diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 3e1a998b..0f912d3e 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -14,9 +14,9 @@ jobs: github-actions-ratchet-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # ratchet:actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4 - name: Install ratchet run: go install github.com/sethvargo/ratchet@latest - name: Ratchet Check @@ -24,13 +24,13 @@ jobs: commitlint-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 with: fetch-depth: '0' - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # ratchet:actions/setup-node@v3 + - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # ratchet:actions/setup-node@v3 with: node-version-file: '.nvmrc' - - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # ratchet:pnpm/action-setup@v2 + - uses: pnpm/action-setup@eae0cfeb286e66ffb5155f1a79b90583a127a68b # ratchet:pnpm/action-setup@v2 id: pnpm-install with: version: 9 @@ -42,7 +42,7 @@ jobs: node-check: runs-on: ubicloud-standard-16 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 with: submodules: 'true' - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 @@ -51,16 +51,16 @@ jobs: target: wasm32-unknown-unknown override: true profile: minimal - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 - - uses: taiki-e/cache-cargo-install-action@caa6f48d18d42462f9c30df89e2b4f71a42b7c2c # ratchet:taiki-e/cache-cargo-install-action@v1 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 + - uses: taiki-e/cache-cargo-install-action@c1c0be4dfa152beb021a9b8af00d6e4aac4a4e16 # ratchet:taiki-e/cache-cargo-install-action@v1 with: tool: wasm-bindgen-cli - name: Build rust wasm run: make rust_build_wasm - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # ratchet:actions/setup-node@v3 + - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # ratchet:actions/setup-node@v3 with: node-version-file: '.nvmrc' - - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # ratchet:pnpm/action-setup@v2 + - uses: pnpm/action-setup@eae0cfeb286e66ffb5155f1a79b90583a127a68b # ratchet:pnpm/action-setup@v2 with: version: 9 - name: Install dependencies @@ -72,7 +72,7 @@ jobs: env: PLAYWRIGHT_SKIP_DOWNLOAD_BROWSER: true steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 # Comes from https://github.com/ludeeus/action-shellcheck/blob/master/action.yaml - name: Download shellcheck run: sudo apt-get install -y shellcheck @@ -82,12 +82,12 @@ jobs: name: Rust Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 with: toolchain: stable profile: minimal - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # ratchet:actions-rs/cargo@v1 with: command: test @@ -95,7 +95,7 @@ jobs: name: Rust Build runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 - name: Install stable toolchain uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 with: @@ -103,8 +103,8 @@ jobs: components: rustfmt, clippy - name: Install wasm target run: rustup target add wasm32-unknown-unknown - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 - - uses: taiki-e/cache-cargo-install-action@caa6f48d18d42462f9c30df89e2b4f71a42b7c2c # ratchet:taiki-e/cache-cargo-install-action@v1 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 + - uses: taiki-e/cache-cargo-install-action@c1c0be4dfa152beb021a9b8af00d6e4aac4a4e16 # ratchet:taiki-e/cache-cargo-install-action@v1 with: tool: wasm-bindgen-cli - name: Check CI scripts @@ -113,19 +113,19 @@ jobs: name: Rust Build Windows runs-on: windows-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 - name: Install stable toolchain uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 with: toolchain: stable - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 - name: Check CI scripts run: cargo build sqruff-template: name: Lint template with sqruff runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 - uses: quarylabs/install-sqruff-cli-action@7805329baf7cf340e849e254cddc782f08f2d36c # ratchet:quarylabs/install-sqruff-cli-action@main - name: Lint template run: make sql_lint_template @@ -133,7 +133,7 @@ jobs: name: Check versions match runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 - name: Install jq run: sudo apt-get install jq - run: make check_versions_match @@ -141,11 +141,11 @@ jobs: name: Prettier YAML Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # ratchet:actions/setup-node@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 + - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # ratchet:actions/setup-node@v3 with: node-version-file: '.nvmrc' - - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # ratchet:pnpm/action-setup@v2 + - uses: pnpm/action-setup@eae0cfeb286e66ffb5155f1a79b90583a127a68b # ratchet:pnpm/action-setup@v2 name: Install pnpm with: version: 9 diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 2713be0e..bc07d27c 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -10,7 +10,7 @@ jobs: name: Check versions match runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 - name: Install jq run: sudo apt-get install jq - name: Check release version matches code @@ -36,8 +36,8 @@ jobs: needs: - check-versions-match steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 - name: Set up Rust uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 with: @@ -79,8 +79,8 @@ jobs: needs: - check-versions-match steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 - name: Set up Rust uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 with: @@ -125,8 +125,8 @@ jobs: needs: - check-versions-match steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 - name: Set up Rust uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 with: @@ -152,32 +152,20 @@ jobs: MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} - run: | - # Turn our base64-encoded certificate back to a regular .p12 file - echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 - - # We need to create a new keychain, otherwise using the certificate will prompt - # with a UI dialog asking for the certificate password, which we can't - # use in a headless CI environment - - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain - security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain - - # We finally codesign our app bundle, specifying the Hardened runtime option - /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime target/${{ matrix.platform.target }}/release/${{ matrix.platform.bin }} -v + run: "# Turn our base64-encoded certificate back to a regular .p12 file\necho $MACOS_CERTIFICATE | base64 --decode > certificate.p12\n\n# We need to create a new keychain, otherwise using the certificate will prompt\n# with a UI dialog asking for the certificate password, which we can't\n# use in a headless CI environment\n\nsecurity create-keychain -p \"$MACOS_CI_KEYCHAIN_PWD\" build.keychain \nsecurity default-keychain -s build.keychain\nsecurity unlock-keychain -p \"$MACOS_CI_KEYCHAIN_PWD\" build.keychain\nsecurity import certificate.p12 -k build.keychain -P \"$MACOS_CERTIFICATE_PWD\" -T /usr/bin/codesign\nsecurity set-key-partition-list -S apple-tool:,apple:,codesign: -s -k \"$MACOS_CI_KEYCHAIN_PWD\" build.keychain\n\n# We finally codesign our app bundle, specifying the Hardened runtime option\n/usr/bin/codesign --force -s \"$MACOS_CERTIFICATE_NAME\" --options runtime target/${{ matrix.platform.target }}/release/${{ matrix.platform.bin }} -v\n" - name: Package as archive run: | + cd target/${{ matrix.platform.target }}/release zip -j ${{ matrix.platform.name }} ${{ matrix.platform.bin }} mv ${{ matrix.platform.name }} ../../../ + - name: Notarize app bundle timeout-minutes: 30 # Extract the secrets we defined earlier as environment variables env: PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} + PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} run: | @@ -210,12 +198,12 @@ jobs: needs: - check-versions-match steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 - name: Install stable toolchain uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 with: toolchain: stable - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 - run: cargo build --release - name: Extract version from tag id: version @@ -238,10 +226,10 @@ jobs: - upload_cli_release_windows steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 - name: Fetch Release Assets id: fetch-assets - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # ratchet:actions/github-script@v5 + uses: actions/github-script@211cb3fefb35a799baa5156f9321bb774fe56294 # ratchet:actions/github-script@v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -256,22 +244,24 @@ jobs: const assets = response.data.map(asset => ({ url: asset.url, name: asset.name })); fs.writeFileSync('assets.json', JSON.stringify(assets)); - - name: Download and Calculate SHA-256 Hashes run: | mkdir -p downloads + echo "File Name | SHA-256 Hash" >> SHA256SUMS.txt echo "--------- | ------------" >> SHA256SUMS.txt jq -c '.[]' assets.json | while read -r asset; do url=$(echo $asset | jq -r '.url') name=$(echo $asset | jq -r '.name') + curl -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/octet-stream" -o "downloads/$name" "$url" echo "Calculating SHA-256 for $name" + hash=$(sha256sum "downloads/$name" | awk '{print $1}') echo "$name | $hash" >> SHA256SUMS.txt done - name: Update Release Description with SHA-256 Hashes - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # ratchet:actions/github-script@v5 + uses: actions/github-script@211cb3fefb35a799baa5156f9321bb774fe56294 # ratchet:actions/github-script@v5 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -286,7 +276,6 @@ jobs: release_id: release.id, body: newBody }); - update-homebrew-formula: name: Update Homebrew Formula runs-on: ubuntu-latest @@ -299,5 +288,5 @@ jobs: env: HOMEBREW_ACCESS_TOKEN: ${{ secrets.HOMEBREW_ACCESS_TOKEN }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 - run: ./.hacking/scripts/update_homebrew_pr.sh $HOMEBREW_ACCESS_TOKEN diff --git a/.github/workflows/release-vsix.yml b/.github/workflows/release-vsix.yml index 06eec4ad..a2bced8a 100644 --- a/.github/workflows/release-vsix.yml +++ b/.github/workflows/release-vsix.yml @@ -10,7 +10,7 @@ jobs: name: Check versions match runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 with: submodules: 'true' - name: Install jq @@ -22,7 +22,7 @@ jobs: needs: - check-versions-match steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 with: submodules: 'true' - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # ratchet:actions-rs/toolchain@v1 @@ -31,16 +31,16 @@ jobs: target: wasm32-unknown-unknown override: true profile: minimal - - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # ratchet:Swatinem/rust-cache@v2 - - uses: taiki-e/cache-cargo-install-action@caa6f48d18d42462f9c30df89e2b4f71a42b7c2c # ratchet:taiki-e/cache-cargo-install-action@v1 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # ratchet:Swatinem/rust-cache@v2 + - uses: taiki-e/cache-cargo-install-action@c1c0be4dfa152beb021a9b8af00d6e4aac4a4e16 # ratchet:taiki-e/cache-cargo-install-action@v1 with: tool: wasm-bindgen-cli - name: Build rust wasm run: make rust_build_wasm - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # ratchet:actions/setup-node@v3 + - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # ratchet:actions/setup-node@v3 with: node-version-file: '.nvmrc' - - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # ratchet:pnpm/action-setup@v2 + - uses: pnpm/action-setup@eae0cfeb286e66ffb5155f1a79b90583a127a68b # ratchet:pnpm/action-setup@v2 with: version: 9 - name: Install dependencies diff --git a/.github/workflows/rust-lint.yml b/.github/workflows/rust-lint.yml index 66ea0a62..1d568a62 100644 --- a/.github/workflows/rust-lint.yml +++ b/.github/workflows/rust-lint.yml @@ -12,7 +12,7 @@ jobs: name: Rust Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 with: submodules: 'true' - name: Install stable toolchain