/package.json > /tmp/package.json mv /tmp/package.json crates/ruff_wasm/pkg - run: cp LICENSE crates/ruff_wasm/pkg # wasm-pack does not put the LICENSE file in the pkg - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 20 registry-url: "https://registry.npmjs.org" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8f6829676c..5cdfaf169d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -59,7 +59,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive - name: Install dist @@ -68,7 +68,7 @@ jobs: shell: bash run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.25.2-prerelease.3/cargo-dist-installer.sh | sh" - name: Cache dist - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: cargo-dist-cache path: ~/.cargo/bin/dist @@ -84,7 +84,7 @@ jobs: cat plan-dist-manifest.json echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" - name: "Upload dist-manifest.json" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-plan-dist-manifest path: plan-dist-manifest.json @@ -121,18 +121,18 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive - name: Install cached dist - uses: actions/download-artifact@v4 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: name: cargo-dist-cache path: ~/.cargo/bin/ - run: chmod +x ~/.cargo/bin/dist # Get all the local artifacts for the global tasks to use (for e.g. checksums) - name: Fetch local artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: pattern: artifacts-* path: target/distrib/ @@ -150,7 +150,7 @@ jobs: cp dist-manifest.json "$BUILD_MANIFEST_NAME" - name: "Upload artifacts" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: artifacts-build-global path: | @@ -171,18 +171,18 @@ jobs: outputs: val: ${{ steps.host.outputs.manifest }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive - name: Install cached dist - uses: actions/download-artifact@v4 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: name: cargo-dist-cache path: ~/.cargo/bin/ - run: chmod +x ~/.cargo/bin/dist # Fetch artifacts from scratch-storage - name: Fetch artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: pattern: artifacts-* path: target/distrib/ @@ -196,7 +196,7 @@ jobs: cat dist-manifest.json echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT" - name: "Upload dist-manifest.json" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: # Overwrite the previous copy name: artifacts-dist-manifest @@ -246,12 +246,12 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive # Create a GitHub Release while uploading all files to it - name: "Download GitHub Artifacts" - uses: actions/download-artifact@v4 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: pattern: artifacts-* path: artifacts diff --git a/.github/workflows/sync_typeshed.yaml b/.github/workflows/sync_typeshed.yaml index 991d92f957..662855b918 100644 --- a/.github/workflows/sync_typeshed.yaml +++ b/.github/workflows/sync_typeshed.yaml @@ -21,12 +21,12 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 name: Checkout Ruff with: path: ruff persist-credentials: true - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 name: Checkout typeshed with: repository: python/typeshed @@ -70,7 +70,7 @@ jobs: permissions: issues: write steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: |