cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/773?usp=email )
Change subject: GHA: Pin dependencies ...................................................................... GHA: Pin dependencies Done by renovate. Updates will also be handled by renovate. This makes the builds slightly more deterministic and removes some potential supply-chain attack vectors. GitHub: #610 Change-Id: I92dfbc3a0cc347a51892600bf02b501295ce612b Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com> Acked-by: Yuriy Darnobyt <yura.u...@gmail.com> Message-Id: <20240927093205.22981-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29461.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M .github/workflows/build.yaml M .github/workflows/coverity-scan.yml 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 361d457..1bc250d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,7 +13,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y uncrustify - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: openvpn - name: Show uncrustify version @@ -27,7 +27,7 @@ - name: Show changes on standard output run: git diff working-directory: openvpn - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: uncrustify-changes.patch path: 'openvpn/uncrustify-changes.patch' @@ -49,22 +49,22 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y mingw-w64 unzip cmake ninja-build build-essential wget python3-docutils man2html-base - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Restore from cache and install vcpkg - uses: lukka/run-vcpkg@v11.5 + uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest - uses: lukka/run-cmake@v10.7 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 with: configurePreset: mingw-${{ matrix.arch }} buildPreset: mingw-${{ matrix.arch }} buildPresetAdditionalArgs: "['--config Debug']" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: openvpn-mingw-${{ matrix.arch }} path: | @@ -72,7 +72,7 @@ ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll !${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: | @@ -91,9 +91,9 @@ name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" steps: - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Retrieve mingw unittest - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: unittests @@ -165,7 +165,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} ${PKCS11PKG} - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure @@ -195,7 +195,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure @@ -256,7 +256,7 @@ - name: Install dependencies run: brew install openssl@1.1 openssl@3 lzo lz4 man2html cmocka libtool automake autoconf libressl - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure @@ -280,27 +280,27 @@ runs-on: windows-latest steps: - - uses: actions/checkout@v4 - - uses: lukka/get-cmake@v3.30.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: lukka/get-cmake@070a0507a7abe157ef918deec391da1be197d2d1 # v3.30.3 - name: Install rst2html run: python -m pip install --upgrade pip docutils - name: Restore artifacts, or setup vcpkg (do not install any package) - uses: lukka/run-vcpkg@v11.5 + uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) - uses: lukka/run-cmake@v10.7 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 if: ${{ matrix.arch == 'arm64' }} with: configurePreset: win-${{ matrix.arch }}-release buildPreset: win-${{ matrix.arch }}-release - name: Run CMake with vcpkg.json manifest - uses: lukka/run-cmake@v10.7 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 if: ${{ matrix.arch != 'arm64' }} with: configurePreset: win-${{ matrix.arch }}-release @@ -308,7 +308,7 @@ testPreset: win-${{ matrix.arch }}-release testPresetAdditionalArgs: "['--output-on-failure']" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: openvpn-msvc-${{ matrix.arch }} path: | @@ -348,7 +348,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - name: "libressl: checkout" - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: libressl # versioning=semver-coerced @@ -369,7 +369,7 @@ - name: "ldconfig" run: sudo ldconfig - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure @@ -410,7 +410,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - name: "mbedtls: checkout" - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: mbedtls submodules: true @@ -424,7 +424,7 @@ run: sudo make install DESTDIR=/usr working-directory: mbedtls - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 37b8102..16c979d 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -13,7 +13,7 @@ steps: - name: Check submission cache id: check_submit - uses: actions/cache/restore@v4 + uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 with: path: | cov-int @@ -25,7 +25,7 @@ - name: Checkout OpenVPN if: steps.check_submit.outputs.cache-hit != 'true' - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Download Coverity Build Tool if: steps.check_submit.outputs.cache-hit != 'true' @@ -65,7 +65,7 @@ - name: Cache submission if: steps.check_submit.outputs.cache-hit != 'true' - uses: actions/cache/save@v4 + uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 with: path: | cov-int -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/773?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I92dfbc3a0cc347a51892600bf02b501295ce612b Gerrit-Change-Number: 773 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: uddr <yura.u...@gmail.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: merged
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
