diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb449197f78bd..2784ac46c055f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,7 +52,7 @@ jobs: run_type: ${{ steps.jobs.outputs.run_type }} steps: - name: Checkout the source code - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Test citool # Only test citool on the auto branch, to reduce latency of the calculate matrix job # on PR/try builds. @@ -117,7 +117,7 @@ jobs: run: git config --global core.autocrlf false - name: checkout the source code - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 2 @@ -254,7 +254,7 @@ jobs: df -h - name: upload artifacts to github - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: # name is set in previous step name: ${{ env.DOC_ARTIFACT_NAME }} @@ -315,7 +315,7 @@ jobs: environment: ${{ (github.repository == 'rust-lang/rust' && 'bors') || '' }} steps: - name: checkout the source code - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 2 # Publish the toolstate if an auto build succeeds (just before push to the default branch) diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 4d2e2989e834a..19ec8dc1a47be 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -51,7 +51,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: checkout the source code - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive - name: install the bootstrap toolchain @@ -66,7 +66,7 @@ jobs: run: ./src/tools/update-lockfile.sh - name: upload Cargo.lock artifact for use in PR - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Cargo-lock path: | @@ -75,7 +75,7 @@ jobs: src/tools/rustbook/Cargo.lock retention-days: 1 - name: upload cargo-update log artifact for use in PR - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: cargo-updates path: cargo_update.log @@ -91,14 +91,14 @@ jobs: pull-requests: write steps: - name: checkout the source code - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: download Cargo.lock from update job - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: Cargo-lock - name: download cargo-update log from update job - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: cargo-updates diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml index ddb3b2ce0dd58..29550407af519 100644 --- a/.github/workflows/ghcr.yml +++ b/.github/workflows/ghcr.yml @@ -29,7 +29,7 @@ jobs: # Needed to write to the ghcr.io registry packages: write steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/post-merge.yml b/.github/workflows/post-merge.yml index c3d9217a645be..81359b7f603c5 100644 --- a/.github/workflows/post-merge.yml +++ b/.github/workflows/post-merge.yml @@ -15,7 +15,7 @@ jobs: permissions: pull-requests: write steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # Make sure that we have enough commits to find the parent merge commit. # Since all merges should be through merge commits, fetching two commits