diff --git a/.github/actions/setup-weaver/action.yml b/.github/actions/setup-weaver/action.yml index fe388ecd..19ae8faf 100644 --- a/.github/actions/setup-weaver/action.yml +++ b/.github/actions/setup-weaver/action.yml @@ -53,7 +53,7 @@ runs: - name: Restore Weaver from cache if: inputs.cache == 'true' id: cache-weaver - uses: actions/cache/restore@v4 + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: | ~/.cargo/bin/weaver @@ -96,7 +96,7 @@ runs: - name: Save Weaver to cache if: inputs.cache == 'true' && steps.cache-weaver.outputs.cache-hit != 'true' - uses: actions/cache/save@v4 + uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: | ~/.cargo/bin/weaver diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 36820e9b..3e19eed4 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -42,7 +42,7 @@ jobs: checks: - bans licenses sources steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: token: ${{ secrets.GITHUB_TOKEN }} - uses: EmbarkStudios/cargo-deny-action@76cd80eb775d7bbbd2d80292136d74d39e1b4918 # v2.0.14 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c8c6fec8..78183404 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,7 +30,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: @@ -55,7 +55,7 @@ jobs: MSRV: "1.88.0" # MSRV steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: @@ -84,7 +84,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: @@ -97,7 +97,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: @@ -114,7 +114,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: @@ -160,7 +160,7 @@ jobs: security-events: write # to upload sarif results steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: @@ -194,7 +194,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 1f10790c..08d429cd 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -16,18 +16,18 @@ jobs: name: Docker Image runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5.5.1 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: otel/weaver - name: Build test image - uses: docker/build-push-action@v6.6.1 + uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 # v6.6.1 with: push: false load: true @@ -37,13 +37,13 @@ jobs: run: | docker run --rm ${{ env.TEST_WEAVER_TAG }} --help - name: Log in to Docker Hub - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push - uses: docker/build-push-action@v6.6.1 + uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 # v6.6.1 if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') with: push: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ec0ce4be..773c6593 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -56,7 +56,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: persist-credentials: false submodules: recursive @@ -66,7 +66,7 @@ jobs: shell: bash run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.2/cargo-dist-installer.sh | sh" - name: Cache dist - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: cargo-dist-cache path: ~/.cargo/bin/dist @@ -82,7 +82,7 @@ jobs: cat plan-dist-manifest.json echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" - name: "Upload dist-manifest.json" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: artifacts-plan-dist-manifest path: plan-dist-manifest.json @@ -120,7 +120,7 @@ jobs: - name: enable windows longpaths run: | git config --global core.longpaths true - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: persist-credentials: false submodules: recursive @@ -135,7 +135,7 @@ jobs: run: ${{ matrix.install_dist.run }} # Get the dist-manifest - name: Fetch local artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: pattern: artifacts-* path: target/distrib/ @@ -149,7 +149,7 @@ jobs: dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json echo "dist ran successfully" - name: Attest - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2 with: subject-path: "target/distrib/*${{ join(matrix.targets, ', ') }}*" - id: cargo-dist @@ -166,7 +166,7 @@ jobs: cp dist-manifest.json "$BUILD_MANIFEST_NAME" - name: "Upload artifacts" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: artifacts-build-local-${{ join(matrix.targets, '_') }} path: | @@ -183,19 +183,19 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: persist-credentials: false submodules: recursive - name: Install cached dist - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: cargo-dist-cache path: ~/.cargo/bin/ - run: chmod +x ~/.cargo/bin/dist # Get all the local artifacts for the global tasks to use (for e.g. checksums) - name: Fetch local artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: pattern: artifacts-* path: target/distrib/ @@ -213,7 +213,7 @@ jobs: cp dist-manifest.json "$BUILD_MANIFEST_NAME" - name: "Upload artifacts" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: artifacts-build-global path: | @@ -233,19 +233,19 @@ jobs: outputs: val: ${{ steps.host.outputs.manifest }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: persist-credentials: false submodules: recursive - name: Install cached dist - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: cargo-dist-cache path: ~/.cargo/bin/ - run: chmod +x ~/.cargo/bin/dist # Fetch artifacts from scratch-storage - name: Fetch artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: pattern: artifacts-* path: target/distrib/ @@ -258,14 +258,14 @@ jobs: cat dist-manifest.json echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT" - name: "Upload dist-manifest.json" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: # Overwrite the previous copy name: artifacts-dist-manifest path: dist-manifest.json # Create a GitHub Release while uploading all files to it - name: "Download GitHub Artifacts" - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: pattern: artifacts-* path: artifacts @@ -298,7 +298,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/rust-next.yml b/.github/workflows/rust-next.yml index c487e33d..3f58a88d 100644 --- a/.github/workflows/rust-next.yml +++ b/.github/workflows/rust-next.yml @@ -27,7 +27,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 6de947bb..cd630fb9 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -16,6 +16,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Actions Repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Spell Check Repo - uses: crate-ci/typos@v1.16.21 + uses: crate-ci/typos@47dd2976043bd5c76a33aa9300b328a176a1d6f7 # v1.16.21 diff --git a/.github/workflows/test-setup-weaver-action.yml b/.github/workflows/test-setup-weaver-action.yml index 4f22bc36..79e3050f 100644 --- a/.github/workflows/test-setup-weaver-action.yml +++ b/.github/workflows/test-setup-weaver-action.yml @@ -15,7 +15,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Test setup-weaver action uses: ./.github/actions/setup-weaver diff --git a/.github/workflows/validate-workspace.yml b/.github/workflows/validate-workspace.yml index 2554b05e..60251ae4 100644 --- a/.github/workflows/validate-workspace.yml +++ b/.github/workflows/validate-workspace.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: diff --git a/Cargo.lock b/Cargo.lock index 83e4bfc1..d540cd86 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -178,12 +178,13 @@ checksum = "d92bec98840b8f03a5ff5413de5293bfcd8bf96467cf5452609f939ec6f5de16" [[package]] name = "assert_cmd" -version = "2.1.1" +version = "2.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcbb6924530aa9e0432442af08bbcafdad182db80d2e560da42a6d442535bf85" +checksum = "2bd389a4b2970a01282ee455294913c0a43724daedcd1a24c3eb0ec1c1320b66" dependencies = [ "anstyle", "bstr", + "doc-comment", "libc", "predicates", "predicates-core", @@ -838,7 +839,7 @@ dependencies = [ "libc", "option-ext", "redox_users", - "windows-sys 0.61.2", + "windows-sys 0.59.0", ] [[package]] @@ -852,6 +853,12 @@ dependencies = [ "syn", ] +[[package]] +name = "doc-comment" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "780955b8b195a21ab8e4ac6b60dd1dbdcec1dc6c51c0617964b08c81785e12c9" + [[package]] name = "dunce" version = "1.0.5" @@ -924,7 +931,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.2", + "windows-sys 0.59.0", ] [[package]] @@ -3539,7 +3546,7 @@ dependencies = [ "once_cell", "socket2", "tracing", - "windows-sys 0.60.2", + "windows-sys 0.59.0", ] [[package]] @@ -3908,7 +3915,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys 0.11.0", - "windows-sys 0.61.2", + "windows-sys 0.59.0", ] [[package]] @@ -4417,7 +4424,7 @@ dependencies = [ "getrandom 0.3.4", "once_cell", "rustix 1.1.2", - "windows-sys 0.61.2", + "windows-sys 0.59.0", ] [[package]] @@ -5480,7 +5487,7 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" dependencies = [ - "windows-sys 0.61.2", + "windows-sys 0.59.0", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 654b0cf1..8d29ff11 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -116,8 +116,8 @@ weaver_diff = { path = "crates/weaver_diff" } weaver_version = { path = "crates/weaver_version" } tempfile.workspace = true ureq.workspace = true -assert_cmd = "2.0.17" -portpicker = "0.1.1" +assert_cmd = "=2.0.17" +portpicker = "=0.1.1" [build-dependencies] tonic-prost-build = "0.14.1" diff --git a/crates/weaver_emit/Cargo.toml b/crates/weaver_emit/Cargo.toml index 1e72a06d..f3c49c6a 100644 --- a/crates/weaver_emit/Cargo.toml +++ b/crates/weaver_emit/Cargo.toml @@ -24,7 +24,7 @@ serde.workspace = true miette.workspace = true [dev-dependencies] -futures-util = { version = "0.3", default-features = false } +futures-util = { version = "=0.3.31", default-features = false } [lints] workspace = true diff --git a/crates/weaver_forge/Cargo.toml b/crates/weaver_forge/Cargo.toml index cf475376..208fb4e5 100644 --- a/crates/weaver_forge/Cargo.toml +++ b/crates/weaver_forge/Cargo.toml @@ -52,12 +52,12 @@ log.workspace = true [dev-dependencies] opentelemetry.workspace = true -opentelemetry_sdk = { version = "0.31.0", features = [ +opentelemetry_sdk = { version = "=0.31.0", features = [ "trace", "metrics", "logs", ] } -opentelemetry-stdout = { version = "0.31.0", features = [ +opentelemetry-stdout = { version = "=0.31.0", features = [ "trace", "metrics", "logs", diff --git a/crates/weaver_live_check/Cargo.toml b/crates/weaver_live_check/Cargo.toml index 64b61cc1..1aa05e34 100644 --- a/crates/weaver_live_check/Cargo.toml +++ b/crates/weaver_live_check/Cargo.toml @@ -22,7 +22,7 @@ miette.workspace = true schemars.workspace = true [dev-dependencies] -tempfile = "3.23.0" +tempfile = "=3.23.0" [lints] workspace = true diff --git a/crates/weaver_resolver/Cargo.toml b/crates/weaver_resolver/Cargo.toml index 949792d6..f41ef38a 100644 --- a/crates/weaver_resolver/Cargo.toml +++ b/crates/weaver_resolver/Cargo.toml @@ -28,4 +28,4 @@ globset.workspace = true log.workspace = true [dev-dependencies] -glob = "0.3.3" +glob = "=0.3.3"