diff --git a/.github/actions/build-upstream/action.yml b/.github/actions/build-upstream/action.yml index 78c88cb834..e8c1337572 100644 --- a/.github/actions/build-upstream/action.yml +++ b/.github/actions/build-upstream/action.yml @@ -30,7 +30,7 @@ runs: # Cache NAPI bindings and Rust CLI binary (the slow parts, especially on Windows) - name: Restore NAPI binding cache id: cache-restore - uses: actions/cache/restore@94b89442628ad1d101e352b7ee38f30e1bef108e # v5 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | packages/cli/binding/*.node @@ -113,7 +113,7 @@ runs: - name: Save NAPI binding cache if: steps.cache-restore.outputs.cache-hit != 'true' - uses: actions/cache/save@94b89442628ad1d101e352b7ee38f30e1bef108e # v5 + uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | packages/cli/binding/*.node diff --git a/.github/actions/clone/action.yml b/.github/actions/clone/action.yml index 2fda687c88..e119ecc904 100644 --- a/.github/actions/clone/action.yml +++ b/.github/actions/clone/action.yml @@ -31,13 +31,13 @@ runs: node -e "console.log('ECOSYSTEM_CI_PROJECT_REPOSITORY=' + require('./ecosystem-ci/repo.json')['${{ inputs.ecosystem-ci-project }}'].repository.replace('https://github.com/', '').replace('.git', ''))" >> $GITHUB_OUTPUT echo "ECOSYSTEM_CI_PROJECT_PATH=${{ runner.temp }}/vite-plus-ecosystem-ci/${{ inputs.ecosystem-ci-project }}" >> $GITHUB_OUTPUT - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: rolldown/rolldown path: rolldown ref: ${{ steps.upstream-versions.outputs.ROLLDOWN_HASH }} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: vitejs/vite path: rolldown-vite diff --git a/.github/actions/download-rolldown-binaries/action.yml b/.github/actions/download-rolldown-binaries/action.yml index 5bc103d006..34a54b3f51 100644 --- a/.github/actions/download-rolldown-binaries/action.yml +++ b/.github/actions/download-rolldown-binaries/action.yml @@ -47,7 +47,7 @@ runs: fi env: GITHUB_TOKEN: ${{ inputs.github-token }} - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: ${{ inputs.upload == 'true' }} with: name: rolldown-binaries diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c46361663a..2efbdd09c4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: outputs: code-changed: ${{ steps.filter.outputs.code }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -47,7 +47,7 @@ jobs: contents: read packages: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/download-rolldown-binaries with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -67,7 +67,7 @@ jobs: target: aarch64-apple-darwin runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone - name: Setup Dev Drive @@ -103,7 +103,7 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone - uses: oxc-project/setup-rust@d286d43bc1f606abbd98096666ff8be68c8d5f57 # v1.0.0 @@ -137,7 +137,7 @@ jobs: needs: - download-previous-rolldown-binaries steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone - uses: oxc-project/setup-rust@d286d43bc1f606abbd98096666ff8be68c8d5f57 # v1.0.0 @@ -147,7 +147,7 @@ jobs: - uses: oxc-project/setup-node@fdbf0dfd334c4e6d56ceeb77d91c76339c2a0885 # v1.0.4 - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: rolldown-binaries path: ./rolldown/packages/rolldown/src @@ -186,7 +186,7 @@ jobs: - os: windows-latest runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone - name: Setup Dev Drive @@ -210,7 +210,7 @@ jobs: - name: Install docs dependencies run: pnpm -C docs install --frozen-lockfile - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: rolldown-binaries path: ./rolldown/packages/rolldown/src @@ -570,7 +570,7 @@ jobs: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'test: install-e2e') steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone - uses: oxc-project/setup-rust@d286d43bc1f606abbd98096666ff8be68c8d5f57 # v1.0.0 @@ -580,7 +580,7 @@ jobs: - uses: oxc-project/setup-node@fdbf0dfd334c4e6d56ceeb77d91c76339c2a0885 # v1.0.4 - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: rolldown-binaries path: ./rolldown/packages/rolldown/src diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml index 9a63537020..9b9c8ba7ac 100644 --- a/.github/workflows/deny.yml +++ b/.github/workflows/deny.yml @@ -27,7 +27,7 @@ jobs: name: Cargo Deny runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false submodules: true diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index b8fa95cf73..42bd65c9ff 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -32,7 +32,7 @@ jobs: outputs: related-files-changed: ${{ steps.filter.outputs.related-files }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -55,7 +55,7 @@ jobs: contents: read packages: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/download-rolldown-binaries with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -77,7 +77,7 @@ jobs: - os: windows-latest target: x86_64-pc-windows-msvc steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone # Disable Windows Defender real-time scanning to speed up I/O-heavy builds (~30-50% faster) @@ -93,7 +93,7 @@ jobs: - uses: oxc-project/setup-node@fdbf0dfd334c4e6d56ceeb77d91c76339c2a0885 # v1.0.4 - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: rolldown-binaries path: ./rolldown/packages/rolldown/src @@ -115,7 +115,7 @@ jobs: ls -la tmp/tgz - name: Upload tgz artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: vite-plus-packages-${{ matrix.os }} path: tmp/tgz/ @@ -261,7 +261,7 @@ jobs: name: dify steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone with: ecosystem-ci-project: ${{ matrix.project.name }} @@ -272,13 +272,13 @@ jobs: shell: powershell run: Set-MpPreference -DisableRealtimeMonitoring $true - - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ matrix.project.node-version }} package-manager-cache: false - name: Download vite-plus packages - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: vite-plus-packages-${{ matrix.os }} path: tmp/tgz diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 13544a624a..7f29069f22 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: outputs: version: ${{ steps.version.outputs.version }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 fetch-tags: true @@ -70,9 +70,9 @@ jobs: - target: aarch64-pc-windows-msvc os: windows-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 - uses: oxc-project/setup-rust@d286d43bc1f606abbd98096666ff8be68c8d5f57 # v1.0.2 with: save-cache: ${{ github.ref_name == 'main' }} @@ -111,14 +111,14 @@ jobs: target: ${{ matrix.settings.target }} - name: Upload Vite+ native artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: vite-plus-native-${{ matrix.settings.target }} path: ./packages/cli/binding/*.node if-no-files-found: error - name: Upload Rust CLI binary artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: vite-global-cli-${{ matrix.settings.target }} path: | @@ -132,7 +132,7 @@ jobs: rm ./packages/core/dist/**/*.node - name: Upload core dist - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: ${{ matrix.settings.target == 'x86_64-unknown-linux-gnu' }} with: name: core @@ -140,7 +140,7 @@ jobs: if-no-files-found: error - name: Upload cli dist - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: ${{ matrix.settings.target == 'x86_64-unknown-linux-gnu' }} with: name: cli @@ -157,12 +157,12 @@ jobs: env: VERSION: ${{ needs.prepare.outputs.version }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version-file: .node-version package-manager-cache: false @@ -173,20 +173,20 @@ jobs: run: pnpm install - name: Download cli dist - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: packages/cli/dist pattern: cli merge-multiple: true - name: Download cli binding - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: packages/cli/artifacts pattern: vite-plus-native-* - name: Download core dist - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: packages/core/dist pattern: core @@ -199,7 +199,7 @@ jobs: upload: 'false' - name: Download Rust CLI binaries - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: rust-cli-artifacts pattern: vite-global-cli-* diff --git a/.github/workflows/test-standalone-install.yml b/.github/workflows/test-standalone-install.yml index 0ce0c9a202..88e08bdb34 100644 --- a/.github/workflows/test-standalone-install.yml +++ b/.github/workflows/test-standalone-install.yml @@ -38,7 +38,7 @@ jobs: - os: macos-latest name: macOS ARM64 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run install.sh run: cat packages/cli/install.sh | bash @@ -120,7 +120,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -184,7 +184,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Assert PowerShell 5.x shell: powershell @@ -266,7 +266,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run install.ps1 shell: pwsh @@ -333,7 +333,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run install.ps1 shell: pwsh diff --git a/.github/workflows/upgrade-deps.yml b/.github/workflows/upgrade-deps.yml index 6317a07a1c..18a5caceb1 100644 --- a/.github/workflows/upgrade-deps.yml +++ b/.github/workflows/upgrade-deps.yml @@ -16,7 +16,7 @@ jobs: actions: read id-token: write steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/clone - uses: oxc-project/setup-rust@d286d43bc1f606abbd98096666ff8be68c8d5f57 # v1.0.0 diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 476977bc92..4030f5fc6b 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -23,7 +23,7 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false submodules: true