From 16125c27f7130f8c9c98e7dd820fcc1809db9ecf Mon Sep 17 00:00:00 2001 From: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> Date: Thu, 7 May 2026 10:17:36 +0200 Subject: [PATCH 1/2] chore(ci): update actions due to node 20 deprecation Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> --- .github/workflows/linux.yml | 2 +- .github/workflows/zephyr.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 5d9a5c4c..69968c65 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -67,7 +67,7 @@ jobs: run: make coverage report.md - name: Upload coverage report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ocre-coverage include-hidden-files: true diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 84290b43..07c044e1 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -67,7 +67,7 @@ jobs: echo "BOARD_NAME=$(printf "%s\n" "$BOARD" | tr / _)" >> $GITHUB_ENV - name: Upload build artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ocre-zephyr-${{ env.BOARD_NAME }}-${{ matrix.app }} include-hidden-files: true @@ -99,7 +99,7 @@ jobs: echo "BOARD_NAME=$(printf "%s\n" "$BOARD" | tr / _)" >> $GITHUB_ENV - name: Download build artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: ocre-zephyr-${{ env.BOARD_NAME }}-${{ matrix.app }} From d0cfe7b10d90347973fdf820ff3c49aaec8506b6 Mon Sep 17 00:00:00 2001 From: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> Date: Thu, 7 May 2026 11:43:41 +0200 Subject: [PATCH 2/2] chore(ci): pin actions by commit hash Protect the repository from malicious retroactive tag modification. Signed-off-by: Krisztian Szilvasi <34309983+kr-t@users.noreply.github.com> --- .github/workflows/devcontainer-linux.yml | 4 ++-- .github/workflows/devcontainer-zephyr.yml | 4 ++-- .github/workflows/formatting-checks.yml | 2 +- .github/workflows/hardware-bu585.yml | 12 ++++++------ .github/workflows/linux.yml | 4 ++-- .github/workflows/zephyr-systests.yml | 2 +- .github/workflows/zephyr.yml | 6 +++--- 7 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/devcontainer-linux.yml b/.github/workflows/devcontainer-linux.yml index 8931dbb9..98ab74a5 100644 --- a/.github/workflows/devcontainer-linux.yml +++ b/.github/workflows/devcontainer-linux.yml @@ -26,7 +26,7 @@ jobs: - name: Clean workspace run: find . -name . -o -prune -exec rm -rf -- {} + - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -60,7 +60,7 @@ jobs: steps: - name: Checkout the code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 diff --git a/.github/workflows/devcontainer-zephyr.yml b/.github/workflows/devcontainer-zephyr.yml index a95f5cba..0528cdde 100644 --- a/.github/workflows/devcontainer-zephyr.yml +++ b/.github/workflows/devcontainer-zephyr.yml @@ -26,7 +26,7 @@ jobs: - name: Clean workspace run: find . -name . -o -prune -exec rm -rf -- {} + - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -54,7 +54,7 @@ jobs: steps: - name: Checkout the code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 diff --git a/.github/workflows/formatting-checks.yml b/.github/workflows/formatting-checks.yml index 7016323e..d9b9876c 100644 --- a/.github/workflows/formatting-checks.yml +++ b/.github/workflows/formatting-checks.yml @@ -28,7 +28,7 @@ jobs: run: find . -name . -o -prune -exec rm -rf -- {} + - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 diff --git a/.github/workflows/hardware-bu585.yml b/.github/workflows/hardware-bu585.yml index af22051d..4766fad7 100644 --- a/.github/workflows/hardware-bu585.yml +++ b/.github/workflows/hardware-bu585.yml @@ -48,7 +48,7 @@ jobs: find . -name . -o -prune -exec rm -rf -- {} + - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: path: ocre-runtime submodules: recursive @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Run mini sample Test Case run: | @@ -102,7 +102,7 @@ jobs: find . -name . -o -prune -exec rm -rf -- {} + - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: path: ocre-runtime submodules: recursive @@ -126,7 +126,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Run Demo Sample Test Case run: | @@ -156,7 +156,7 @@ jobs: find . -name . -o -prune -exec rm -rf -- {} + - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: path: ocre-runtime submodules: recursive @@ -188,7 +188,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Supervisor ${{ matrix.test.name }} Testcase run: | diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 69968c65..1d28f8d4 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -28,7 +28,7 @@ jobs: run: find . -name . -o -prune -exec rm -rf -- {} + - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: true @@ -67,7 +67,7 @@ jobs: run: make coverage report.md - name: Upload coverage report - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: ocre-coverage include-hidden-files: true diff --git a/.github/workflows/zephyr-systests.yml b/.github/workflows/zephyr-systests.yml index 3405d95d..ffd236c3 100644 --- a/.github/workflows/zephyr-systests.yml +++ b/.github/workflows/zephyr-systests.yml @@ -36,7 +36,7 @@ jobs: run: find . -name . -o -prune -exec rm -rf -- {} + - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: path: ocre-runtime submodules: true diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 07c044e1..8998e0dc 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -38,7 +38,7 @@ jobs: run: find . -name . -o -prune -exec rm -rf -- {} + - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: path: ocre-runtime submodules: true @@ -67,7 +67,7 @@ jobs: echo "BOARD_NAME=$(printf "%s\n" "$BOARD" | tr / _)" >> $GITHUB_ENV - name: Upload build artifacts - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: ocre-zephyr-${{ env.BOARD_NAME }}-${{ matrix.app }} include-hidden-files: true @@ -99,7 +99,7 @@ jobs: echo "BOARD_NAME=$(printf "%s\n" "$BOARD" | tr / _)" >> $GITHUB_ENV - name: Download build artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8 with: name: ocre-zephyr-${{ env.BOARD_NAME }}-${{ matrix.app }}