diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..05d92650 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# Automated dependency updates. +# +# For configuration options see: +# https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c09a2e26..354b1303 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,6 +5,9 @@ on: [push, pull_request] env: CTEST_OUTPUT_ON_FAILURE: 1 +permissions: + contents: read + jobs: ubuntu-ninja-clang: name: Ubuntu (ninja, clang) @@ -14,7 +17,7 @@ jobs: run: | sudo apt update sudo apt install ninja-build - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests env: CC: clang @@ -26,7 +29,7 @@ jobs: name: Ubuntu (make, gcc) runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests env: CC: gcc @@ -42,7 +45,7 @@ jobs: - name: Prepare run: | brew install cmake ninja - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests run: | scripts/test.sh @@ -51,8 +54,8 @@ jobs: name: Windows runs-on: windows-2022 steps: - - uses: microsoft/setup-msbuild@v2 - - uses: actions/checkout@v4 + - uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2.0.0 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests run: | cmake . diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index a9c71cd3..c76e2041 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -8,6 +8,9 @@ on: env: CTEST_OUTPUT_ON_FAILURE: 1 +permissions: + contents: read + jobs: clang: name: Clang ${{ matrix.clang-version }} @@ -18,10 +21,10 @@ jobs: clang-version: [5, 7, 9, 11, 13, 15, 17] steps: - name: Setup Clang - uses: aminya/setup-cpp@v1 + uses: aminya/setup-cpp@290824452986e378826155f3379d31bce8753d76 # v0.37.0 with: llvm: ${{ matrix.clang-version }} - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests run: | scripts/initbuild.sh make-concurrent @@ -35,7 +38,7 @@ jobs: run: | sudo apt update sudo apt install gcc-multilib g++-multilib - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests env: CC: clang @@ -61,7 +64,7 @@ jobs: sudo dpkg -i ./cpp-4.4_4.4.7-8ubuntu1_amd64.deb sudo dpkg -i ./gcc-4.4_4.4.7-8ubuntu1_amd64.deb sudo dpkg -i ./libstdc++6-4.4-dev_4.4.7-8ubuntu1_amd64.deb ./g++-4.4_4.4.7-8ubuntu1_amd64.deb - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests env: CC: gcc-4.4 @@ -79,10 +82,10 @@ jobs: gcc-version: [7, 9, 11, 13] steps: - name: Setup GCC - uses: aminya/setup-cpp@v1 + uses: aminya/setup-cpp@290824452986e378826155f3379d31bce8753d76 # v0.37.0 with: gcc: ${{ matrix.gcc-version }} - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests run: | scripts/initbuild.sh make-concurrent @@ -96,7 +99,7 @@ jobs: run: | sudo apt update sudo apt install gcc-multilib g++-multilib - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests run: | scripts/initbuild.sh make-32bit @@ -122,7 +125,7 @@ jobs: run: | source /opt/intel/oneapi/setvars.sh printenv >> $GITHUB_ENV - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests env: CC: ${{ matrix.compiler }} @@ -135,7 +138,7 @@ jobs: name: macOS Clang runs-on: macos-11 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests run: | scripts/initbuild.sh make-concurrent @@ -149,7 +152,7 @@ jobs: matrix: gcc-version: [9, 12] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Prepare run: | brew install gcc@${{ matrix.gcc-version }} @@ -169,8 +172,8 @@ jobs: matrix: version: [2019, 2022] steps: - - uses: microsoft/setup-msbuild@v2 - - uses: actions/checkout@v4 + - uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2.0.0 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests run: | cmake . @@ -182,10 +185,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Setup cmake - uses: jwlawson/actions-setup-cmake@v2 + uses: jwlawson/actions-setup-cmake@802fa1a2c4e212495c05bf94dba2704a92a472be # v2.0.2 with: cmake-version: 2.8.12 - - uses: actions/checkout@v4 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build and run tests run: | cmake --version