diff --git a/.github/workflows/bridge.yml b/.github/workflows/bridge.yml index 1913132e2..ae063af0f 100644 --- a/.github/workflows/bridge.yml +++ b/.github/workflows/bridge.yml @@ -49,13 +49,13 @@ jobs: wget - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ env.RUST_VERSION }} targets: ${{ matrix.job.target }} components: "rustfmt" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: prefix-key: bridge-${{ matrix.job.os }} @@ -67,7 +67,7 @@ jobs: key: vcpkg-${{ matrix.job.arch }} - name: Install flutter - uses: subosito/flutter-action@v2 + uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3a7d21d7e..8395266c6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -88,7 +88,7 @@ jobs: if: runner.os == 'Linux' # jlumbroso/free-disk-space@main is used in .github\workflows\flutter-build.yml # But pinning to a specific version to avoid unexpected issues is preferred. - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false android: true @@ -145,7 +145,7 @@ jobs: esac - name: Setup vcpkg with Github Actions binary cache - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgDirectory: /opt/artifacts/vcpkg vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} @@ -156,7 +156,7 @@ jobs: shell: bash - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: stable targets: ${{ matrix.job.target }} @@ -172,10 +172,10 @@ jobs: cargo -V rustc -V - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - name: Build - uses: actions-rs/cargo@v1 + uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1 with: use-cross: ${{ matrix.job.use-cross }} command: build @@ -243,7 +243,7 @@ jobs: echo "CARGO_TEST_OPTIONS=${CARGO_TEST_OPTIONS}" >> $GITHUB_OUTPUT - name: Run tests - uses: actions-rs/cargo@v1 + uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1 with: use-cross: ${{ matrix.job.use-cross }} command: test diff --git a/.github/workflows/clear-cache.yml b/.github/workflows/clear-cache.yml index cd94cab68..e9879d009 100644 --- a/.github/workflows/clear-cache.yml +++ b/.github/workflows/clear-cache.yml @@ -30,7 +30,7 @@ jobs: console.log("Clear completed") - name: Purge cache # Above seems not clear thouroughly, so add this to double clear - uses: MyAlbum/purge-cache@v2 + uses: MyAlbum/purge-cache@881eb5957687193fa612bf74c0042adc78ea5e54 # v2 with: accessed: true # Purge caches by their last accessed time (default) created: false # Purge caches by their created time (default) diff --git a/.github/workflows/fdroid.yml b/.github/workflows/fdroid.yml index 94f8d3d7d..db3767b11 100644 --- a/.github/workflows/fdroid.yml +++ b/.github/workflows/fdroid.yml @@ -31,7 +31,7 @@ jobs: shell: bash - name: Publish RustDesk version file - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: "fdroid-version" diff --git a/.github/workflows/flutter-build.yml b/.github/workflows/flutter-build.yml index 263bd67dc..e5b0a7d0b 100644 --- a/.github/workflows/flutter-build.yml +++ b/.github/workflows/flutter-build.yml @@ -99,12 +99,12 @@ jobs: path: ./ - name: Install LLVM and Clang - uses: KyleMayes/install-llvm-action@v1 + uses: KyleMayes/install-llvm-action@1a3da29f56261a1e1f937ec88f0856a9b8321d7e # v1 with: version: ${{ env.LLVM_VERSION }} - name: Install flutter - uses: subosito/flutter-action@v2.12.0 #https://github.com/subosito/flutter-action/issues/277 + uses: subosito/flutter-action@2783a3f08e1baf891508463f8c6653c258246225 # v2.12.0 #https://github.com/subosito/flutter-action/issues/277 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} @@ -126,18 +126,18 @@ jobs: [[ "3.24.5" == ${{env.FLUTTER_VERSION}} ]] && git apply flutter_3.24.4_dropdown_menu_enableFilter.diff - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ env.SCITER_RUST_VERSION }} targets: ${{ matrix.job.target }} components: "rustfmt" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: prefix-key: ${{ matrix.job.os }} - name: Setup vcpkg with Github Actions binary cache - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgDirectory: C:\vcpkg vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} @@ -238,8 +238,10 @@ jobs: shell: bash run: | pip3 install requests argparse - BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY=${{ secrets.SIGN_SECRET_KEY }} python3 res/job.py sign_files ./rustdesk/ + BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY="${SIGN_SECRET_KEY}" python3 res/job.py sign_files ./rustdesk/ + env: + SIGN_SECRET_KEY: ${{ secrets.SIGN_SECRET_KEY }} - name: Build self-extracted executable shell: bash if: env.UPLOAD_ARTIFACT == 'true' @@ -253,7 +255,7 @@ jobs: mv ./target/release/rustdesk-portable-packer.exe ./SignOutput/rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.exe - name: Add MSBuild to PATH - uses: microsoft/setup-msbuild@v2 + uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2 - name: Build msi if: env.UPLOAD_ARTIFACT == 'true' @@ -269,10 +271,12 @@ jobs: if: env.UPLOAD_ARTIFACT == 'true' && env.SIGN_BASE_URL != '-2' shell: bash run: | - BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY=${{ secrets.SIGN_SECRET_KEY }} python3 res/job.py sign_files ./SignOutput + BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY="${SIGN_SECRET_KEY}" python3 res/job.py sign_files ./SignOutput + env: + SIGN_SECRET_KEY: ${{ secrets.SIGN_SECRET_KEY }} - name: Publish Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 if: env.UPLOAD_ARTIFACT == 'true' with: prerelease: true @@ -314,23 +318,23 @@ jobs: submodules: recursive - name: Install LLVM and Clang - uses: rustdesk-org/install-llvm-action-32bit@master + uses: rustdesk-org/install-llvm-action-32bit@6aa7d9ad3df84dff01cd4596dd0fc880a7f47fce # master with: version: ${{ env.LLVM_VERSION }} - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: nightly-2023-10-13-${{ matrix.job.target }} # must use nightly here, because of abi_thiscall feature required targets: ${{ matrix.job.target }} components: "rustfmt" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: prefix-key: ${{ matrix.job.os }}-sciter - name: Setup vcpkg with Github Actions binary cache - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgDirectory: C:\vcpkg vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} @@ -404,8 +408,10 @@ jobs: shell: bash run: | pip3 install requests argparse - BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY=${{ secrets.SIGN_SECRET_KEY }} python3 res/job.py sign_files ./Release/ + BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY="${SIGN_SECRET_KEY}" python3 res/job.py sign_files ./Release/ + env: + SIGN_SECRET_KEY: ${{ secrets.SIGN_SECRET_KEY }} - name: Build self-extracted executable shell: bash run: | @@ -421,10 +427,12 @@ jobs: if: env.UPLOAD_ARTIFACT == 'true' && env.SIGN_BASE_URL != '-2' shell: bash run: | - BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY=${{ secrets.SIGN_SECRET_KEY }} python3 res/job.py sign_files ./SignOutput/ + BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY="${SIGN_SECRET_KEY}" python3 res/job.py sign_files ./SignOutput/ + env: + SIGN_SECRET_KEY: ${{ secrets.SIGN_SECRET_KEY }} - name: Publish Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 if: env.UPLOAD_ARTIFACT == 'true' with: prerelease: true @@ -464,7 +472,7 @@ jobs: submodules: recursive - name: Install flutter - uses: subosito/flutter-action@v2 + uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} @@ -475,7 +483,7 @@ jobs: [[ "3.24.5" == ${{env.FLUTTER_VERSION}} ]] && git apply ${{ github.workspace }}/.github/patches/flutter_3.24.4_dropdown_menu_enableFilter.diff - name: Setup vcpkg with Github Actions binary cache - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} doNotCache: false @@ -499,13 +507,13 @@ jobs: shell: bash - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ env.RUST_VERSION }} targets: ${{ matrix.job.target }} components: "rustfmt" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: prefix-key: rustdesk-lib-cache-ios key: ${{ matrix.job.target }} @@ -590,7 +598,7 @@ jobs: - name: Import the codesign cert if: env.MACOS_P12_BASE64 != null - uses: apple-actions/import-codesign-certs@v1 + uses: apple-actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 # v1 with: p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }} p12-password: ${{ secrets.MACOS_P12_PASSWORD }} @@ -604,7 +612,7 @@ jobs: - name: Import notarize key if: env.MACOS_P12_BASE64 != null - uses: timheuer/base64-to-file@v1.2 + uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2 with: # https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_rcodesign.html#notarizing-and-stapling fileName: rustdesk.json @@ -643,7 +651,7 @@ jobs: nasm --version - name: Install flutter - uses: subosito/flutter-action@v2 + uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} @@ -662,13 +670,13 @@ jobs: grep -n '_setFramesEnabledState(false);' ../packages/flutter/lib/src/scheduler/binding.dart - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ env.MAC_RUST_VERSION }} targets: ${{ matrix.job.target }} components: "rustfmt" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: prefix-key: ${{ matrix.job.os }} @@ -679,7 +687,7 @@ jobs: path: ./ - name: Setup vcpkg with Github Actions binary cache - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} doNotCache: false @@ -745,15 +753,18 @@ jobs: sed -i -e 's/MAXIMUM_UNMOUNTING_ATTEMPTS=3/MAXIMUM_UNMOUNTING_ATTEMPTS=7/' "$CREATE_DMG" # Unlock keychain security default-keychain -s rustdesk.keychain - security unlock-keychain -p ${{ secrets.MACOS_P12_PASSWORD }} rustdesk.keychain + security unlock-keychain -p "${MACOS_P12_PASSWORD}" rustdesk.keychain # start sign the rustdesk.app and dmg rm -rf *.dmg || true - codesign --force --options runtime -s ${{ secrets.MACOS_CODESIGN_IDENTITY }} --deep --strict ./flutter/build/macos/Build/Products/Release/RustDesk.app -vvv + codesign --force --options runtime -s "${MACOS_CODESIGN_IDENTITY}" --deep --strict ./flutter/build/macos/Build/Products/Release/RustDesk.app -vvv create-dmg --icon "RustDesk.app" 200 190 --hide-extension "RustDesk.app" --window-size 800 400 --app-drop-link 600 185 rustdesk-${{ env.VERSION }}.dmg ./flutter/build/macos/Build/Products/Release/RustDesk.app - codesign --force --options runtime -s ${{ secrets.MACOS_CODESIGN_IDENTITY }} --deep --strict rustdesk-${{ env.VERSION }}.dmg -vvv + codesign --force --options runtime -s "${MACOS_CODESIGN_IDENTITY}" --deep --strict rustdesk-${{ env.VERSION }}.dmg -vvv # notarize the rustdesk-${{ env.VERSION }}.dmg rcodesign notary-submit --api-key-path ${{ github.workspace }}/rustdesk.json --staple rustdesk-${{ env.VERSION }}.dmg + env: + MACOS_P12_PASSWORD: ${{ secrets.MACOS_P12_PASSWORD }} + MACOS_CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} - name: Rename rustdesk if: env.UPLOAD_ARTIFACT == 'true' run: | @@ -763,7 +774,7 @@ jobs: - name: Publish DMG package if: env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -807,7 +818,7 @@ jobs: tar czf rustdesk-${{ env.VERSION }}-unsigned.tar.gz *.dmg windows-x86_64 windows-x86 - name: Publish unsigned app - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -844,7 +855,7 @@ jobs: } steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # main with: tool-cache: false android: false @@ -902,7 +913,7 @@ jobs: submodules: recursive - name: Install flutter - uses: subosito/flutter-action@v2 + uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2 with: channel: "stable" flutter-version: ${{ env.ANDROID_FLUTTER_VERSION }} @@ -912,14 +923,14 @@ jobs: cd $(dirname $(dirname $(which flutter))) [[ "3.24.5" == ${{env.ANDROID_FLUTTER_VERSION}} ]] && git apply ${{ github.workspace }}/.github/patches/flutter_3.24.4_dropdown_menu_enableFilter.diff - - uses: nttld/setup-ndk@v1 + - uses: nttld/setup-ndk@ed92fe6cadad69be94a966a7ee3271275e62f779 # v1 id: setup-ndk with: ndk-version: ${{ env.NDK_VERSION }} add-to-path: true - name: Setup vcpkg with Github Actions binary cache - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgDirectory: /opt/artifacts/vcpkg vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} @@ -960,12 +971,12 @@ jobs: path: ./ - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ env.RUST_VERSION }} components: "rustfmt" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: prefix-key: rustdesk-lib-cache-android # TODO: drop '-android' part after caches are invalidated key: ${{ matrix.job.target }} @@ -1066,7 +1077,7 @@ jobs: echo "ANDROID_SIGN_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV echo Last build tool version is: $BUILD_TOOL_VERSION - - uses: r0adkll/sign-android-release@v1 + - uses: r0adkll/sign-android-release@349ebdef58775b1e0d8099458af0816dc79b6407 # v1 name: Sign app APK if: env.ANDROID_SIGNING_KEY != null id: sign-rustdesk @@ -1089,7 +1100,7 @@ jobs: - name: Publish signed apk package if: env.ANDROID_SIGNING_KEY != null && env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -1098,7 +1109,7 @@ jobs: - name: Publish unsigned apk package if: env.ANDROID_SIGNING_KEY == null && env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -1116,7 +1127,7 @@ jobs: suffix: "" steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # main with: tool-cache: false android: false @@ -1174,7 +1185,7 @@ jobs: submodules: recursive - name: Install flutter - uses: subosito/flutter-action@v2 + uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2 with: channel: "stable" flutter-version: ${{ env.ANDROID_FLUTTER_VERSION }} @@ -1250,7 +1261,7 @@ jobs: echo "ANDROID_SIGN_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV echo Last build tool version is: $BUILD_TOOL_VERSION - - uses: r0adkll/sign-android-release@v1 + - uses: r0adkll/sign-android-release@349ebdef58775b1e0d8099458af0816dc79b6407 # v1 name: Sign app APK if: env.ANDROID_SIGNING_KEY != null id: sign-rustdesk @@ -1273,7 +1284,7 @@ jobs: - name: Publish signed apk package if: env.ANDROID_SIGNING_KEY != null && env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -1282,7 +1293,7 @@ jobs: - name: Publish unsigned apk package if: env.ANDROID_SIGNING_KEY == null && env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -1340,7 +1351,7 @@ jobs: - name: Set Swap Space if: ${{ matrix.job.arch == 'x86_64' }} - uses: pierotofy/set-swap-space@master + uses: pierotofy/set-swap-space@fc79b3f67fa8a838184ce84a674ca12238d2c761 # master with: swap-size-gb: 12 @@ -1350,7 +1361,7 @@ jobs: free -m - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 if: matrix.job.arch == 'x86_64' || env.UPLOAD_ARTIFACT == 'true' with: toolchain: ${{ env.RUST_VERSION }} @@ -1376,7 +1387,7 @@ jobs: - name: Setup vcpkg with Github Actions binary cache if: matrix.job.arch == 'x86_64' || env.UPLOAD_ARTIFACT == 'true' - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgDirectory: /opt/artifacts/vcpkg vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} @@ -1409,7 +1420,7 @@ jobs: name: bridge-artifact path: ./ - - uses: rustdesk-org/run-on-arch-action@amd64-support + - uses: rustdesk-org/run-on-arch-action@d3fcfbb632b84cf7f6bc772bfaaa2c2f4f8789a8 # amd64-support name: Build rustdesk id: vcpkg if: matrix.job.arch == 'x86_64' || env.UPLOAD_ARTIFACT == 'true' @@ -1583,7 +1594,7 @@ jobs: - name: Publish debian/rpm package if: env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -1611,7 +1622,7 @@ jobs: - name: Build archlinux package if: matrix.job.arch == 'x86_64' && env.UPLOAD_ARTIFACT == 'true' - uses: rustdesk-org/arch-makepkg-action@master + uses: rustdesk-org/arch-makepkg-action@04200739ed1d0bf6f2188b6736b26a767c57a7f9 # master with: packages: scripts: | @@ -1619,7 +1630,7 @@ jobs: - name: Publish archlinux package if: matrix.job.arch == 'x86_64' && env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -1682,7 +1693,7 @@ jobs: free -m - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ env.SCITER_RUST_VERSION }} targets: ${{ matrix.job.target }} @@ -1693,7 +1704,7 @@ jobs: RUST_TOOLCHAIN_VERSION=$(cargo --version | awk '{print $2}') echo "RUST_TOOLCHAIN_VERSION=$RUST_TOOLCHAIN_VERSION" >> $GITHUB_ENV - - uses: rustdesk-org/run-on-arch-action@amd64-support + - uses: rustdesk-org/run-on-arch-action@d3fcfbb632b84cf7f6bc772bfaaa2c2f4f8789a8 # amd64-support name: Build rustdesk sciter binary for ${{ matrix.job.arch }} id: vcpkg with: @@ -1839,7 +1850,7 @@ jobs: - name: Publish debian package if: env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -1896,7 +1907,7 @@ jobs: - name: Publish appimage package if: env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -1953,7 +1964,7 @@ jobs: run: | mv rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}${{ matrix.job.suffix }}.deb flatpak/rustdesk.deb - - uses: rustdesk-org/run-on-arch-action@amd64-support + - uses: rustdesk-org/run-on-arch-action@d3fcfbb632b84cf7f6bc772bfaaa2c2f4f8789a8 # amd64-support name: Build rustdesk flatpak package for ${{ matrix.job.arch }} id: flatpak with: @@ -1981,7 +1992,7 @@ jobs: flatpak build-bundle ./repo rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}${{ matrix.job.suffix }}.flatpak com.rustdesk.RustDesk - name: Publish flatpak package - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -2010,7 +2021,7 @@ jobs: sudo apt-get install -y wget npm - name: Install flutter - uses: subosito/flutter-action@v2.12.0 #https://github.com/subosito/flutter-action/issues/277 + uses: subosito/flutter-action@2783a3f08e1baf891508463f8c6653c258246225 # v2.12.0 #https://github.com/subosito/flutter-action/issues/277 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} @@ -2054,7 +2065,7 @@ jobs: - name: Publish web if: env.UPLOAD_ARTIFACT == 'true' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} diff --git a/.github/workflows/playground.yml b/.github/workflows/playground.yml index 110437e0f..ea590f06e 100644 --- a/.github/workflows/playground.yml +++ b/.github/workflows/playground.yml @@ -93,7 +93,7 @@ jobs: - name: Import the codesign cert if: env.MACOS_P12_BASE64 != null - uses: apple-actions/import-codesign-certs@v1 + uses: apple-actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 # v1 with: p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }} p12-password: ${{ secrets.MACOS_P12_PASSWORD }} @@ -107,7 +107,7 @@ jobs: - name: Import notarize key if: env.MACOS_P12_BASE64 != null - uses: timheuer/base64-to-file@v1.2 + uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2 with: # https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_rcodesign.html#notarizing-and-stapling fileName: rustdesk.json @@ -129,19 +129,19 @@ jobs: brew install llvm create-dmg nasm pkg-config - name: Install flutter - uses: subosito/flutter-action@v2 + uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2 with: channel: "stable" flutter-version: ${{ matrix.job.flutter }} - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ env.RUST_VERSION }} targets: ${{ matrix.job.target }} components: "rustfmt" - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: prefix-key: ${{ matrix.job.os }} @@ -156,7 +156,7 @@ jobs: ~/.cargo/bin/flutter_rust_bridge_codegen --rust-input ./src/flutter_ffi.rs --dart-output ./flutter/lib/generated_bridge.dart --c-output ./flutter/macos/Runner/bridge_generated.h - name: Setup vcpkg with Github Actions binary cache - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} @@ -165,7 +165,7 @@ jobs: $VCPKG_ROOT/vcpkg install --x-install-root="$VCPKG_ROOT/installed" - name: Restore from cache and install vcpkg - uses: lukka/run-vcpkg@v7 + uses: lukka/run-vcpkg@8a5116de2b552d6fc8894e9774aacaf2e5db4823 # v7 if: false with: setupOnly: true @@ -206,15 +206,18 @@ jobs: sed -i -e 's/MAXIMUM_UNMOUNTING_ATTEMPTS=3/MAXIMUM_UNMOUNTING_ATTEMPTS=7/' "$CREATE_DMG" # Unlock keychain security default-keychain -s rustdesk.keychain - security unlock-keychain -p ${{ secrets.MACOS_P12_PASSWORD }} rustdesk.keychain + security unlock-keychain -p "${MACOS_P12_PASSWORD}" rustdesk.keychain # start sign the rustdesk.app and dmg rm -rf *.dmg || true - codesign --force --options runtime -s ${{ secrets.MACOS_CODESIGN_IDENTITY }} --deep --strict ./flutter/build/macos/Build/Products/Release/RustDesk.app -vvv + codesign --force --options runtime -s "${MACOS_CODESIGN_IDENTITY}" --deep --strict ./flutter/build/macos/Build/Products/Release/RustDesk.app -vvv create-dmg --icon "RustDesk.app" 200 190 --hide-extension "RustDesk.app" --window-size 800 400 --app-drop-link 600 185 rustdesk-${{ env.VERSION }}.dmg ./flutter/build/macos/Build/Products/Release/RustDesk.app - codesign --force --options runtime -s ${{ secrets.MACOS_CODESIGN_IDENTITY }} --deep --strict rustdesk-${{ env.VERSION }}.dmg -vvv + codesign --force --options runtime -s "${MACOS_CODESIGN_IDENTITY}" --deep --strict rustdesk-${{ env.VERSION }}.dmg -vvv # notarize the rustdesk-${{ env.VERSION }}.dmg rcodesign notary-submit --api-key-path ${{ github.workspace }}/rustdesk.json --staple rustdesk-${{ env.VERSION }}.dmg + env: + MACOS_P12_PASSWORD: ${{ secrets.MACOS_P12_PASSWORD }} + MACOS_CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} - name: Rename rustdesk run: | for name in rustdesk*??.dmg; do @@ -222,7 +225,7 @@ jobs: done - name: Publish DMG package - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} @@ -290,13 +293,13 @@ jobs: wget - name: Install flutter - uses: subosito/flutter-action@v2 + uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@v1 + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: toolchain: ${{ env.RUST_VERSION }} components: "rustfmt" @@ -310,14 +313,14 @@ jobs: pushd flutter ; flutter pub get ; popd ~/.cargo/bin/flutter_rust_bridge_codegen --rust-input ./src/flutter_ffi.rs --dart-output ./flutter/lib/generated_bridge.dart - - uses: nttld/setup-ndk@v1 + - uses: nttld/setup-ndk@ed92fe6cadad69be94a966a7ee3271275e62f779 # v1 id: setup-ndk with: ndk-version: ${{ env.NDK_VERSION }} add-to-path: true - name: Setup vcpkg with Github Actions binary cache - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11 with: vcpkgDirectory: /opt/artifacts/vcpkg vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }} @@ -395,7 +398,7 @@ jobs: mkdir -p signed-apk; pushd signed-apk mv ../rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.apk ./rustdesk-test-${{ matrix.job.ref }}-${{ matrix.job.ndk }}.apk - - uses: r0adkll/sign-android-release@v1 + - uses: r0adkll/sign-android-release@349ebdef58775b1e0d8099458af0816dc79b6407 # v1 name: Sign app APK if: env.ANDROID_SIGNING_KEY != null id: sign-rustdesk @@ -410,7 +413,7 @@ jobs: BUILD_TOOLS_VERSION: "30.0.2" - name: Publish signed apk package - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: prerelease: true tag_name: ${{ env.TAG_NAME }} diff --git a/.github/workflows/third-party-RustDeskTempTopMostWindow.yml b/.github/workflows/third-party-RustDeskTempTopMostWindow.yml index 2f89092b7..af580cbfe 100644 --- a/.github/workflows/third-party-RustDeskTempTopMostWindow.yml +++ b/.github/workflows/third-party-RustDeskTempTopMostWindow.yml @@ -39,7 +39,7 @@ jobs: build_output_dir: RustDeskTempTopMostWindow/WindowInjection/${{ inputs.platform }}/${{ inputs.configuration }} steps: - name: Add MSBuild to PATH - uses: microsoft/setup-msbuild@v2 + uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2 - name: Download the source code run: |