diff --git a/.github/workflows/build-base.yml b/.github/workflows/build-base.yml index 83be44c126f9..95597d59b46d 100644 --- a/.github/workflows/build-base.yml +++ b/.github/workflows/build-base.yml @@ -27,7 +27,7 @@ jobs: arch: [ amd64, arm64 ] steps: - - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -55,10 +55,10 @@ jobs: echo image_tag_sha=$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Build and push - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: true context: . @@ -82,7 +82,7 @@ jobs: runs-on: [ matterlabs-ci-runner-high-performance ] steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to google container registry run: | diff --git a/.github/workflows/build-circuit-prover-gpu-gar.yml b/.github/workflows/build-circuit-prover-gpu-gar.yml index a8e86d545c9f..d406b6064ab6 100644 --- a/.github/workflows/build-circuit-prover-gpu-gar.yml +++ b/.github/workflows/build-circuit-prover-gpu-gar.yml @@ -21,7 +21,7 @@ jobs: name: Build prover FRI GPU GAR runs-on: [matterlabs-ci-runner-high-performance] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" @@ -34,10 +34,10 @@ jobs: gcloud auth print-access-token --lifetime=7200 --impersonate-service-account=gha-ci-runners@matterlabs-infra.iam.gserviceaccount.com | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to Asia GAR run: | @@ -48,7 +48,7 @@ jobs: gcloud auth print-access-token --lifetime=7200 --impersonate-service-account=gha-ci-runners@matterlabs-infra.iam.gserviceaccount.com | docker login -u oauth2accesstoken --password-stdin https://europe-docker.pkg.dev - name: Build and push circuit-prover-gpu-gar - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: docker/circuit-prover-gpu-gar build-args: | diff --git a/.github/workflows/build-contract-verifier-template.yml b/.github/workflows/build-contract-verifier-template.yml index 973ed9edcb4d..d82c8dd800f7 100644 --- a/.github/workflows/build-contract-verifier-template.yml +++ b/.github/workflows/build-contract-verifier-template.yml @@ -28,7 +28,7 @@ jobs: name: Prepare contracts runs-on: matterlabs-ci-runner-high-performance steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -81,7 +81,7 @@ jobs: - name: Install Node if: env.BUILD_CONTRACTS == 'true' - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20 cache: 'npm' @@ -92,7 +92,7 @@ jobs: - name: Setup rust if: env.BUILD_CONTRACTS == 'true' - uses: actions-rust-lang/setup-rust-toolchain@1fbea72663f6d4c03efaab13560c8a24cfd2a7cc # v1.9.0 + uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 with: toolchain: nightly-2024-08-01 @@ -138,7 +138,7 @@ jobs: zkstack dev contracts - name: Upload contracts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: contacts-verifier path: | @@ -160,12 +160,12 @@ jobs: - linux/amd64 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Setup env shell: bash @@ -198,7 +198,7 @@ jobs: fi - name: Download contracts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 with: name: contacts-verifier path: | @@ -220,7 +220,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . load: true @@ -258,7 +258,7 @@ jobs: env: IMAGE_TAG_SUFFIX: ${{ inputs.image_tag_suffix }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: login to Docker registries run: | diff --git a/.github/workflows/build-core-template.yml b/.github/workflows/build-core-template.yml index 122bbd747147..bce1b1429f81 100644 --- a/.github/workflows/build-core-template.yml +++ b/.github/workflows/build-core-template.yml @@ -33,7 +33,7 @@ jobs: name: Prepare contracts runs-on: matterlabs-ci-runner-high-performance steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -86,7 +86,7 @@ jobs: - name: Install Node if: env.BUILD_CONTRACTS == 'true' - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20 cache: 'npm' @@ -97,7 +97,7 @@ jobs: - name: Setup rust if: env.BUILD_CONTRACTS == 'true' - uses: actions-rust-lang/setup-rust-toolchain@1fbea72663f6d4c03efaab13560c8a24cfd2a7cc # v1.9.0 + uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 with: toolchain: nightly-2024-08-01 @@ -143,7 +143,7 @@ jobs: zkstack dev contracts - name: Upload contracts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: contacts path: | @@ -171,12 +171,12 @@ jobs: platforms: linux/arm64 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Setup env shell: bash @@ -207,7 +207,7 @@ jobs: fi - name: Download contracts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 with: name: contacts path: | @@ -229,7 +229,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build docker image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . load: true @@ -270,7 +270,7 @@ jobs: env: IMAGE_TAG_SUFFIX: ${{ inputs.image_tag_suffix }}${{ (inputs.en_alpha_release && matrix.component.name == 'external-node') && '-alpha' || '' }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: login to Docker registries run: | diff --git a/.github/workflows/build-docker-from-tag.yml b/.github/workflows/build-docker-from-tag.yml index 3d637a224a99..0dab23370baa 100644 --- a/.github/workflows/build-docker-from-tag.yml +++ b/.github/workflows/build-docker-from-tag.yml @@ -28,7 +28,7 @@ jobs: image_tag_suffix: ${{ steps.set.outputs.image_tag_suffix }} prover_fri_gpu_key_id: ${{ steps.extract-prover-fri-setup-key-ids.outputs.gpu_short_commit_sha }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Generate output with git tag id: set run: | diff --git a/.github/workflows/build-local-node-docker.yml b/.github/workflows/build-local-node-docker.yml index cbb4239b5725..6097768d3ea1 100644 --- a/.github/workflows/build-local-node-docker.yml +++ b/.github/workflows/build-local-node-docker.yml @@ -18,7 +18,7 @@ jobs: name: Local Node - Build and Push Docker Image runs-on: [ matterlabs-ci-runner-high-performance ] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" diff --git a/.github/workflows/build-proof-fri-gpu-compressor-gar.yml b/.github/workflows/build-proof-fri-gpu-compressor-gar.yml index aeaaf5ff190d..cf9671fc8180 100644 --- a/.github/workflows/build-proof-fri-gpu-compressor-gar.yml +++ b/.github/workflows/build-proof-fri-gpu-compressor-gar.yml @@ -21,7 +21,7 @@ jobs: name: Build proof FRI GPU Compressor gar runs-on: [matterlabs-ci-runner-high-performance] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" @@ -35,10 +35,10 @@ jobs: gcloud auth print-access-token --lifetime=7200 --impersonate-service-account=gha-ci-runners@matterlabs-infra.iam.gserviceaccount.com | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to Asia GAR run: | @@ -49,7 +49,7 @@ jobs: gcloud auth print-access-token --lifetime=7200 --impersonate-service-account=gha-ci-runners@matterlabs-infra.iam.gserviceaccount.com | docker login -u oauth2accesstoken --password-stdin https://europe-docker.pkg.dev - name: Build and push proof-fri-gpu-compressor-gar - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: docker/proof-fri-gpu-compressor-gar build-args: | diff --git a/.github/workflows/build-prover-template.yml b/.github/workflows/build-prover-template.yml index dc097b240b70..e684b49f1ce2 100644 --- a/.github/workflows/build-prover-template.yml +++ b/.github/workflows/build-prover-template.yml @@ -48,7 +48,7 @@ jobs: outputs: protocol_version: ${{ steps.protocolversion.outputs.protocol_version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -61,7 +61,7 @@ jobs: echo IN_DOCKER=1 >> .env - name: setup rust - uses: actions-rust-lang/setup-rust-toolchain@1fbea72663f6d4c03efaab13560c8a24cfd2a7cc # v1.9.0 + uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 with: toolchain: nightly-2024-08-01 @@ -104,12 +104,12 @@ jobs: - prover-autoscaler - circuit-prover-gpu steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: setup-env run: | @@ -163,7 +163,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . load: true diff --git a/.github/workflows/build-runtime-base.yml b/.github/workflows/build-runtime-base.yml index eaec05bc6bcf..2b12be40f4a9 100644 --- a/.github/workflows/build-runtime-base.yml +++ b/.github/workflows/build-runtime-base.yml @@ -24,7 +24,7 @@ jobs: image_name: [ zksync-runtime-base ] steps: - - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -46,13 +46,13 @@ jobs: echo image_tag_sha=$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Build and push - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: true context: . diff --git a/.github/workflows/build-tee-prover-template.yml b/.github/workflows/build-tee-prover-template.yml index c55e06931247..210d548d8ae2 100644 --- a/.github/workflows/build-tee-prover-template.yml +++ b/.github/workflows/build-tee-prover-template.yml @@ -28,12 +28,12 @@ jobs: IMAGE_TAG_SUFFIX: ${{ inputs.image_tag_suffix }} runs-on: [matterlabs-ci-runner-high-performance] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 if: ${{ github.event_name == 'workflow_dispatch' }} with: ref: ${{ github.event.inputs.target_branch }} - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 if: ${{ github.event_name != 'workflow_dispatch' }} - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 @@ -45,7 +45,7 @@ jobs: sandbox = true - name: Setup Attic cache - uses: ryanccn/attic-action@618a980988d704a7709daeea88526146acd1d45f # v0.2.1 + uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866 # v0.3.1 with: endpoint: https://attic.teepot.org/ cache: tee-pot diff --git a/.github/workflows/build-witness-generator-template.yml b/.github/workflows/build-witness-generator-template.yml index 7b25510ade12..5a3f339ac89c 100644 --- a/.github/workflows/build-witness-generator-template.yml +++ b/.github/workflows/build-witness-generator-template.yml @@ -38,7 +38,7 @@ jobs: outputs: protocol_version: ${{ steps.protocolversion.outputs.protocol_version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -51,7 +51,7 @@ jobs: echo IN_DOCKER=1 >> .env - name: setup rust - uses: actions-rust-lang/setup-rust-toolchain@1fbea72663f6d4c03efaab13560c8a24cfd2a7cc # v1.9.0 + uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 with: toolchain: nightly-2024-08-01 @@ -89,7 +89,7 @@ jobs: components: - witness-generator steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -127,7 +127,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . push: ${{ inputs.action == 'push' }} diff --git a/.github/workflows/cargo-license.yaml b/.github/workflows/cargo-license.yaml index 8b0c095c628c..2b7652bd2e20 100644 --- a/.github/workflows/cargo-license.yaml +++ b/.github/workflows/cargo-license.yaml @@ -4,8 +4,8 @@ jobs: cargo-deny: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # v2.0.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: EmbarkStudios/cargo-deny-action@0484eedcba649433ebd03d9b7c9c002746bbc4b9 # v2.0.6 with: manifest-path: "./core/Cargo.toml" command: check diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml index bcac8df791fe..91610af11681 100644 --- a/.github/workflows/check-pr-title.yml +++ b/.github/workflows/check-pr-title.yml @@ -19,7 +19,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2 + - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2 # When the previous steps fails, the workflow would stop. By adding this # condition you can continue the execution with the populated error message. if: always() && (steps.lint_pr_title.outputs.error_message != null) @@ -43,7 +43,7 @@ jobs: # Delete a previous comment when the issue has been resolved - if: ${{ steps.lint_pr_title.outputs.error_message == null }} - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2 + uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2 with: header: pr-title-lint-error delete: true diff --git a/.github/workflows/ci-common-reusable.yml b/.github/workflows/ci-common-reusable.yml index d57630d3029a..863a8fdad102 100644 --- a/.github/workflows/ci-common-reusable.yml +++ b/.github/workflows/ci-common-reusable.yml @@ -9,7 +9,7 @@ jobs: RUNNER_COMPOSE_FILE: "docker-compose-runner-nightly.yml" steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" diff --git a/.github/workflows/ci-core-lint-reusable.yml b/.github/workflows/ci-core-lint-reusable.yml index 0d4db601c467..859646c812ac 100644 --- a/.github/workflows/ci-core-lint-reusable.yml +++ b/.github/workflows/ci-core-lint-reusable.yml @@ -6,7 +6,7 @@ jobs: code_lint: runs-on: matterlabs-ci-runner-highmem-long steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" diff --git a/.github/workflows/ci-core-reusable.yml b/.github/workflows/ci-core-reusable.yml index 0567b8c36355..b8498067e2fb 100644 --- a/.github/workflows/ci-core-reusable.yml +++ b/.github/workflows/ci-core-reusable.yml @@ -20,7 +20,7 @@ jobs: runs-on: [ matterlabs-ci-runner-highmem-long ] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" fetch-depth: 0 @@ -89,7 +89,7 @@ jobs: vm_mode: [ "OLD", "NEW" ] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" fetch-depth: 0 @@ -182,7 +182,7 @@ jobs: # In some cases it's useful to continue one job even if another fails. fail-fast: false steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" fetch-depth: 0 @@ -577,7 +577,7 @@ jobs: ci_run zkstack dev test upgrade --no-deps --chain era - name: Upload logs - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 if: always() with: name: logs_${{matrix.use_gateway_chain}} diff --git a/.github/workflows/ci-docs-reusable.yml b/.github/workflows/ci-docs-reusable.yml index e1a9cf78df7d..f70e291206d9 100644 --- a/.github/workflows/ci-docs-reusable.yml +++ b/.github/workflows/ci-docs-reusable.yml @@ -8,7 +8,7 @@ jobs: runs-on: matterlabs-default-infra-runners steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" diff --git a/.github/workflows/ci-prover-e2e.yml b/.github/workflows/ci-prover-e2e.yml index 73701eb7fb9d..458e10d0f6b7 100644 --- a/.github/workflows/ci-prover-e2e.yml +++ b/.github/workflows/ci-prover-e2e.yml @@ -13,7 +13,7 @@ jobs: RUNNER_COMPOSE_FILE: "docker-compose-gpu-runner-cuda-12-0.yml" steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" fetch-depth: 0 @@ -144,7 +144,7 @@ jobs: ci_run ./bin/prover_checkers/batch_l1_status_checker - name: Upload logs - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 if: always() with: name: prover_logs_${{matrix.compressor-mode}} diff --git a/.github/workflows/ci-prover-reusable.yml b/.github/workflows/ci-prover-reusable.yml index 26679cb2232f..f470e15236e7 100644 --- a/.github/workflows/ci-prover-reusable.yml +++ b/.github/workflows/ci-prover-reusable.yml @@ -9,7 +9,7 @@ jobs: RUNNER_COMPOSE_FILE: "docker-compose-runner-nightly.yml" steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" @@ -50,7 +50,7 @@ jobs: RUNNER_COMPOSE_FILE: "docker-compose-runner-nightly.yml" steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87d6d3872800..522e95620ea9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: all: ${{ steps.changed-files.outputs.all_any_changed }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 2 submodules: "recursive" diff --git a/.github/workflows/nodejs-license.yaml b/.github/workflows/nodejs-license.yaml index 642ded744021..30b26f2c3b95 100644 --- a/.github/workflows/nodejs-license.yaml +++ b/.github/workflows/nodejs-license.yaml @@ -30,7 +30,7 @@ jobs: outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: | DIRS=$(find -not \( -path \*node_modules -prune \) -type f -name yarn.lock | xargs dirname | awk -v RS='' -v OFS='","' 'NF { $1 = $1; print "\"" $0 "\"" }') echo "matrix=[${DIRS}]" >> $GITHUB_OUTPUT @@ -44,10 +44,10 @@ jobs: dir: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} steps: - name: Checkout latest code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Use Node.js - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 18 diff --git a/.github/workflows/protobuf.yaml b/.github/workflows/protobuf.yaml index 62748c79251a..947ba590ab64 100644 --- a/.github/workflows/protobuf.yaml +++ b/.github/workflows/protobuf.yaml @@ -33,10 +33,10 @@ jobs: compatibility: runs-on: [ubuntu-24.04-github-hosted-16core] steps: - - uses: mozilla-actions/sccache-action@89e9040de88b577a072e3760aaf59f585da083af # v0.0.5 + - uses: mozilla-actions/sccache-action@054db53350805f83040bf3e6e9b8cf5a139aa7c9 # v0.0.7 # before - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ env.BASE }} path: before @@ -58,7 +58,7 @@ jobs: | xargs cat > ./before.binpb # after - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ env.HEAD }} path: after @@ -75,7 +75,7 @@ jobs: | xargs cat > ./after.binpb # compare - - uses: bufbuild/buf-setup-action@54abbed4fe8d8d45173eca4798b0c39a53a7b658 # v1.39.0 + - uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 with: github_token: ${{ github.token }} - name: buf breaking diff --git a/.github/workflows/publish-crates.yml b/.github/workflows/publish-crates.yml index ebfb96a544c8..f8f4f6747daf 100644 --- a/.github/workflows/publish-crates.yml +++ b/.github/workflows/publish-crates.yml @@ -31,7 +31,7 @@ jobs: runs-on: matterlabs-ci-runner-high-performance steps: - name: Publish crates - uses: matter-labs/zksync-ci-common/.github/actions/publish-crates@v1 + uses: matter-labs/zksync-ci-common/.github/actions/publish-crates@2a691df036aba10840d4a8ceef343208ddd8fa83 # v1 with: slack_webhook: ${{ secrets.SLACK_WEBHOOK_RELEASES }} # Slack webhook for notifications cargo_registry_token: ${{ secrets.CRATES_IO_TOKEN }} # Crates.io token for publishing diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index af6c97f1d700..1eb18af7eb49 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -19,7 +19,7 @@ jobs: # Prepare the release PR with changelog updates and create github releases release-please: - uses: matter-labs/zksync-ci-common/.github/workflows/release-please.yaml@v1 + uses: matter-labs/zksync-ci-common/.github/workflows/release-please.yaml@2a691df036aba10840d4a8ceef343208ddd8fa83 # v1 secrets: slack_webhook: ${{ secrets.SLACK_WEBHOOK_RELEASES }} # Slack webhook for notifications gh_token: ${{ secrets.RELEASE_TOKEN }} # GitHub token for release-please diff --git a/.github/workflows/release-test-stage.yml b/.github/workflows/release-test-stage.yml index cff6c5ee0b3f..fa9a96ab045b 100644 --- a/.github/workflows/release-test-stage.yml +++ b/.github/workflows/release-test-stage.yml @@ -17,7 +17,7 @@ jobs: prover: ${{ steps.changed-files-yaml.outputs.prover_any_changed }} all: ${{ steps.changed-files-yaml.outputs.all_any_changed }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 2 @@ -44,7 +44,7 @@ jobs: image_tag_suffix: ${{ steps.generate-tag-suffix.outputs.image_tag_suffix }} prover_fri_gpu_key_id: ${{ steps.extract-prover-fri-setup-key-ids.outputs.gpu_short_commit_sha }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Generate image tag suffix id: generate-tag-suffix diff --git a/.github/workflows/release-zkstack-bins.yml b/.github/workflows/release-zkstack-bins.yml index 2ffe7410bb91..32838fc42cc8 100644 --- a/.github/workflows/release-zkstack-bins.yml +++ b/.github/workflows/release-zkstack-bins.yml @@ -39,12 +39,12 @@ jobs: runs-on: ${{ matrix.platform }} steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ inputs.tag || '' }} - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@v1 + uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1 with: toolchain: nightly-2024-08-01 rustflags: "" @@ -67,7 +67,7 @@ jobs: zkstack - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 with: name: zkstack-${{ matrix.arch }} path: | @@ -85,7 +85,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ inputs.tag || '' }} @@ -98,26 +98,26 @@ jobs: echo "tag=${TAG}" >> "${GITHUB_OUTPUT}" - name: Download artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 with: pattern: "zkstack-*" path: artifacts - name: Binaries attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2 with: subject-path: 'artifacts/**/zkstack' - name: Update release artifacts if: ${{ inputs.tag != '' }} - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 with: tag_name: ${{ inputs.tag }} files: 'artifacts/**/zkstack*.tar.gz' - name: Create release if: ${{ inputs.prerelease_name != '' }} - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 with: name: 'zkstack ${{ inputs.prerelease_name }} ${{ steps.release_tag.outputs.tag }}' tag_name: ${{ steps.release_tag.outputs.tag }} diff --git a/.github/workflows/secrets_scanner.yaml b/.github/workflows/secrets_scanner.yaml index 9bb1ad0a2722..270757991095 100644 --- a/.github/workflows/secrets_scanner.yaml +++ b/.github/workflows/secrets_scanner.yaml @@ -7,11 +7,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - name: TruffleHog OSS - uses: trufflesecurity/trufflehog@781157ae368b2218a0a56b889387dd26faa20f97 + uses: trufflesecurity/trufflehog@8765cc6bcb9e5a81105b3d5a131b8e6fbd6fd34b with: path: ./ base: ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/vm-perf-comparison.yml b/.github/workflows/vm-perf-comparison.yml index 1655bc6e4352..baaeb5a4b481 100644 --- a/.github/workflows/vm-perf-comparison.yml +++ b/.github/workflows/vm-perf-comparison.yml @@ -14,7 +14,7 @@ jobs: steps: - name: checkout base branch - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" fetch-depth: 0 diff --git a/.github/workflows/vm-perf-to-prometheus.yml b/.github/workflows/vm-perf-to-prometheus.yml index 0868e0902342..e0babf227d9c 100644 --- a/.github/workflows/vm-perf-to-prometheus.yml +++ b/.github/workflows/vm-perf-to-prometheus.yml @@ -15,7 +15,7 @@ jobs: runs-on: [ matterlabs-ci-runner-highmem-long ] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: "recursive" diff --git a/.github/workflows/zk-environment-publish.yml b/.github/workflows/zk-environment-publish.yml index 569fa66ebeb4..58faef74b4f5 100644 --- a/.github/workflows/zk-environment-publish.yml +++ b/.github/workflows/zk-environment-publish.yml @@ -36,7 +36,7 @@ jobs: zk_environment_cuda_12: ${{ steps.changed-files-yaml.outputs.zk_env_cuda_12_any_changed }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -62,7 +62,7 @@ jobs: outputs: short_sha: ${{ steps.set_short_sha.outputs.short_sha }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" - name: Set short SHA @@ -88,11 +88,11 @@ jobs: arch: arm64 runs-on: ${{ matrix.runner }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Log in to Docker Hub if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch') }} uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -107,7 +107,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and optionally push zk-environment lightweight - uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: file: docker/zk-environment/Dockerfile target: rust-lightweight @@ -117,7 +117,7 @@ jobs: build-args: ARCH=${{ matrix.arch }} push: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch') }} - name: Build and optionally push zk-environment lightweight Rust nightly - uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: file: docker/zk-environment/Dockerfile target: rust-lightweight-nightly @@ -208,7 +208,7 @@ jobs: - name: Checkout code if: ${{ (steps.condition.outputs.should_run == 'true') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }} - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: "recursive" @@ -234,15 +234,15 @@ jobs: - name: Set up QEMU if: ${{ (steps.condition.outputs.should_run == 'true') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }} - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx if: ${{ (steps.condition.outputs.should_run == 'true') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }} - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Build and optionally push if: ${{ (steps.condition.outputs.should_run == 'true') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }} - uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: file: docker/zk-environment/22.04_amd64_cuda_${{ matrix.cuda_version }}.Dockerfile push: ${{ ( github.event_name == 'push' && github.ref == 'refs/heads/main' ) || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}