diff --git a/.github/workflows/bignp256.yml b/.github/workflows/bignp256.yml index 3603134e3..5f6c49c6f 100644 --- a/.github/workflows/bignp256.yml +++ b/.github/workflows/bignp256.yml @@ -9,7 +9,7 @@ on: - "primeorder/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -25,12 +25,17 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: benches: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: 1.85.0 # MSRV - run: cargo build --all-features --benches @@ -46,8 +51,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -75,8 +82,10 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -110,11 +119,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - run: ${{ matrix.deps }} - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} - - uses: RustCrypto/actions/cross-install@master + - uses: RustCrypto/actions/cross-install@34200a43851c823e10b9a08a0d6cada5b4d7e8c8 # master - run: cross test --release --target ${{ matrix.target }} --all-features diff --git a/.github/workflows/bp256.yml b/.github/workflows/bp256.yml index 1980fcf29..5d52743fa 100644 --- a/.github/workflows/bp256.yml +++ b/.github/workflows/bp256.yml @@ -9,7 +9,7 @@ on: - "primeorder/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -25,12 +25,17 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: benches: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: 1.85.0 # MSRV - run: cargo build --all-features --benches @@ -46,8 +51,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -69,8 +76,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo check --all-features diff --git a/.github/workflows/bp384.yml b/.github/workflows/bp384.yml index 615e1e472..9c61cacb4 100644 --- a/.github/workflows/bp384.yml +++ b/.github/workflows/bp384.yml @@ -9,7 +9,7 @@ on: - "primeorder/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -25,12 +25,17 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: benches: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: 1.85.0 # MSRV - run: cargo build --all-features --benches @@ -46,8 +51,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -69,8 +76,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo check --all-features diff --git a/.github/workflows/ed448-goldilocks.yml b/.github/workflows/ed448-goldilocks.yml index 663c99c21..cf6f07d80 100644 --- a/.github/workflows/ed448-goldilocks.yml +++ b/.github/workflows/ed448-goldilocks.yml @@ -8,7 +8,7 @@ on: - "hash2curve/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -24,6 +24,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -36,8 +39,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -56,8 +61,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo build --all-features --benches @@ -82,12 +89,14 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} - - uses: RustCrypto/actions/cargo-hack-install@master + - uses: RustCrypto/actions/cargo-hack-install@34200a43851c823e10b9a08a0d6cada5b4d7e8c8 # master - run: ${{ matrix.deps }} - run: cargo test --target ${{ matrix.target }} --no-default-features - run: cargo hack test --feature-powerset --target ${{ matrix.target }} --exclude-features bits,std @@ -120,11 +129,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - run: ${{ matrix.deps }} - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} - - uses: RustCrypto/actions/cross-install@master + - uses: RustCrypto/actions/cross-install@34200a43851c823e10b9a08a0d6cada5b4d7e8c8 # master - run: cross test --release --target ${{ matrix.target }} --all-features diff --git a/.github/workflows/hash2curve.yml b/.github/workflows/hash2curve.yml index a5334e353..822082ec7 100644 --- a/.github/workflows/hash2curve.yml +++ b/.github/workflows/hash2curve.yml @@ -7,7 +7,7 @@ on: - "hash2curve/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -23,6 +23,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -35,8 +38,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -50,8 +55,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo test diff --git a/.github/workflows/k256.yml b/.github/workflows/k256.yml index d5d26dfab..26d18efb3 100644 --- a/.github/workflows/k256.yml +++ b/.github/workflows/k256.yml @@ -8,7 +8,7 @@ on: - "hash2curve/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -24,6 +24,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -33,8 +36,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: thumbv7em-none-eabi @@ -65,8 +70,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo build --all-features --benches @@ -91,8 +98,10 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -126,11 +135,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - run: ${{ matrix.deps }} - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} - - uses: RustCrypto/actions/cross-install@master + - uses: RustCrypto/actions/cross-install@34200a43851c823e10b9a08a0d6cada5b4d7e8c8 # master - run: cross test --release --target ${{ matrix.target }} --all-features diff --git a/.github/workflows/p192.yml b/.github/workflows/p192.yml index c750e97d5..3a9548187 100644 --- a/.github/workflows/p192.yml +++ b/.github/workflows/p192.yml @@ -9,7 +9,7 @@ on: - "primeorder/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -25,6 +25,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -37,8 +40,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -69,8 +74,10 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} diff --git a/.github/workflows/p224.yml b/.github/workflows/p224.yml index 8759dd71d..5a6581bad 100644 --- a/.github/workflows/p224.yml +++ b/.github/workflows/p224.yml @@ -9,7 +9,7 @@ on: - "primeorder/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -25,6 +25,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -37,8 +40,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -71,8 +76,10 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} diff --git a/.github/workflows/p256.yml b/.github/workflows/p256.yml index 984aff6cf..069e54fc5 100644 --- a/.github/workflows/p256.yml +++ b/.github/workflows/p256.yml @@ -8,7 +8,7 @@ on: - "hash2curve/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -24,6 +24,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -33,8 +36,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: thumbv7em-none-eabi @@ -62,8 +67,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo build --all-features --benches @@ -88,8 +95,10 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -124,11 +133,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - run: ${{ matrix.deps }} - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} - - uses: RustCrypto/actions/cross-install@master + - uses: RustCrypto/actions/cross-install@34200a43851c823e10b9a08a0d6cada5b4d7e8c8 # master - run: cross test --release --target ${{ matrix.target }} --all-features diff --git a/.github/workflows/p384.yml b/.github/workflows/p384.yml index 1e0edfcbb..3df4647df 100644 --- a/.github/workflows/p384.yml +++ b/.github/workflows/p384.yml @@ -10,7 +10,7 @@ on: - "primeorder/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -26,12 +26,17 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: benches: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: 1.85.0 # MSRV - run: cargo build --all-features --benches @@ -47,8 +52,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -85,8 +92,10 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -124,11 +133,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - run: ${{ matrix.deps }} - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} - - uses: RustCrypto/actions/cross-install@master + - uses: RustCrypto/actions/cross-install@34200a43851c823e10b9a08a0d6cada5b4d7e8c8 # master - run: cross test --release --target ${{ matrix.target }} --all-features diff --git a/.github/workflows/p521.yml b/.github/workflows/p521.yml index 6115b3213..85ebda10c 100644 --- a/.github/workflows/p521.yml +++ b/.github/workflows/p521.yml @@ -10,7 +10,7 @@ on: - "primeorder/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -26,6 +26,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -38,8 +41,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -53,8 +58,10 @@ jobs: rust: - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo build --all-features --benches @@ -79,8 +86,10 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} diff --git a/.github/workflows/primefield.yml b/.github/workflows/primefield.yml index 2c4c781fb..b6dba3a33 100644 --- a/.github/workflows/primefield.yml +++ b/.github/workflows/primefield.yml @@ -7,7 +7,7 @@ on: - "primefield/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -23,6 +23,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -35,8 +38,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -50,8 +55,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo test diff --git a/.github/workflows/primeorder.yml b/.github/workflows/primeorder.yml index b7f5fd185..8125659a7 100644 --- a/.github/workflows/primeorder.yml +++ b/.github/workflows/primeorder.yml @@ -7,7 +7,7 @@ on: - "primeorder/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -23,6 +23,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -35,8 +38,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -52,8 +57,10 @@ jobs: - 1.85.0 # MSRV - stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} - run: cargo check --all-features diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml index 349c69e3a..a299f506c 100644 --- a/.github/workflows/security-audit.yml +++ b/.github/workflows/security-audit.yml @@ -5,24 +5,29 @@ on: - .github/workflows/security-audit.yml - Cargo.lock push: - branches: master + branches: [master] paths: Cargo.lock schedule: - cron: "0 0 * * *" +permissions: + contents: read + jobs: security_audit: name: Security Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: stable - - uses: actions/cache@v5 + - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: ~/.cargo/bin key: ${{ runner.os }}-cargo-audit-v0.22.0 - - uses: rustsec/audit-check@v2 + - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/sm2.yml b/.github/workflows/sm2.yml index 51010f707..36a22136c 100644 --- a/.github/workflows/sm2.yml +++ b/.github/workflows/sm2.yml @@ -9,7 +9,7 @@ on: - "sm2/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -25,12 +25,17 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: benches: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: 1.85.0 # MSRV - run: cargo build --all-features --benches @@ -46,8 +51,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -77,8 +84,10 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml index f0554102e..e9a7a5b1d 100644 --- a/.github/workflows/workspace.yml +++ b/.github/workflows/workspace.yml @@ -5,7 +5,7 @@ on: paths-ignore: - README.md push: - branches: master + branches: [master] paths-ignore: - README.md @@ -18,12 +18,17 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: clippy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: 1.89 # pinned to prevent breakages when new stable versions are released components: clippy @@ -32,8 +37,10 @@ jobs: doc: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: stable - run: cargo doc --workspace --all-features --no-deps @@ -41,8 +48,10 @@ jobs: rustfmt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: stable components: rustfmt @@ -51,5 +60,7 @@ jobs: typos: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: crate-ci/typos@v1.44.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0 diff --git a/.github/workflows/x448.yml b/.github/workflows/x448.yml index 11ea64c94..f65fbb1c1 100644 --- a/.github/workflows/x448.yml +++ b/.github/workflows/x448.yml @@ -8,7 +8,7 @@ on: - "x448/**" - "Cargo.*" push: - branches: master + branches: [master] defaults: run: @@ -19,6 +19,9 @@ env: RUSTFLAGS: "-Dwarnings" RUSTDOCFLAGS: "-Dwarnings" +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -31,8 +34,10 @@ jobs: - thumbv7em-none-eabi - wasm32-unknown-unknown steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} @@ -58,12 +63,14 @@ jobs: rust: stable steps: - - uses: actions/checkout@v6 - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} - - uses: RustCrypto/actions/cargo-hack-install@master + - uses: RustCrypto/actions/cargo-hack-install@34200a43851c823e10b9a08a0d6cada5b4d7e8c8 # master - run: ${{ matrix.deps }} - run: cargo test --release --target ${{ matrix.target }} @@ -91,11 +98,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - run: ${{ matrix.deps }} - - uses: dtolnay/rust-toolchain@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master with: toolchain: ${{ matrix.rust }} targets: ${{ matrix.target }} - - uses: RustCrypto/actions/cross-install@master + - uses: RustCrypto/actions/cross-install@34200a43851c823e10b9a08a0d6cada5b4d7e8c8 # master - run: cross test --release --target ${{ matrix.target }}