diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml index edcfb2a..baa49ec 100644 --- a/.github/workflows/bench.yml +++ b/.github/workflows/bench.yml @@ -11,8 +11,8 @@ jobs: name: Criterion benchmark runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: boa-dev/criterion-compare-action@v3.2.4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: boa-dev/criterion-compare-action@adfd3a94634fe2041ce5613eb7df09d247555b87 # v3.2.4 with: branchName: ${{ github.base_ref }} benchName: "bench_archive" diff --git a/.github/workflows/mla_release.yml b/.github/workflows/mla_release.yml index 2049681..cd3cea9 100644 --- a/.github/workflows/mla_release.yml +++ b/.github/workflows/mla_release.yml @@ -67,20 +67,20 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable target: ${{ matrix.target }} - - uses: microsoft/setup-msbuild@v1.0.2 + - uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2.0.0 if: matrix.msvc_platform - name: Build static library - uses: actions-rs/cargo@v1 + uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1 with: command: build args: ${{ matrix.cargo_arg }} --manifest-path=bindings/C/Cargo.toml --target=${{ matrix.target }} - name: Upload resulting 'mla' - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: mla-${{ matrix.build }} path: ${{ matrix.path }} @@ -98,15 +98,15 @@ jobs: echo "using version tag ${GITHUB_REF:15}" echo "version=${GITHUB_REF:15}" >> $GITHUB_OUTPUT - name: Checkout code - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get Changelog Entry id: changelog_reader - uses: mindsers/changelog-reader-action@v2 + uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3 with: path: ./mla/CHANGELOG.md - name: Create Release id: create_release - uses: actions/create-release@v1.1.4 + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -116,32 +116,32 @@ jobs: draft: true - name: Download linux-x86_64 artifact - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: mla-linux-x86_64 - name: Download windows-i686 artifact - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: mla-windows-i686 - name: Download windows-x86_64 artifact - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: mla-windows-x86_64 - name: Download windows-i686-debug artifact - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: mla-windows-i686-debug - name: Download windows-x86_64-debug artifact - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: mla-windows-x86_64-debug - name: Release Linux artifact - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -158,7 +158,7 @@ jobs: zip --junk-paths windows-x86_64-debug mla-windows-x86_64-debug/mla.dll mla-windows-x86_64-debug/mla.lib mla-windows-x86_64-debug/mla.dll.lib mla-windows-x86_64-debug/mla.pdb - name: Release windows-i686 - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -168,7 +168,7 @@ jobs: asset_name: libmla-windows-i686-${{ steps.get_version.outputs.VERSION }}.zip - name: Release windows-x86_64 - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -178,7 +178,7 @@ jobs: asset_name: libmla-windows-x86_64-${{ steps.get_version.outputs.VERSION }}.zip - name: Release windows-i686-debug - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -188,7 +188,7 @@ jobs: asset_name: libmla-windows-i686-debug-${{ steps.get_version.outputs.VERSION }}.zip - name: Release windows-x86_64-debug - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -197,9 +197,9 @@ jobs: asset_content_type: application/zip asset_name: libmla-windows-x86_64-debug-${{ steps.get_version.outputs.VERSION }}.zip - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Release C Header file - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -209,7 +209,7 @@ jobs: asset_name: mla.h - name: Release CPP Header file - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/mlar_release.yml b/.github/workflows/mlar_release.yml index 5eb96df..bb1b05f 100644 --- a/.github/workflows/mlar_release.yml +++ b/.github/workflows/mlar_release.yml @@ -30,15 +30,15 @@ jobs: runs-on: ${{matrix.os}} steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable - name: Set target if any if: matrix.target run: rustup target add ${{ matrix.target }} - name: Build - uses: actions-rs/cargo@v1 + uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1 with: command: build args: --release --all-features --package mlar --verbose ${{ matrix.cargo_build }} @@ -46,7 +46,7 @@ jobs: if: matrix.build == 'linux' run: strip ./target/${{ matrix.target }}/release/mlar${{ matrix.extension }} - name: Upload resulting 'mlar' - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: mlar-${{ matrix.build }} path: ./target/${{ matrix.target }}/release/mlar${{ matrix.extension }} @@ -64,15 +64,15 @@ jobs: echo "using version tag ${GITHUB_REF:15}" echo "version=${GITHUB_REF:15}" >> $GITHUB_OUTPUT - name: Checkout code - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get Changelog Entry id: changelog_reader - uses: mindsers/changelog-reader-action@v2 + uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3 with: path: ./mlar/CHANGELOG.md - name: Create Release id: create_release - uses: actions/create-release@v1.1.4 + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -82,22 +82,22 @@ jobs: draft: true - name: Download Linux artifact - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: mlar-linux - name: Download Windows artifact - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: mlar-windows - name: Download MacOS artifact - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: mlar-macos - name: Release Linux artifact - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -107,7 +107,7 @@ jobs: asset_name: mlar-linux-static-${{ steps.get_version.outputs.VERSION }} - name: Release Windows artifact - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -117,7 +117,7 @@ jobs: asset_name: mlar-windows-${{ steps.get_version.outputs.VERSION }}.exe - name: Release MacOS artifact - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/py-bindings.yml b/.github/workflows/py-bindings.yml index e2e2102..afb530c 100644 --- a/.github/workflows/py-bindings.yml +++ b/.github/workflows/py-bindings.yml @@ -33,19 +33,19 @@ jobs: - runner: ubuntu-latest target: ppc64le steps: - - uses: actions/checkout@v4.2.2 - - uses: actions/setup-python@v5.3.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' - name: Build wheels - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1.45.0 with: target: ${{ matrix.platform.target }} args: --release --out dist --find-interpreter --manifest-path bindings/python/Cargo.toml sccache: 'true' manylinux: auto - name: Upload wheels - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: wheels-linux-${{ matrix.platform.target }} path: dist @@ -70,19 +70,19 @@ jobs: - runner: windows-latest target: x86 steps: - - uses: actions/checkout@v4.2.2 - - uses: actions/setup-python@v5.3.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' architecture: ${{ matrix.platform.target }} - name: Build wheels - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1.45.0 with: target: ${{ matrix.platform.target }} args: --release --out dist --find-interpreter --manifest-path bindings/python/Cargo.toml sccache: 'true' - name: Upload wheels - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: wheels-windows-${{ matrix.platform.target }} path: dist @@ -107,18 +107,18 @@ jobs: - runner: macos-latest target: aarch64 steps: - - uses: actions/checkout@v4.2.2 - - uses: actions/setup-python@v5.3.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' - name: Build wheels - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1.45.0 with: target: ${{ matrix.platform.target }} args: --release --out dist --find-interpreter --manifest-path bindings/python/Cargo.toml sccache: 'true' - name: Upload wheels - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: wheels-macos-${{ matrix.platform.target }} path: dist @@ -134,14 +134,14 @@ jobs: sdist: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build sdist - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1.45.0 with: command: sdist args: --out dist --manifest-path bindings/python/Cargo.toml - name: Upload sdist - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: wheels-sdist path: dist \ No newline at end of file diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index e7aa01f..1cbae6b 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -17,11 +17,11 @@ jobs: # Assert .h and .hpp bindings files are the ones generated runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable - - uses: actions-rs/cargo@v1 + - uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1 with: command: install args: cbindgen @@ -47,9 +47,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get ${{ matrix.changelog }} Changelog Entry - uses: mindsers/changelog-reader-action@v2 + uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3 id: changelog_reader with: # Check format for the last 10 entries diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0f44deb..d901365 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,21 +28,21 @@ jobs: runs-on: ${{matrix.os}} steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable - name: Build env: RUSTFLAGS: -D warnings - uses: actions-rs/cargo@v1 + uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1 with: command: build args: --release --all --exclude mla-fuzz-afl --verbose - name: Run tests run: cargo test --all --exclude mla-fuzz-afl --release --verbose - name: Upload resulting 'mlar' - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ matrix.build }} path: ./target/release/mlar${{ matrix.extension }} @@ -51,8 +51,8 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable - name: Run long tests @@ -62,8 +62,8 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable - name: Run long tests @@ -72,8 +72,8 @@ jobs: test-bindings-c-cpp-linux: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable - name: Run C bindings tests on Linux @@ -103,14 +103,14 @@ jobs: msvc_platform: x64 runs-on: windows-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: # pin to 1.82 cf. https://github.com/ANSSI-FR/MLA/pull/227#issuecomment-2545916785 toolchain: 1.82 default: true target: ${{ matrix.target }} - - uses: microsoft/setup-msbuild@v1.0.2 + - uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2.0.0 - name: Compile C/CPP bindings test program for Windows working-directory: bindings/C/tests/windows-msvc/ run: msbuild mla-bindings-test.sln /p:Platform=${{ matrix.msvc_platform }} /p:Configuration=${{ matrix.version }} @@ -122,14 +122,14 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable - name: Install dependencies run: sudo apt-get install llvm - name: Install cargo-afl binary crate - uses: actions-rs/install@v0.1 + uses: actions-rs/install@9da1d2adcfe5e7c16992e8242ca33a56b6d9b101 # v0.1.2 with: crate: cargo-afl version: latest @@ -142,8 +142,8 @@ jobs: fmt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable components: rustfmt @@ -153,29 +153,29 @@ jobs: audit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Security audit - uses: actions-rs/audit-check@v1 + uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 # v1.2.0 with: token: ${{ secrets.GITHUB_TOKEN }} clippy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable components: clippy - name: Install dependencies run: sudo apt-get install llvm - name: Install cargo-afl binary crate - uses: actions-rs/install@v0.1 + uses: actions-rs/install@9da1d2adcfe5e7c16992e8242ca33a56b6d9b101 # v0.1.2 with: crate: cargo-afl version: latest use-tool-cache: true - - uses: actions-rs/cargo@v1 + - uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # v1.0.1 with: command: clippy args: --all-targets -- -D warnings @@ -184,8 +184,8 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6 with: toolchain: stable - name: Dry-run publish curve25519-parser