diff --git a/.github/workflows/build-docker-dev.yml b/.github/workflows/build-docker-dev.yml index 68e9d4f51f1..e097c936b83 100644 --- a/.github/workflows/build-docker-dev.yml +++ b/.github/workflows/build-docker-dev.yml @@ -32,7 +32,7 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout Repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Prepare Platform Environment Variable shell: bash @@ -42,18 +42,18 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: | ${{ env.IMAGE_NAME }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 with: version: latest - name: Login to GHCR Registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -61,7 +61,7 @@ jobs: - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: . file: deploy/build.Dockerfile @@ -80,7 +80,7 @@ jobs: touch "$RUNNER_TEMP/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: digests-${{ env.PLATFORM_PAIR }} path: ${{ runner.temp }}/digests/* @@ -96,27 +96,27 @@ jobs: needs: build-docker-ci-dev steps: - name: Download digests - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: path: ${{ runner.temp }}/digests pattern: digests-* merge-multiple: true - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 with: version: latest - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: ${{ env.IMAGE_NAME }} tags: | diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 3cb16569120..74ad8970b84 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -44,7 +44,7 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout Repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 fetch-tags: true @@ -52,19 +52,19 @@ jobs: - name: Download fda id: binaries - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: fda-${{ matrix.rust_target }} path: build - name: Download pipeline-manager - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: pipeline-manager-${{ matrix.rust_target }} path: build - name: Download Compiler Binaries - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: feldera-sql-compiler path: build @@ -83,18 +83,18 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: | ${{ vars.FELDERA_IMAGE_NAME }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 with: version: latest - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -102,7 +102,7 @@ jobs: - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: # `context` is somehow important to set, otherwise the build will use it's own git checkout instead of the one # checkout out earlier that also has the artifacts (!?) @@ -125,7 +125,7 @@ jobs: touch "$RUNNER_TEMP/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: digests-${{ env.PLATFORM_PAIR }} path: ${{ runner.temp }}/digests/* @@ -141,27 +141,27 @@ jobs: needs: build-docker steps: - name: Download digests - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: path: ${{ runner.temp }}/digests pattern: digests-* merge-multiple: true - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 with: version: latest - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: ${{ vars.FELDERA_IMAGE_NAME }} tags: | @@ -179,7 +179,7 @@ jobs: run: | docker buildx imagetools inspect ${{ vars.FELDERA_IMAGE_NAME }}:${{ steps.meta.outputs.version }} - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 @@ -196,7 +196,7 @@ jobs: run: echo "${{ steps.meta.outputs.version }}" > /tmp/docker-image-ready.txt - name: Upload docker-image-ready artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: docker-image-ready path: /tmp/docker-image-ready.txt diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 2ad041c10ed..60676a5a2b3 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -7,13 +7,13 @@ jobs: build-docs: runs-on: ubuntu-latest-amd64 steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1 with: node-version: 25 - name: Install required-version defined in pyproject.toml - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: pyproject-file: "python/pyproject.toml" @@ -34,7 +34,7 @@ jobs: yarn build - name: Upload docs - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: feldera-docs path: ./docs.feldera.com/build diff --git a/.github/workflows/build-java.yml b/.github/workflows/build-java.yml index 64e39bd43f4..5d35c86e8b6 100644 --- a/.github/workflows/build-java.yml +++ b/.github/workflows/build-java.yml @@ -20,9 +20,9 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/cache@v5 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: | /home/ubuntu/.gradle @@ -52,14 +52,14 @@ jobs: cp ./sql-to-dbsp-compiler/SQL-compiler/target/sql2dbsp-jar-with-dependencies.jar build-artifacts/ - name: Upload build artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: feldera-sql-compiler path: build-artifacts retention-days: 7 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v5.1.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ vars.SQL2DBSP_UPLOAD_ROLE }} role-session-name: gha-${{ github.run_id }} diff --git a/.github/workflows/build-rust.yml b/.github/workflows/build-rust.yml index 92501408e99..d9fe5451f4c 100644 --- a/.github/workflows/build-rust.yml +++ b/.github/workflows/build-rust.yml @@ -42,10 +42,10 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Cache Cargo registry and index - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: | ~/.cargo/registry @@ -117,21 +117,21 @@ jobs: # Upload test binaries as one artifact - name: Upload test artifacts - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: feldera-test-binaries-${{ matrix.target }} path: build-artifacts retention-days: 7 - name: Upload fda - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: fda-${{ matrix.target }} path: build-release-artifacts/fda retention-days: 7 - name: Upload pipeline-manager - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: pipeline-manager-${{ matrix.target }} path: build-release-artifacts/pipeline-manager @@ -159,13 +159,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Add Rust target run: rustup target add ${{ matrix.target }} - name: Cache Cargo registry and index - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: | ~/.cargo/registry @@ -178,7 +178,7 @@ jobs: run: cargo build --release --locked -p fda --target=${{ matrix.target }} - name: Upload fda - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: fda-${{ matrix.target }} path: target/${{ matrix.target }}/release/${{ matrix.fda_artifact }} diff --git a/.github/workflows/check-failures.yml b/.github/workflows/check-failures.yml index c26aaec33e8..cc94c15c77c 100644 --- a/.github/workflows/check-failures.yml +++ b/.github/workflows/check-failures.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest-amd64 if: github.event.workflow_run.conclusion == 'failure' || github.event.workflow_run.conclusion == 'timed_out' steps: - - uses: ravsamhq/notify-slack-action@v2 + - uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # v2 with: status: ${{ github.event.workflow_run.conclusion }} notification_title: " ${{github.event.workflow_run.name}} - ${{github.event.workflow_run.conclusion}} on ${{github.event.workflow_run.head_branch}} - <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.event.workflow_run.id}}|View Failure>" diff --git a/.github/workflows/ci-post-release.yml b/.github/workflows/ci-post-release.yml index 6e53fba1f39..e00d9d9c577 100644 --- a/.github/workflows/ci-post-release.yml +++ b/.github/workflows/ci-post-release.yml @@ -38,15 +38,15 @@ jobs: shell: bash working-directory: ./python steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install uv - uses: astral-sh/setup-uv@v2 + uses: astral-sh/setup-uv@6dfebec6ddbcd197e02256fbdf54deb334fb7f06 # v2 with: version: "0.11.3" enable-cache: true cache-dependency-glob: "python/uv.lock" - name: "Set up Python" - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version-file: "python/pyproject.toml" - name: Install the project @@ -56,7 +56,7 @@ jobs: uv build - name: Publish package if: ${{ vars.RELEASE_DRY_RUN == 'false' }} - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e with: packages-dir: ./python/dist - name: Minimize uv cache @@ -86,14 +86,14 @@ jobs: shell: bash working-directory: ./python steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install uv - uses: astral-sh/setup-uv@v2 + uses: astral-sh/setup-uv@6dfebec6ddbcd197e02256fbdf54deb334fb7f06 # v2 with: version: "0.11.3" enable-cache: true - name: "Set up Python" - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: "3.10" - name: Install and build dbt-feldera @@ -104,7 +104,7 @@ jobs: uv build - name: Publish dbt-feldera if: ${{ vars.RELEASE_DRY_RUN == 'false' }} - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e with: packages-dir: ./python/dbt-feldera/dist - name: Minimize uv cache @@ -130,13 +130,13 @@ jobs: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 with: app-id: ${{ vars.CI_ACCESS_APP_ID }} private-key: ${{ secrets.CI_ACCESS_APP_PKEY }} permission-contents: write - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This runs on main because we make the commit on main at the end of the workflow, # we use the token so it can circument push to main protection rules @@ -169,7 +169,7 @@ jobs: - name: List changes run: | git diff - - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 + - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # a94899bca583c204427a224a7af87c02f9b325d5 if: ${{ vars.RELEASE_DRY_RUN == 'false' }} with: message: "ci: Prepare for v${{ env.NEXT_VERSION }}" diff --git a/.github/workflows/ci-pre-mergequeue.yml b/.github/workflows/ci-pre-mergequeue.yml index d2db3e3c21b..5b17e460e4f 100644 --- a/.github/workflows/ci-pre-mergequeue.yml +++ b/.github/workflows/ci-pre-mergequeue.yml @@ -34,7 +34,7 @@ jobs: - name: Generate GitHub App token if: ${{ github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 with: app-id: ${{ vars.CI_ACCESS_APP_ID }} private-key: ${{ secrets.CI_ACCESS_APP_PKEY }} @@ -42,7 +42,7 @@ jobs: - name: Checkout (internal PRs) if: ${{ github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This needs to be set to a token to trigger a follow-up workflow # in case some changes were corrected. @@ -50,10 +50,10 @@ jobs: - name: Checkout (fork/dependabot PRs) if: ${{ github.event.pull_request.head.repo.full_name != github.repository || github.actor == 'dependabot[bot]' }} - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Cache uv pre-commit environments - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: | ~/.cache/pre-commit @@ -61,7 +61,7 @@ jobs: key: pre-commit-uv-1|${{ hashFiles('.pre-commit-config.yaml') }} - name: Cache Cargo registry and index - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: | ~/.cargo/registry @@ -87,7 +87,7 @@ jobs: - name: Print sccache stats run: sccache --show-stats - - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 + - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # b863ae1933cb653a53c021fe36dbb774e1fb9403 # Only attempt auto-fix commits for internal branches (forks and dependabot can't be pushed to) if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} with: diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 0f5ade1ea57..7b860576d24 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -58,7 +58,7 @@ jobs: fi - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-tags: true ref: ${{ env.SHA_TO_RELEASE }} @@ -66,7 +66,7 @@ jobs: - name: Download artifact id: download-artifact - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 + uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 with: workflow: ci.yml workflow_conclusion: success @@ -100,7 +100,7 @@ jobs: repositories: ${{ github.event.repository.name }} - name: Release on GitHub - uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 + uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # 72f2c25fcb47643c292f7107632f7a47c1df5cd8 with: target_commitish: ${{ env.SHA_TO_RELEASE }} tag_name: v${{ env.CURRENT_VERSION }} @@ -122,7 +122,7 @@ jobs: token: ${{ steps.release-token.outputs.token }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v5.1.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::737834633458:role/GhaSql2DbspJarUpload role-session-name: gha-${{ github.run_id }} @@ -152,14 +152,14 @@ jobs: # Publish Docker images - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 with: version: latest diff --git a/.github/workflows/docs-linkcheck.yml b/.github/workflows/docs-linkcheck.yml index 47eaf6947c4..d4159bd94b5 100644 --- a/.github/workflows/docs-linkcheck.yml +++ b/.github/workflows/docs-linkcheck.yml @@ -11,11 +11,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install the default version of uv id: setup-uv - uses: astral-sh/setup-uv@v2 + uses: astral-sh/setup-uv@6dfebec6ddbcd197e02256fbdf54deb334fb7f06 # v2 # ignored crates.io due to https://github.com/rust-lang/crates.io/issues/788 - name: Check links on feldera.com diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml index 664ebecccc9..2f17b96882e 100644 --- a/.github/workflows/generate-sbom.yml +++ b/.github/workflows/generate-sbom.yml @@ -12,16 +12,16 @@ jobs: runs-on: ubuntu-latest-amd64 steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Download Syft - uses: anchore/sbom-action/download-syft@v0.17.4 + uses: anchore/sbom-action/download-syft@8d0a6505bf28ced3e85154d13dc6af83299e13f1 # v0.17.4 - name: Create source SBOM run: syft dir:. --output spdx-json=feldera-sbom-source-${GITHUB_SHA}.spdx.json - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -33,7 +33,7 @@ jobs: syft "$IMAGE_REF" --output spdx-json=feldera-sbom-image-${GITHUB_SHA}.spdx.json - name: Upload SBOM artifacts - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: feldera-sbom path: | diff --git a/.github/workflows/publish-crates.yml b/.github/workflows/publish-crates.yml index 1d764d930f5..3be88a12518 100644 --- a/.github/workflows/publish-crates.yml +++ b/.github/workflows/publish-crates.yml @@ -46,11 +46,11 @@ jobs: run: | echo "K8S node: ${K8S_NODE_NAME}" - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ inputs.tag || github.ref }} - - uses: rust-lang/crates-io-auth-action@v1 + - uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1 if: ${{ inputs.environment == 'release' }} id: auth diff --git a/.github/workflows/publish-python.yml b/.github/workflows/publish-python.yml index 449391a7b04..60016640865 100644 --- a/.github/workflows/publish-python.yml +++ b/.github/workflows/publish-python.yml @@ -29,17 +29,17 @@ jobs: url: https://pypi.org/p/feldera steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ inputs.tag || github.ref }} - name: Install uv - uses: astral-sh/setup-uv@v2 + uses: astral-sh/setup-uv@6dfebec6ddbcd197e02256fbdf54deb334fb7f06 # v2 with: version: "0.11.3" enable-cache: true cache-dependency-glob: "python/uv.lock" - name: "Set up Python" - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version-file: "python/pyproject.toml" - name: Install the project @@ -50,7 +50,7 @@ jobs: - name: Publish package if: ${{ vars.RELEASE_DRY_RUN == 'false' }} - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e with: packages-dir: ./python/dist @@ -64,16 +64,16 @@ jobs: url: https://pypi.org/p/dbt-feldera steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ inputs.tag || github.ref }} - name: Install uv - uses: astral-sh/setup-uv@v2 + uses: astral-sh/setup-uv@6dfebec6ddbcd197e02256fbdf54deb334fb7f06 # v2 with: version: "0.11.3" enable-cache: true - name: "Set up Python" - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: "3.10" - name: Install and build dbt-feldera @@ -84,7 +84,7 @@ jobs: uv build - name: Publish dbt-feldera if: ${{ vars.RELEASE_DRY_RUN == 'false' }} - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e with: packages-dir: ./python/dbt-feldera/dist diff --git a/.github/workflows/test-adapters.yml b/.github/workflows/test-adapters.yml index 8605bf5f4c4..cacb4a30837 100644 --- a/.github/workflows/test-adapters.yml +++ b/.github/workflows/test-adapters.yml @@ -57,10 +57,10 @@ jobs: --health-retries 5 steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Download Test Binaries - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: feldera-test-binaries-${{ matrix.target }} path: build @@ -72,7 +72,7 @@ jobs: run: chmod +x ./build/* - name: Setup uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: version: "0.6.5" @@ -136,10 +136,10 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Download Test Binaries - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: feldera-test-binaries-x86_64-unknown-linux-gnu path: build diff --git a/.github/workflows/test-integration-platform.yml b/.github/workflows/test-integration-platform.yml index 927730fd0b6..3075cbff37c 100644 --- a/.github/workflows/test-integration-platform.yml +++ b/.github/workflows/test-integration-platform.yml @@ -73,10 +73,10 @@ jobs: OIDC_TEST_PASSWORD: ${{ secrets.OIDC_TEST_PASSWORD }} steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install the latest version of uv - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6 - name: Login to GHCR with GITHUB_TOKEN run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin @@ -200,7 +200,7 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Check OIDC configuration and connectivity if: vars.OIDC_TEST_ISSUER != '' && vars.OIDC_TEST_CLIENT_ID != '' @@ -229,7 +229,7 @@ jobs: IN_CI: 1 # We use this flag to skip some kafka tests in the python code base - name: Download fda binary - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: fda-${{ matrix.target }} path: build diff --git a/.github/workflows/test-integration-runtime.yml b/.github/workflows/test-integration-runtime.yml index 0d0bc49a1ea..a598f5bbdd5 100644 --- a/.github/workflows/test-integration-runtime.yml +++ b/.github/workflows/test-integration-runtime.yml @@ -38,7 +38,7 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Python runtime tests if: ${{ vars.CI_DRY_RUN != 'true' && !contains(vars.CI_SKIP_JOBS, 'runtime-pytest') }} diff --git a/.github/workflows/test-java-nightly.yml b/.github/workflows/test-java-nightly.yml index 0d5de926fbc..f93ab81167b 100644 --- a/.github/workflows/test-java-nightly.yml +++ b/.github/workflows/test-java-nightly.yml @@ -27,12 +27,12 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Cache Rust dependencies - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - - uses: actions/cache@v5 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: | /home/ubuntu/.gradle diff --git a/.github/workflows/test-java.yml b/.github/workflows/test-java.yml index b6f0c21d8dc..4e0e7cf3ee3 100644 --- a/.github/workflows/test-java.yml +++ b/.github/workflows/test-java.yml @@ -35,12 +35,12 @@ jobs: echo "K8S node: ${K8S_NODE_NAME}" - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Cache Rust dependencies - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - - uses: actions/cache@v5 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: | /home/ubuntu/.gradle diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index 74322c6610d..acc92e228dd 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -30,16 +30,16 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Download Test Binaries - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: feldera-test-binaries-${{ matrix.target }} path: build - name: Download Compiler Binaries - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: feldera-sql-compiler path: sql-build diff --git a/.github/workflows/test-web-console-e2e.yml b/.github/workflows/test-web-console-e2e.yml index 31f116d2069..15a3a1a9176 100644 --- a/.github/workflows/test-web-console-e2e.yml +++ b/.github/workflows/test-web-console-e2e.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Bun run: | diff --git a/.github/workflows/test-web-console-unit.yml b/.github/workflows/test-web-console-unit.yml index 6816944e465..07b5b0c694b 100644 --- a/.github/workflows/test-web-console-unit.yml +++ b/.github/workflows/test-web-console-unit.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Bun run: |