diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..253bcb7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6bed550..9c50ae1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,15 +33,15 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: 'Install Ninja' run: choco install ninja - - uses: ilammy/msvc-dev-cmd@v1 + - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: languages: c-cpp build-mode: manual @@ -55,6 +55,6 @@ jobs: run: cmake --build out\build\x64-Debug - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: category: "/language:c-cpp" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9999ed6..07a92c4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -68,12 +68,12 @@ jobs: arch: amd64_arm64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: 'Install Ninja' run: choco install ninja - - uses: ilammy/msvc-dev-cmd@v1 + - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 with: arch: ${{ matrix.arch }} diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index a108455..d6db6d9 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -31,14 +31,14 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Configure CMake working-directory: ${{ github.workspace }} run: cmake -B out - name: Initialize MSVC Code Analysis - uses: microsoft/msvc-code-analysis-action@v0.1.1 + uses: microsoft/msvc-code-analysis-action@24c285ab36952c9e9182f4b78dfafbac38a7e5ee # v0.1.1 id: run-analysis with: cmakeBuildDirectory: ./out @@ -47,6 +47,6 @@ jobs: # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} diff --git a/.github/workflows/vcpkg.yml b/.github/workflows/vcpkg.yml index bc02e3e..e12efa8 100644 --- a/.github/workflows/vcpkg.yml +++ b/.github/workflows/vcpkg.yml @@ -41,12 +41,12 @@ jobs: arch: amd64_arm64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: 'Install Ninja' run: choco install ninja - - uses: ilammy/msvc-dev-cmd@v1 + - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 with: arch: ${{ matrix.arch }} @@ -77,7 +77,7 @@ jobs: echo "::error Unknown architecture/build-type triplet mapping" } - - uses: lukka/run-vcpkg@v11 + - uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: runVcpkgInstall: true vcpkgJsonGlob: '**/build/vcpkg.json'