From f3b62aa228830d2fd0fc408c082ca2088a6a8456 Mon Sep 17 00:00:00 2001 From: Roy Dahan Date: Sun, 24 Dec 2023 19:53:31 +0200 Subject: [PATCH 1/2] ci: Set python version to 3.11 Python 3.12 has some compatability issues with scylla-ccm. Setting the python version to 3.11 should workaround the issue for now. --- .github/workflows/tests@v1.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests@v1.yml b/.github/workflows/tests@v1.yml index 73d41282c94..5961a27c612 100644 --- a/.github/workflows/tests@v1.yml +++ b/.github/workflows/tests@v1.yml @@ -98,7 +98,7 @@ jobs: - name: Setup Python 3 uses: actions/setup-python@v2 with: - python-version: '3.x' + python-version: '3.11' - name: Fetch Scylla and Cassandra versions id: fetch-versions @@ -135,7 +135,7 @@ jobs: - name: Setup Python 3 uses: actions/setup-python@v2 with: - python-version: '3.x' + python-version: '3.11' - name: Setup environment run: | @@ -192,7 +192,7 @@ jobs: - name: Setup Python 3 uses: actions/setup-python@v2 with: - python-version: '3.x' + python-version: '3.11' - name: Setup environment run: | From 69fb333057b59881f15a28537f8420929454d0a3 Mon Sep 17 00:00:00 2001 From: Roy Dahan Date: Wed, 10 Jun 2026 18:12:23 +0300 Subject: [PATCH 2/2] ci: pin GitHub Actions to commit SHAs Pin all external GitHub Actions to full commit SHAs to reduce supply chain attack surface. Upgrade outdated actions to their latest versions. Reference: https://github.com/scylladb/scylladb/pull/29421 --- .github/workflows/docs-pages.yaml | 6 ++-- .github/workflows/docs-pr.yaml | 6 ++-- .github/workflows/tests-reports-4x@v1.yml | 2 +- .github/workflows/tests-reports@v1.yml | 2 +- .github/workflows/tests@v1.yml | 38 +++++++++++------------ 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/docs-pages.yaml b/.github/workflows/docs-pages.yaml index ca15a27f707..2789642d6f7 100644 --- a/.github/workflows/docs-pages.yaml +++ b/.github/workflows/docs-pages.yaml @@ -19,16 +19,16 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v3 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.7 - name: Set up JDK 1.8 - uses: actions/setup-java@v1 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: 1.8 - name: Set up env diff --git a/.github/workflows/docs-pr.yaml b/.github/workflows/docs-pr.yaml index 3ce75afd319..9b22e8e2bdb 100644 --- a/.github/workflows/docs-pr.yaml +++ b/.github/workflows/docs-pr.yaml @@ -18,16 +18,16 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v3 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.7 - name: Set up JDK 1.8 - uses: actions/setup-java@v1 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: 1.8 - name: Set up env diff --git a/.github/workflows/tests-reports-4x@v1.yml b/.github/workflows/tests-reports-4x@v1.yml index 8c0b6f4a65a..cbeb38d36db 100644 --- a/.github/workflows/tests-reports-4x@v1.yml +++ b/.github/workflows/tests-reports-4x@v1.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Generate test report - uses: dorny/test-reporter@v1 + uses: dorny/test-reporter@a43b3a5f7366b97d083190328d2c652e1a8b6aa2 # v3.0.0 with: artifact: 'test-results' name: 'Test report' diff --git a/.github/workflows/tests-reports@v1.yml b/.github/workflows/tests-reports@v1.yml index 5185fb798d6..c26ec3e95d7 100644 --- a/.github/workflows/tests-reports@v1.yml +++ b/.github/workflows/tests-reports@v1.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Generate test report - uses: dorny/test-reporter@v1 + uses: dorny/test-reporter@a43b3a5f7366b97d083190328d2c652e1a8b6aa2 # v3.0.0 with: artifact: 'test-results' name: 'Test report' diff --git a/.github/workflows/tests@v1.yml b/.github/workflows/tests@v1.yml index 5961a27c612..01e673f89f3 100644 --- a/.github/workflows/tests@v1.yml +++ b/.github/workflows/tests@v1.yml @@ -20,10 +20,10 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK ${{ matrix.java-version }} - uses: actions/setup-java@v2 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: ${{ matrix.java-version }} distribution: 'adopt' @@ -43,10 +43,10 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK ${{ matrix.java-version }} - uses: actions/setup-java@v2 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: ${{ matrix.java-version }} distribution: 'adopt' @@ -61,10 +61,10 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK 8 - uses: actions/setup-java@v2 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '8' distribution: 'adopt' @@ -80,7 +80,7 @@ jobs: cp --parents ./**/target/*-reports/*.xml unit/ - name: Upload test results - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: success() || failure() with: name: test-results @@ -93,10 +93,10 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Setup Python 3 - uses: actions/setup-python@v2 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.11' @@ -124,16 +124,16 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK 8 - uses: actions/setup-java@v2 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '8' distribution: 'adopt' - name: Setup Python 3 - uses: actions/setup-python@v2 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.11' @@ -155,14 +155,14 @@ jobs: cp --parents ./**/target/*-reports/*.xml cassandra-${{ matrix.cassandra-version }}/ - name: Upload test results - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: success() || failure() with: name: test-results path: "*/**/target/*-reports/*.xml" - name: Upload CCM logs - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ failure() }} with: name: ccm-logs-cassandra-${{ matrix.cassandra-version }} @@ -181,16 +181,16 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK 8 - uses: actions/setup-java@v2 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '8' distribution: 'adopt' - name: Setup Python 3 - uses: actions/setup-python@v2 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.11' @@ -213,14 +213,14 @@ jobs: cp --parents ./**/target/*-reports/*.xml scylla-${{ matrix.scylla-version }}/ - name: Upload test results - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: success() || failure() with: name: test-results path: "*/**/target/*-reports/*.xml" - name: Upload CCM logs - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ failure() }} with: name: ccm-logs-scylla-${{ matrix.scylla-version }}