From c8ae0aadecb13e9b4e3c3d6124138b2a26dd2a2e Mon Sep 17 00:00:00 2001 From: db-ks Date: Sat, 28 Mar 2026 14:34:32 +0100 Subject: [PATCH 1/6] Upgrade and pin GitHub Actions to latest SHA Pin all floating action refs to their latest version SHA for supply-chain security. - actions/checkout: v4 -> v6.0.2 (de0fac2e4500dabe0009e67214ff5f5447ce83dd) - actions/upload-artifact: v4 -> v7.0.0 (bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) - actions/download-artifact: v4 -> v8.0.1 (3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) - opentap/setup-opentap: v1.0 -> v1.0 (d178a37a089bf73bd99da5b68a00b3d96e6d4517) --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/pr-comment.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b5ce74c..40532bb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Fix tags @@ -23,7 +23,7 @@ jobs: - name: Move packages run: mv bin/Release/*.TapPackage . - name: Upload artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: package retention-days: 5 @@ -37,12 +37,12 @@ jobs: - Build steps: - name: Download Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: package path: ./ - name: Setup OpenTAP - uses: opentap/setup-opentap@v1.0 + uses: opentap/setup-opentap@d178a37a089bf73bd99da5b68a00b3d96e6d4517 # v1.0 with: version: 9.18.4 - name: Install PackagePublish diff --git a/.github/workflows/pr-comment.yml b/.github/workflows/pr-comment.yml index 58b8471..d843e2d 100644 --- a/.github/workflows/pr-comment.yml +++ b/.github/workflows/pr-comment.yml @@ -17,7 +17,7 @@ jobs: name: pr-version-comment steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # This action needs the entire history of the repository to calculate the version fetch-depth: 0 From 4f61da95c93d3564f978bc5943e18b1de139d335 Mon Sep 17 00:00:00 2001 From: db-ks Date: Sat, 28 Mar 2026 14:51:51 +0100 Subject: [PATCH 2/6] Revert opentap/* actions to @main (opentap-owned, trusted) --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 40532bb..752d367 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: name: package path: ./ - name: Setup OpenTAP - uses: opentap/setup-opentap@d178a37a089bf73bd99da5b68a00b3d96e6d4517 # v1.0 + uses: opentap/setup-opentap@main with: version: 9.18.4 - name: Install PackagePublish From fb8c9f96eab0181e5b1ee86cd8aa25e6abe0c1e0 Mon Sep 17 00:00:00 2001 From: db-ks Date: Sat, 28 Mar 2026 15:13:13 +0100 Subject: [PATCH 3/6] Pin opentap/* actions to SHA --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 752d367..7824054 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: name: package path: ./ - name: Setup OpenTAP - uses: opentap/setup-opentap@main + uses: opentap/setup-opentap@d178a37a089bf73bd99da5b68a00b3d96e6d4517 #v1.0 with: version: 9.18.4 - name: Install PackagePublish From 46f35055b54b92bae7bac39be3a9cddf653d819d Mon Sep 17 00:00:00 2001 From: db-ks Date: Sat, 28 Mar 2026 16:56:17 +0100 Subject: [PATCH 4/6] Update get-gitversion and setup-opentap to latest fixed SHAs --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7824054..1fe9d0e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: name: package path: ./ - name: Setup OpenTAP - uses: opentap/setup-opentap@d178a37a089bf73bd99da5b68a00b3d96e6d4517 #v1.0 + uses: opentap/setup-opentap@c60c3386267d6c8c39d5ad8bd76a219c20f12f33 #fix/upgrade-node-to-node24 (pending v1.1) with: version: 9.18.4 - name: Install PackagePublish From 69ae99281092543608125e3652c4d5340fadd8be Mon Sep 17 00:00:00 2001 From: db-ks Date: Sun, 29 Mar 2026 13:05:14 +0200 Subject: [PATCH 5/6] Update setup-opentap SHA to latest on fix/upgrade-node-to-node24 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1fe9d0e..0f80947 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: name: package path: ./ - name: Setup OpenTAP - uses: opentap/setup-opentap@c60c3386267d6c8c39d5ad8bd76a219c20f12f33 #fix/upgrade-node-to-node24 (pending v1.1) + uses: opentap/setup-opentap@2e83d3a5e985a85061d009ac858817c422ee014f #fix/upgrade-node-to-node24 (pending v1.1) with: version: 9.18.4 - name: Install PackagePublish From 1e46eba99216224c8fd13cd244a9237a2b5fb90a Mon Sep 17 00:00:00 2001 From: Dragos Brezoi <56963447+db-ks@users.noreply.github.com> Date: Mon, 6 Apr 2026 12:21:12 +0200 Subject: [PATCH 6/6] Update get-gitversion and setup-opentap pins to latest SHAs --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0f80947..b09dc8e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: name: package path: ./ - name: Setup OpenTAP - uses: opentap/setup-opentap@2e83d3a5e985a85061d009ac858817c422ee014f #fix/upgrade-node-to-node24 (pending v1.1) + uses: opentap/setup-opentap@6eee68cf35f2e861f93d21029bbe7af4c427b9bd #main (pending v1.1) with: version: 9.18.4 - name: Install PackagePublish