diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5a6d9a8228..cd021a5180 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -28,7 +28,7 @@ jobs: modules: [ 'with-modules', 'without-modules' ] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: fetch-depth: 2 persist-credentials: false @@ -48,7 +48,7 @@ jobs: echo "" > config.status - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # 4.32.2 with: languages: c-cpp @@ -57,7 +57,7 @@ jobs: make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # 4.32.2 actions: name: CodeQL analysis (GitHub Actions) @@ -68,14 +68,14 @@ jobs: security-events: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # 4.32.2 with: languages: actions - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # 4.32.2 diff --git a/.github/workflows/daily.yml b/.github/workflows/daily.yml index 07a6aeaf3d..b8b8fb5430 100644 --- a/.github/workflows/daily.yml +++ b/.github/workflows/daily.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: fetch-depth: 0 persist-credentials: false @@ -41,7 +41,7 @@ jobs: mv ChangeLog.md artifacts/ChangeLog.md - name: Upload ChangeLog.md - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 with: name: ChangeLog path: artifacts @@ -85,7 +85,7 @@ jobs: apt-get install -y autoconf libfontconfig1-dev libfreetype6-dev libltdl-dev make pkg-config ${{ matrix.packages }} - name: Clone msttcorefonts - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: repository: ImageMagick/msttcorefonts persist-credentials: false @@ -95,7 +95,7 @@ jobs: set -e ./install.sh - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false @@ -147,7 +147,7 @@ jobs: steps: - name: Clone ImageMagick - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: path: ImageMagick persist-credentials: false @@ -163,7 +163,7 @@ jobs: ImageMagick\.github\build\windows\download-dependencies.cmd windows-${{matrix.architecture}}-${{matrix.buildType}}-openMP.zip - name: Download ChangeLog.md - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0 with: name: ChangeLog path: ImageMagick @@ -191,7 +191,7 @@ jobs: steps: - name: Clone ImageMagick - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: path: ImageMagick persist-credentials: false @@ -235,7 +235,7 @@ jobs: - name: Prepare git run: git config --global core.autocrlf false - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/doc-check.yml b/.github/workflows/doc-check.yml index dae0828b75..693f278fd1 100644 --- a/.github/workflows/doc-check.yml +++ b/.github/workflows/doc-check.yml @@ -23,11 +23,11 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: '3.13' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b8329b4e03..d30448ea3e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,7 +34,7 @@ jobs: packages: clang steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false @@ -74,7 +74,7 @@ jobs: runs-on: macos-15-intel steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false @@ -100,7 +100,7 @@ jobs: runs-on: macos-14 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false @@ -142,7 +142,7 @@ jobs: steps: - name: Clone ImageMagick - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: path: ImageMagick persist-credentials: false @@ -177,7 +177,7 @@ jobs: - name: Prepare git run: git config --global core.autocrlf false - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 64c5a3560b..310cb8c3ab 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Clone ImageMagick - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: fetch-depth: 0 persist-credentials: false @@ -60,7 +60,7 @@ jobs: steps: - name: Clone ImageMagick - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: fetch-depth: 0 persist-credentials: false @@ -80,7 +80,7 @@ jobs: mv ChangeLog.md Artifacts/ChangeLog.md - name: Upload ChangeLog.md - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 with: name: ChangeLog path: Artifacts @@ -136,7 +136,7 @@ jobs: innosetup-6.2.0.exe /SILENT /SUPPRESSMSGBOXES /NORESTART /SP- - name: Clone ImageMagick - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: path: ImageMagick persist-credentials: false @@ -152,7 +152,7 @@ jobs: ImageMagick\.github\build\windows\download-dependencies.cmd windows-${{matrix.architecture}}-${{matrix.buildType}}-openMP.zip - name: Download ChangeLog.md - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0 with: name: ChangeLog path: ImageMagick @@ -203,7 +203,7 @@ jobs: subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}} directory: Configure\Installer\Inno\Artifacts - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 with: name: ImageMagick-${{needs.version.outputs.version}}-${{matrix.quantum}}${{matrix.hdri_flag}}-${{matrix.typeName}}-${{matrix.architecture}}.exe path: Configure\Installer\Inno\Artifacts @@ -217,7 +217,7 @@ jobs: steps: - name: Clone ImageMagick/Windows - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: repository: ImageMagick/Windows ref: refs/heads/main @@ -229,7 +229,7 @@ jobs: clone-repositories-im7.cmd - name: Download ChangeLog.md - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0 with: name: ChangeLog path: ImageMagick @@ -245,7 +245,7 @@ jobs: move ImageMagick source 7z a ImageMagick-%VERSION%-Windows.7z .\source\* - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 with: name: ImageMagick-${{needs.version.outputs.version}}-Windows.7z path: ImageMagick-${{needs.version.outputs.version}}-Windows.7z @@ -276,7 +276,7 @@ jobs: steps: - name: Clone ImageMagick - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: path: ImageMagick persist-credentials: false @@ -292,7 +292,7 @@ jobs: ImageMagick\.github\build\windows\download-dependencies.cmd windows-${{matrix.architecture}}-static-openMP-linked-runtime.zip - name: Download ChangeLog.md - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0 with: name: ChangeLog path: ImageMagick @@ -332,7 +332,7 @@ jobs: Copy-Item "ImageMagick\LICENSE" "portable\LICENSE.txt" 7z a "ImageMagick-$env:VERSION-portable-${{matrix.quantum}}${{matrix.hdri_flag}}-${{matrix.architecture}}.7z" .\portable\* - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 with: name: ImageMagick-${{needs.version.outputs.version}}-portable-${{matrix.quantum}}${{matrix.hdri_flag}}-${{matrix.architecture}}.7z path: ImageMagick-${{needs.version.outputs.version}}-portable-${{matrix.quantum}}${{matrix.hdri_flag}}-${{matrix.architecture}}.7z @@ -364,20 +364,20 @@ jobs: steps: - name: Clone ImageMagick-Windows - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: repository: ImageMagick/ImageMagick-Windows path: ImageMagick-Windows persist-credentials: false - name: Download x64 artifacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0 with: name: ImageMagick-${{needs.version.outputs.version}}-portable-${{matrix.quantum}}${{matrix.hdri_flag}}-x64.7z path: ImageMagick-Windows\Installer\Msix\x64 - name: Download arm64 artifacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0 with: name: ImageMagick-${{needs.version.outputs.version}}-portable-${{matrix.quantum}}${{matrix.hdri_flag}}-arm64.7z path: ImageMagick-Windows\Installer\Msix\arm64 @@ -408,7 +408,7 @@ jobs: aip-commands: | SetVersion ${{needs.version.outputs.semantic_version}} - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 with: name: ImageMagick.${{matrix.quantum}}${{matrix.hdri_flag}}.msixbundle path: ImageMagick-Windows\Installer\Msix\Artifacts\ImageMagick.${{matrix.quantum}}${{matrix.hdri_flag}}.msixbundle @@ -439,7 +439,7 @@ jobs: apt-get install -y autoconf curl file fuse git kmod squashfs-tools libbz2-dev libdjvulibre-dev libfontconfig-dev libfreetype6-dev libfribidi-dev libharfbuzz-dev libheif-dev liblcms-dev libopenexr-dev libopenjp2-7-dev libturbojpeg0-dev liblqr-dev libraqm-dev libtiff-dev libwebp-dev libx11-dev libxml2-dev liblzma-dev make software-properties-common wget ${{matrix.packages}} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false @@ -489,7 +489,7 @@ jobs: find /appdir -executable -type f -exec ldd {} \; | grep " => /usr" | cut -d " " -f 2-3 | sort | uniq - name: Upload ImageMagick AppImage - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 with: name: AppImage-${{matrix.compiler}} path: artifacts @@ -512,12 +512,12 @@ jobs: steps: - name: Clone ImageMagick - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - name: Download artifacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0 with: path: artifacts merge-multiple: true diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 8998183692..d9267fdf77 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -19,7 +19,7 @@ jobs: id-token: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false @@ -31,6 +31,6 @@ jobs: publish_results: true - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 + uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # 4.32.2 with: sarif_file: results.sarif