diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000000..c272b36b581 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + groups: + gh-actions-packages: + patterns: + - "*" diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 3dc596bb2f9..ac3fc0c8702 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -24,7 +24,7 @@ jobs: ) ) steps: - - uses: tibdex/backport@v2 + - uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2.0.4 with: github_token: ${{ secrets.GITHUB_TOKEN }} body_template: "Backport <%= mergeCommitSha %> from #<%= number %> to <%= base %>.\n\n<%= body %>" diff --git a/.github/workflows/build-and-publish-image.yml b/.github/workflows/build-and-publish-image.yml index 55647245109..da0bd86f550 100644 --- a/.github/workflows/build-and-publish-image.yml +++ b/.github/workflows/build-and-publish-image.yml @@ -30,21 +30,21 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 with: # Images after this version (>=v0.10) are incompatible with gcr and aws. version: v0.9.1 # https://github.com/docker/buildx/issues/1533 - name: Login to Docker run: docker login -u publisher -p ${{ secrets.token }} ghcr.io - name: Docker Build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 with: push: true tags: ${{ inputs.tags }} diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml index 1a13a751d29..179ed367141 100644 --- a/.github/workflows/build_deploy.yml +++ b/.github/workflows/build_deploy.yml @@ -33,13 +33,13 @@ jobs: name: Build source distribution runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Include all history and tags with: persist-credentials: false fetch-depth: 0 - - uses: actions-rust-lang/setup-rust-toolchain@v1 - - uses: actions/setup-python@v5 + - uses: actions-rust-lang/setup-rust-toolchain@11df97af8e8102fd60b60a77dfbf58d40cd843b8 # v1.10.1 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 name: Install Python with: python-version: '3.12' @@ -47,7 +47,7 @@ jobs: run: | pip install "setuptools_scm[toml]>=4" "cython" "cmake>=3.24.2,<3.28" "setuptools-rust" python setup.py sdist - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: source-dist path: dist/*.tar.gz @@ -60,10 +60,10 @@ jobs: container: image: python:3.9-alpine steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: source-dist path: dist diff --git a/.github/workflows/build_python_3.yml b/.github/workflows/build_python_3.yml index f03c3c1bdcd..663eb8b5077 100644 --- a/.github/workflows/build_python_3.yml +++ b/.github/workflows/build_python_3.yml @@ -19,10 +19,10 @@ jobs: outputs: include: ${{steps.set-matrix.outputs.include}} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.8' - run: pip install cibuildwheel==2.22.0 @@ -52,13 +52,13 @@ jobs: include: ${{ fromJson(needs.build-wheels-matrix.outputs.include) }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Include all history and tags with: persist-credentials: false fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: matrix.os != 'arm-4core-linux' name: Install Python with: @@ -79,7 +79,7 @@ jobs: - name: Set up QEMU if: runner.os == 'Linux' && matrix.os != 'arm-4core-linux' - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 with: platforms: all @@ -120,7 +120,7 @@ jobs: - name: Build wheels if: always() && matrix.os != 'arm-4core-linux' - uses: pypa/cibuildwheel@v2.22.0 + uses: pypa/cibuildwheel@ee63bf16da6cddfb925f542f2c7b59ad50e93969 # v2.22.0 with: only: ${{ matrix.only }} env: @@ -166,7 +166,7 @@ jobs: run: | chcp 65001 #set code page to utf-8 echo "ARTIFACT_NAME=${{ matrix.only }}" >> $env:GITHUB_ENV - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: wheels-${{ env.ARTIFACT_NAME }} path: ./wheelhouse/*.whl diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index aa705d8a02f..b3a4e8107a3 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -12,7 +12,7 @@ jobs: name: Validate changelog runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Include all history and tags with: persist-credentials: false @@ -26,7 +26,7 @@ jobs: if: github.event_name == 'pull_request' run: scripts/check-releasenotes - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 name: Install Python with: python-version: '3.8' @@ -43,7 +43,7 @@ jobs: rst2html.py CHANGELOG.rst CHANGELOG.html - name: Upload CHANGELOG.rst - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: changelog path: | diff --git a/.github/workflows/check_old_target_branch.yml b/.github/workflows/check_old_target_branch.yml index 73925f75290..a2308ae9e89 100644 --- a/.github/workflows/check_old_target_branch.yml +++ b/.github/workflows/check_old_target_branch.yml @@ -26,7 +26,7 @@ jobs: - name: Old branch warning on PR if: env.old_branch == 'true' - uses: thollander/actions-comment-pull-request@v2 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: message: | 🚫 **This target branch is too old or unsupported. Please update the target branch to continue.** diff --git a/.github/workflows/codeowners.yml b/.github/workflows/codeowners.yml index 3a0b5993058..03335a44eea 100644 --- a/.github/workflows/codeowners.yml +++ b/.github/workflows/codeowners.yml @@ -10,15 +10,15 @@ jobs: permissions: pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v44 + uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44.5.7 - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 - name: Install codeowners run: go install github.com/hmarr/codeowners/cmd/codeowners@latest - name: List owners of all changed files @@ -29,7 +29,7 @@ jobs: echo "$(codeowners ${{ steps.changed-files.outputs.all_changed_files }})" >> "$GITHUB_OUTPUT" echo "EOF" >> "$GITHUB_OUTPUT" - name: Comment PR - uses: thollander/actions-comment-pull-request@v2 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: filePath: resolved.txt comment_tag: codeowners_resolved diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5af69a81073..07db9ebcf6d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -26,13 +26,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -42,7 +42,7 @@ jobs: config-file: .github/codeql-config.yml - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 diff --git a/.github/workflows/django-overhead-profile.yml b/.github/workflows/django-overhead-profile.yml index 8fb697daa14..bb0933c237b 100644 --- a/.github/workflows/django-overhead-profile.yml +++ b/.github/workflows/django-overhead-profile.yml @@ -31,12 +31,12 @@ jobs: run: working-directory: ddtrace steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false path: ddtrace - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.10" @@ -48,7 +48,7 @@ jobs: run: | bash scripts/profiles/django-simple/run.sh ${PREFIX} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: django-overhead-profile${{ matrix.suffix }} path: ${{ github.workspace }}/prefix/artifacts diff --git a/.github/workflows/encoders-profile.yml b/.github/workflows/encoders-profile.yml index ed77daa6d5a..9c0cb8f7321 100644 --- a/.github/workflows/encoders-profile.yml +++ b/.github/workflows/encoders-profile.yml @@ -19,12 +19,12 @@ jobs: run: working-directory: ddtrace steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false path: ddtrace - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.10" @@ -40,7 +40,7 @@ jobs: sed -i 's|${{ github.workspace }}/ddtrace/||g' ${PREFIX}/artifacts/$a done - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: encoders-profile path: ${{ github.workspace }}/prefix/artifacts diff --git a/.github/workflows/flask-overhead-profile.yml b/.github/workflows/flask-overhead-profile.yml index 8f4dce9e5c7..43ae7a24262 100644 --- a/.github/workflows/flask-overhead-profile.yml +++ b/.github/workflows/flask-overhead-profile.yml @@ -19,12 +19,12 @@ jobs: run: working-directory: ddtrace steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false path: ddtrace - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.10" @@ -36,7 +36,7 @@ jobs: run: | bash scripts/profiles/flask-simple/run.sh ${PREFIX} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: flask-overhead-profile path: ${{ github.workspace }}/prefix/artifacts diff --git a/.github/workflows/generate-package-versions.yml b/.github/workflows/generate-package-versions.yml index b8729e882c9..5bb5f7a2f89 100644 --- a/.github/workflows/generate-package-versions.yml +++ b/.github/workflows/generate-package-versions.yml @@ -15,50 +15,50 @@ jobs: pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup Python 3.7 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.7" - name: Setup Python 3.8 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.8" - name: Setup Python 3.9 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.9" - name: Setup Python 3.10 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.10" - name: Setup Python 3.11 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.11" - name: Setup Python 3.12 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.12" - name: Setup Python 3.13 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.13" - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Install Docker Compose run: | @@ -75,7 +75,7 @@ jobs: sudo apt-get install -y libmariadb-dev - name: Install hatch - uses: pypa/hatch@install + uses: pypa/hatch@257e27e51a6a5616ed08a39a408a21c35c9931bc # install with: version: "1.12.0" @@ -97,7 +97,7 @@ jobs: - name: Create Pull Request id: pr - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: token: ${{ secrets.GITHUB_TOKEN }} branch: "upgrade-latest-${{ env.VENV_NAME }}-version" diff --git a/.github/workflows/generate-supported-versions.yml b/.github/workflows/generate-supported-versions.yml index c802e91bcf3..ed2a0c44308 100644 --- a/.github/workflows/generate-supported-versions.yml +++ b/.github/workflows/generate-supported-versions.yml @@ -13,50 +13,50 @@ jobs: pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup Python 3.7 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.7" - name: Setup Python 3.8 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.8" - name: Setup Python 3.9 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.9" - name: Setup Python 3.10 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.10" - name: Setup Python 3.11 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.11" - name: Setup Python 3.12 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.12" - name: Setup Python 3.13 - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.13" - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Install system dependencies run: | @@ -84,7 +84,7 @@ jobs: - name: Create Pull Request id: pr - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: token: ${{ secrets.GITHUB_TOKEN }} branch: "update-supported-versions" diff --git a/.github/workflows/pr-name.yml b/.github/workflows/pr-name.yml index a66c9f506e8..bbeb199f615 100644 --- a/.github/workflows/pr-name.yml +++ b/.github/workflows/pr-name.yml @@ -9,11 +9,11 @@ jobs: pr_name_lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 name: Install Node.js with: node-version: 16 @@ -21,7 +21,7 @@ jobs: run: | npm install @commitlint/lint@18.6.1 @commitlint/load@18.6.1 @commitlint/config-conventional@18.6.2 @actions/core - name: Lint PR name - uses: actions/github-script@v6.4.1 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: script: | const load = require('@commitlint/load').default; diff --git a/.github/workflows/profiling-native.yml b/.github/workflows/profiling-native.yml index 09dd262b933..668e8070e41 100644 --- a/.github/workflows/profiling-native.yml +++ b/.github/workflows/profiling-native.yml @@ -23,12 +23,12 @@ jobs: sanitizer: ["safety", "thread", "valgrind"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 1 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/prune_workflow.yml b/.github/workflows/prune_workflow.yml index 1c8a8479a8c..0f1ae92098d 100644 --- a/.github/workflows/prune_workflow.yml +++ b/.github/workflows/prune_workflow.yml @@ -50,7 +50,7 @@ jobs: actions: write steps: - name: Delete workflow runs - uses: Mattraks/delete-workflow-runs@v2 + uses: Mattraks/delete-workflow-runs@4c9f24749b7996562658e3d6e10662489e22caca # v2.0.0 with: token: ${{ github.token }} repository: ${{ github.repository }} diff --git a/.github/workflows/pytorch_gpu_tests.yml b/.github/workflows/pytorch_gpu_tests.yml index 1db504ae61d..0f522819ff1 100644 --- a/.github/workflows/pytorch_gpu_tests.yml +++ b/.github/workflows/pytorch_gpu_tests.yml @@ -16,23 +16,23 @@ jobs: unit-tests: runs-on: APM-4-CORE-GPU-LINUX steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Include all history and tags with: persist-credentials: false fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 name: Install Python with: python-version: '3.12' - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@11df97af8e8102fd60b60a77dfbf58d40cd843b8 # v1.10.1 - name: Install latest stable toolchain and rustfmt run: rustup update stable && rustup default stable && rustup component add rustfmt clippy - name: Install hatch - uses: pypa/hatch@install + uses: pypa/hatch@257e27e51a6a5616ed08a39a408a21c35c9931bc # install with: version: "1.12.0" diff --git a/.github/workflows/require-checklist.yaml b/.github/workflows/require-checklist.yaml index 521e28573bb..8d30dfa53f8 100644 --- a/.github/workflows/require-checklist.yaml +++ b/.github/workflows/require-checklist.yaml @@ -6,7 +6,7 @@ jobs: require-checklist: runs-on: ubuntu-latest steps: - - uses: mheap/require-checklist-action@v2 + - uses: mheap/require-checklist-action@efef3b1b39d03d12be5ce427c15064f287ba5843 # v2.4.0 with: # require a checklist to be present in the PR description requireChecklist: true diff --git a/.github/workflows/requirements-locks.yml b/.github/workflows/requirements-locks.yml index 23a1c05a517..a61506dddf0 100644 --- a/.github/workflows/requirements-locks.yml +++ b/.github/workflows/requirements-locks.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest container: ghcr.io/datadog/dd-trace-py/testrunner:0a50e839f4b1600f02157518b8d016451b346578@sha256:5dae9bc7872f69b31b612690f0748c7ad71ab90ef28a754b2ae93d0ba505837b steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 3241a0b763e..cb79f7eda4a 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -13,7 +13,7 @@ jobs: matrix: extension: ["src/native"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Install latest stable toolchain and rustfmt diff --git a/.github/workflows/set-target-milestone.yml b/.github/workflows/set-target-milestone.yml index 31dcb1a9938..ce6f775ceb7 100644 --- a/.github/workflows/set-target-milestone.yml +++ b/.github/workflows/set-target-milestone.yml @@ -12,12 +12,12 @@ jobs: name: Add milestone to merged pull requests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Include all history and tags with: persist-credentials: false fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 name: Install Python with: python-version: '3.8' @@ -29,7 +29,7 @@ jobs: scripts/get-target-milestone.py - name: Update Pull Request if: steps.milestones.outputs.milestone != null - uses: actions/github-script@v6.4.1 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 63a045d498b..608f5b331c9 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v8 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: # DEV: GitHub Actions have an API rate limit of 1000 operations per hour per repository # This limit is shared across all actions diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index 3f9d9308c83..443be12b62d 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout system tests - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false repository: 'DataDog/system-tests' @@ -29,7 +29,7 @@ jobs: run: | docker image save system_tests/agent:latest | gzip > agent_${{ github.sha }}.tar.gz - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: agent_${{ github.sha }} path: | @@ -62,13 +62,13 @@ jobs: steps: - name: Checkout system tests - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false repository: 'DataDog/system-tests' - name: Checkout dd-trace-py - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false path: 'binaries/dd-trace-py' @@ -85,7 +85,7 @@ jobs: run: | docker image save system_tests/weblog:latest | gzip > ${{ matrix.weblog-variant}}_weblog_${{ github.sha }}.tar.gz - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: ${{ matrix.weblog-variant }}_${{ github.sha }} path: | @@ -114,7 +114,7 @@ jobs: steps: - name: Checkout system tests - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false repository: 'DataDog/system-tests' @@ -122,12 +122,12 @@ jobs: - name: Build runner uses: ./.github/actions/install_runner - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: ${{ matrix.weblog-variant }}_${{ github.sha }} path: images_artifacts/ - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: agent_${{ github.sha }} path: images_artifacts/ @@ -273,7 +273,7 @@ jobs: run: tar -czvf artifact.tar.gz $(ls | grep logs) - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: always() && steps.docker_load.outcome == 'success' with: name: logs_${{ matrix.weblog-variant }}_${{ matrix.scenario }} @@ -287,12 +287,12 @@ jobs: TEST_LIBRARY: python steps: - name: Checkout system tests - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false repository: 'DataDog/system-tests' - name: Checkout dd-trace-py - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false path: 'binaries/dd-trace-py' @@ -312,7 +312,7 @@ jobs: run: tar -czvf artifact.tar.gz $(ls | grep logs) - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: always() && steps.build_runner.outcome == 'success' with: name: logs_parametric diff --git a/.github/workflows/test_frameworks.yml b/.github/workflows/test_frameworks.yml index 2e1502b4d3d..378806e11ba 100644 --- a/.github/workflows/test_frameworks.yml +++ b/.github/workflows/test_frameworks.yml @@ -25,7 +25,7 @@ jobs: outputs: outcome: ${{ steps.run_needed.outcome }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - id: run_needed @@ -71,16 +71,16 @@ jobs: run: working-directory: bottle steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.9' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: path: ddtrace persist-credentials: false - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false @@ -170,19 +170,19 @@ jobs: run: working-directory: django steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false repository: django/django ref: 5.0.7 path: django - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: "3.11" @@ -268,12 +268,12 @@ jobs: run: working-directory: graphene steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false @@ -282,7 +282,7 @@ jobs: # Unreleased CI fix: https://github.com/graphql-python/graphene/pull/1412 ref: 03277a55123fd2f8a8465c5fa671f7fb0d004c26 path: graphene - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: "3.9" @@ -338,23 +338,23 @@ jobs: run: working-directory: fastapi steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.9' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false repository: tiangolo/fastapi ref: 0.92.0 path: fastapi - - uses: actions/cache@v4.1.2 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 if: needs.needs-run.outputs.outcome == 'success' id: cache with: @@ -409,19 +409,19 @@ jobs: run: working-directory: flask steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false repository: pallets/flask ref: 3.0.3 path: flask - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.12' @@ -461,19 +461,19 @@ jobs: run: working-directory: httpx steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false repository: encode/httpx ref: 0.22.0 path: httpx - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.9' @@ -535,19 +535,19 @@ jobs: run: working-directory: mako steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false repository: sqlalchemy/mako ref: rel_1_3_5 path: mako - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.12' @@ -603,16 +603,16 @@ jobs: run: working-directory: starlette steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.9' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false @@ -670,16 +670,16 @@ jobs: run: working-directory: requests steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.9' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false @@ -739,16 +739,16 @@ jobs: run: working-directory: asyncpg steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.9' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false @@ -796,16 +796,16 @@ jobs: run: working-directory: gunicorn steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.9' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false @@ -855,16 +855,16 @@ jobs: run: working-directory: uwsgi steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: needs.needs-run.outputs.outcome == 'success' with: python-version: '3.9' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false path: ddtrace - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: needs.needs-run.outputs.outcome == 'success' with: persist-credentials: false diff --git a/.github/workflows/test_lib_injection.yml b/.github/workflows/test_lib_injection.yml index c30988db6d1..9e7ebbe0935 100644 --- a/.github/workflows/test_lib_injection.yml +++ b/.github/workflows/test_lib_injection.yml @@ -31,7 +31,7 @@ jobs: - "3.12" - "3.13" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Install pyenv diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 3de25fa22b0..f3d867796fd 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -19,18 +19,18 @@ jobs: python-version: ["3.7", "3.10", "3.12"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Include all history and tags with: persist-credentials: false fetch-depth: 0 - - uses: actions-rust-lang/setup-rust-toolchain@v1 + - uses: actions-rust-lang/setup-rust-toolchain@11df97af8e8102fd60b60a77dfbf58d40cd843b8 # v1.10.1 - name: Install latest stable toolchain and rustfmt run: rustup update stable && rustup default stable && rustup component add rustfmt clippy - name: Install hatch - uses: pypa/hatch@install + uses: pypa/hatch@257e27e51a6a5616ed08a39a408a21c35c9931bc # install with: version: "1.12.0" diff --git a/.github/workflows/upstream-issues.yml b/.github/workflows/upstream-issues.yml index 5c838bc894c..d0862034cb2 100644 --- a/.github/workflows/upstream-issues.yml +++ b/.github/workflows/upstream-issues.yml @@ -7,10 +7,10 @@ jobs: upstream-issues: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: Kyle-Verhoog/upstream-issue-notifier@v0.1.3 + - uses: Kyle-Verhoog/upstream-issue-notifier@673cde7836a29e5549146261217982ce0cf91858 # v0.1.3 env: GITHUB_TOKEN: ${{ github.token }} IGNORE_DIRS: ddtrace/vendor