From 0950bb48565a6a1f8f4b363e49afb1254ccb9439 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sat, 21 Feb 2026 12:38:10 -0800 Subject: [PATCH 01/30] [DOCUMENATION] Improved recv module documentation slightly This work resolves GHI #375 Changes in file multicast/recv.py: * Documented private variables with _w_ prefix in the recv module docstrings. --- multicast/recv.py | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/multicast/recv.py b/multicast/recv.py index d01f5b93..02a02d49 100644 --- a/multicast/recv.py +++ b/multicast/recv.py @@ -31,6 +31,50 @@ Classes: McastRECV: Main tool class for RECV operations. +Private Module Variables: + The following private variables contain warning messages used internally by the + multicast.recv module. These variables follow the naming pattern `_w_[a-z_]*` and + are strictly for internal use only. Developers MUST NOT access these variables + directly. While they may appear in diagnostic output or stack traces, they should + be treated as implementation details and ignored. + + Warning Messages: + _w_prefix (str): Private prefix for warning about unusual calls to `joinstep` + when no multicast groups are specified. Used as the primary message + component in warnings about empty group lists. + + _w_example_code (str): Private variable holding recommended code snippet for + proper socket binding. Used only as a component within `_w_advice` to + demonstrate correct API usage patterns. + + _w_advice (str): Private advice component for developers, combining + recommended practices with `_w_example_code`. Used as the guidance + portion of `_w_empty_join_warning` to help developers improve their code. + + _w_empty_join_warning (str): Private warning message issued when + `joinstep` is called without multicast groups and without specifying + a bind group. Combines `_w_prefix` and `_w_advice` to provide complete + developer guidance. Issued as SyntaxWarning to notify about unusual API usage. + + _w_unspec_bind (str): Private warning message issued when `joinstep` is + called with multicast groups but without an explicit bind_group parameter. + Warns about lazy calls and informs about default binding behavior. + Issued as ResourceWarning to alert about the specific anti-pattern. + + _w_non_multicast (str): Private warning message issued when the multicast + library is used for non-multicast networking scenarios. Advises developers + to use standard `socket.socket.bind()` directly instead of the multicast + library for non-multicast operations. Issued as SyntaxWarning. + + Note: + These warnings are issued from `joinstep` when called with no multicast + groups, to notify developers of unusual API usage. Typically, multicast + groups must be joined before the upstream network (routers or system + hardware) will properly deliver multicast packets. + + All warning messages are only emitted when `__debug__` is True (i.e., + when Python is not running with -O or -OO optimization flags). + Caution: See details regarding dynamic imports [documented](../__init__.py) in this module. Minimal Acceptance Testing: From 964352c9b72449d249a52420fcb30c907b80782d Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sat, 21 Feb 2026 16:09:34 -0800 Subject: [PATCH 02/30] [STYLE] Improvements as discussed in review (- WIP PR #529 -) * These changes relate to GHI #375 and the review for PR #529 Changes in file multicast/recv.py: * Reworded initial improvements from GHI #375 for accuracy. * Refactored related code slightly for style and code readability. --- multicast/recv.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/multicast/recv.py b/multicast/recv.py index 02a02d49..2adf2a65 100644 --- a/multicast/recv.py +++ b/multicast/recv.py @@ -40,7 +40,7 @@ Warning Messages: _w_prefix (str): Private prefix for warning about unusual calls to `joinstep` - when no multicast groups are specified. Used as the primary message + when ambiguous multicast groups are specified. Used as the primary message component in warnings about empty group lists. _w_example_code (str): Private variable holding recommended code snippet for @@ -51,23 +51,23 @@ recommended practices with `_w_example_code`. Used as the guidance portion of `_w_empty_join_warning` to help developers improve their code. - _w_empty_join_warning (str): Private warning message issued when + _w_empty_join_warning (str): Warning message issued when `joinstep` is called without multicast groups and without specifying a bind group. Combines `_w_prefix` and `_w_advice` to provide complete developer guidance. Issued as SyntaxWarning to notify about unusual API usage. - _w_unspec_bind (str): Private warning message issued when `joinstep` is + _w_unspec_bind (str): Warning message issued when `joinstep` is called with multicast groups but without an explicit bind_group parameter. Warns about lazy calls and informs about default binding behavior. Issued as ResourceWarning to alert about the specific anti-pattern. - _w_non_multicast (str): Private warning message issued when the multicast + _w_non_multicast (str): Warning message issued when the multicast library is used for non-multicast networking scenarios. Advises developers to use standard `socket.socket.bind()` directly instead of the multicast library for non-multicast operations. Issued as SyntaxWarning. Note: - These warnings are issued from `joinstep` when called with no multicast + These warnings are issued from `joinstep` when called without clear multicast groups, to notify developers of unusual API usage. Typically, multicast groups must be joined before the upstream network (routers or system hardware) will properly deliver multicast packets. @@ -249,7 +249,7 @@ raise baton from _cause -module_logger = logging.getLogger(__name__) +module_logger: logging.Logger = logging.getLogger(__name__) module_logger.debug( "Loading %s", # lazy formatting to avoid PYL-W1203 __name__, @@ -287,7 +287,10 @@ ]) -_w_non_multicast = f"{_w_prefix}\nJust use socket.Socket.bind(...) for non-multicast networking." +_w_non_multicast: str = "\n".join([ + _w_prefix, + "Just use socket.Socket.bind(...) for non-multicast networking.", +]) def _validate_join_args(groups=None, port=None, iface=None, bind_group=None, isock=None) -> tuple: From e5918a6207629943adc0ae9816706492312d62c5 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sat, 21 Feb 2026 17:02:21 -0800 Subject: [PATCH 03/30] [DOCUMENTATION] Minor fixes to documentation from review (- WIP PR #529 -) * These changes are related to GHI #375 and review of PR #529 Changes in file multicast/recv.py: * corrected case and format of some warnings and related docstrings --- multicast/recv.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/multicast/recv.py b/multicast/recv.py index 2adf2a65..97aab2fd 100644 --- a/multicast/recv.py +++ b/multicast/recv.py @@ -40,7 +40,7 @@ Warning Messages: _w_prefix (str): Private prefix for warning about unusual calls to `joinstep` - when ambiguous multicast groups are specified. Used as the primary message + (e.g., when no multicast groups are specified). Used as the primary message component in warnings about empty group lists. _w_example_code (str): Private variable holding recommended code snippet for @@ -289,7 +289,7 @@ _w_non_multicast: str = "\n".join([ _w_prefix, - "Just use socket.Socket.bind(...) for non-multicast networking.", + "Just use socket.socket.bind(...) for non-multicast networking.", ]) From 10a484ff3c78fcad001364b1bd895834cc01c123 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sun, 22 Feb 2026 19:03:05 -0800 Subject: [PATCH 04/30] [DOCUMENTATION] Reworded for technical accuracy. * these changes are part of the review of PR #529 Changes in file multicast/recv.py: * minore rewording for technical accuracy. --- multicast/recv.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/multicast/recv.py b/multicast/recv.py index 97aab2fd..17809e3a 100644 --- a/multicast/recv.py +++ b/multicast/recv.py @@ -57,9 +57,10 @@ developer guidance. Issued as SyntaxWarning to notify about unusual API usage. _w_unspec_bind (str): Warning message issued when `joinstep` is - called with multicast groups but without an explicit bind_group parameter. - Warns about lazy calls and informs about default binding behavior. - Issued as ResourceWarning to alert about the specific anti-pattern. + called with a non-default multicast group but without an explicit + bind_group parameter. Warns about lazy calls and informs about + default binding behavior. Issued as ResourceWarning to alert + about the specific anti-pattern. _w_non_multicast (str): Warning message issued when the multicast library is used for non-multicast networking scenarios. Advises developers From 05e975a49441b6b5a2104fba31a3112344f24df4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Mar 2026 01:37:57 +0000 Subject: [PATCH 05/30] [UPDATE] (deps): Bump actions/setup-go in /.github/workflows Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5...4b73464bb391d4059bd26b0524d20df3927bd417) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/makefile-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/makefile-lint.yml b/.github/workflows/makefile-lint.yml index 8eca13ec..ccc169bb 100644 --- a/.github/workflows/makefile-lint.yml +++ b/.github/workflows/makefile-lint.yml @@ -51,7 +51,7 @@ jobs: yamllint --version || { print_error "Yamllint installation failed." 40 41 ; exit 126; } pandoc --version || { print_error "Pandoc installation failed." 40 41 ; exit 126; } - name: Force Setup newer go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: 1.25 check-latest: true From f9bce3e529f4a61575786d972849f1aacf0c6c50 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Mar 2026 01:38:03 +0000 Subject: [PATCH 06/30] [UPDATE] (deps): Bump reactive-firewall/shellcheck-scan Bumps [reactive-firewall/shellcheck-scan](https://github.com/reactive-firewall/shellcheck-scan) from 1.2 to 2.2. - [Release notes](https://github.com/reactive-firewall/shellcheck-scan/releases) - [Commits](https://github.com/reactive-firewall/shellcheck-scan/compare/ececa8940e6bfbf5bf1426dd9292b9b25367c14a...50ac9fbbffe3dcce0e5479a274875d7514e59c73) --- updated-dependencies: - dependency-name: reactive-firewall/shellcheck-scan dependency-version: '2.2' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/shellcheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 7699ed63..b189eeb4 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -23,7 +23,7 @@ jobs: with: persist-credentials: false - name: Shellcheck Scan - uses: reactive-firewall/shellcheck-scan@ececa8940e6bfbf5bf1426dd9292b9b25367c14a # v0 + uses: reactive-firewall/shellcheck-scan@50ac9fbbffe3dcce0e5479a274875d7514e59c73 # v0 with: # optional arguments match: 'tests/check_* **/*.sh' publish-artifacts: true From 71e7167055cf5288c3a809a6025745480582187f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Mar 2026 01:38:49 +0000 Subject: [PATCH 07/30] [UPDATE] (deps): Bump github/codeql-action in /.github/workflows Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.3 to 4.32.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9e907b5e64f6b83e7804b09294d44122997950d6...c793b717bc78562f491db7b0e93a3a178b099162) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 22f0c18e..beffdc4a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -61,7 +61,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/autobuild@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -75,4 +75,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/analyze@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8c1071dd..5a9da0f5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,6 +57,6 @@ jobs: retention-days: 5 # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 with: sarif_file: results.sarif From ae859671873a459150ba44b78dd4cdcad60ddf06 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Tue, 3 Mar 2026 11:26:16 -0800 Subject: [PATCH 08/30] Update .github/workflows/shellcheck.yml [STYLE] Also update shellcheck-scan version comment (-WIP PR #535 -) Signed-off-by: Mr. Walls --- .github/workflows/shellcheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index b189eeb4..0a660bbf 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -23,7 +23,7 @@ jobs: with: persist-credentials: false - name: Shellcheck Scan - uses: reactive-firewall/shellcheck-scan@50ac9fbbffe3dcce0e5479a274875d7514e59c73 # v0 + uses: reactive-firewall/shellcheck-scan@50ac9fbbffe3dcce0e5479a274875d7514e59c73 # v2 with: # optional arguments match: 'tests/check_* **/*.sh' publish-artifacts: true From 9d1cdc6ec38e4b95304c52c24a5396925f2fc410 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 21:17:59 +0000 Subject: [PATCH 09/30] [UPDATE] (deps): Bump actions/upload-artifact in /.github/workflows Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/CI-BUILD.yml | 6 +++--- .github/workflows/CI-CHGLOG.yml | 6 +++--- .github/workflows/CI-DOCS.yml | 6 +++--- .github/workflows/CI-MATs.yml | 4 ++-- .github/workflows/Tests.yml | 14 +++++++------- .github/workflows/scorecard.yml | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/CI-BUILD.yml b/.github/workflows/CI-BUILD.yml index 1de30d16..84c63af6 100644 --- a/.github/workflows/CI-BUILD.yml +++ b/.github/workflows/CI-BUILD.yml @@ -123,7 +123,7 @@ jobs: - name: Upload build artifact id: upload if: ${{ !cancelled() && (steps.buildfiles.outputs.files != '') && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: dist name: multicast-build-${{ github.sha }} @@ -346,7 +346,7 @@ jobs: - name: Upload build summary id: upload-build-info if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: "BUILD-info.txt" name: multicast-info-${{ github.sha }} @@ -393,7 +393,7 @@ jobs: - name: Upload build summary id: upload-build-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ./Build-Summary-Artifact.txt name: BUILD-COMMENT-BODY-${{ github.sha }} diff --git a/.github/workflows/CI-CHGLOG.yml b/.github/workflows/CI-CHGLOG.yml index e31351ea..90bca43a 100644 --- a/.github/workflows/CI-CHGLOG.yml +++ b/.github/workflows/CI-CHGLOG.yml @@ -189,7 +189,7 @@ jobs: - name: Upload CHANGELOG artifact id: upload if: ${{ success() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: CHANGELOG.md name: 'multicast-chglog-${{ needs.check_build.outputs.sha }}' @@ -259,7 +259,7 @@ jobs: - name: "Upload chglog summary" id: upload-chglog-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ./chglog-Summary-Artifact.txt name: chglog-COMMENT-BODY-${{ needs.check_build.outputs.sha }} @@ -339,7 +339,7 @@ jobs: - name: Upload build summary id: upload-build-info if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: "chglog-info.txt" name: multicast-chglog-info-${{ needs.check_build.outputs.sha }} diff --git a/.github/workflows/CI-DOCS.yml b/.github/workflows/CI-DOCS.yml index b332d5dd..e8af7cdc 100644 --- a/.github/workflows/CI-DOCS.yml +++ b/.github/workflows/CI-DOCS.yml @@ -182,7 +182,7 @@ jobs: fi - name: Upload Docs Artifact with Python ${{ matrix.python-version }} on ${{ matrix.os }} id: upload-documentation - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Multicast-Documentation-${{ needs.check_mats.outputs.build_sha }}-${{ matrix.os }}-${{ matrix.python-version }} path: ./Multicast-Documentation @@ -238,7 +238,7 @@ jobs: - name: "Upload DOCs summary" id: upload-docs-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ./DOCUMENTATION-Summary-Artifact.txt name: DOCUMENTATION-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} @@ -249,7 +249,7 @@ jobs: - name: "Upload DOCs Bundle" id: upload-docs-bundle if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: Multicast-Documentation name: Multicast-Documentation-${{ needs.check_mats.outputs.build_sha }}-ALL diff --git a/.github/workflows/CI-MATs.yml b/.github/workflows/CI-MATs.yml index 584ce363..9564db66 100644 --- a/.github/workflows/CI-MATs.yml +++ b/.github/workflows/CI-MATs.yml @@ -291,7 +291,7 @@ jobs: - name: "Upload MATs summary" id: upload-mats-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ./MATs-Summary-Artifact.txt name: MATS-COMMENT-BODY-${{ needs.check_build.outputs.sha }} @@ -371,7 +371,7 @@ jobs: - name: Upload build summary id: upload-build-info if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: "multicast-info.txt" name: multicast-info-${{ needs.check_build.outputs.sha }} diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 63972f0b..f627a88f 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -397,7 +397,7 @@ jobs: - name: "Upload Coverage Summary" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: COVERAGE name: ${{ steps.output_coverage_step_summary.outputs.coverage-artifact-name }} @@ -499,7 +499,7 @@ jobs: fail_ci_if_error: false - name: Upload Python ${{ matrix.python-version }} Artifact id: doctests-reports-upload - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: DocTest-Report-${{ matrix.os }}-${{ matrix.python-version }} path: ./test-reports/ @@ -631,7 +631,7 @@ jobs: - name: "Upload Doctests Summary" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: COVERAGE name: ${{ steps.output_doctests_step_summary.outputs.doctests-artifact-name }} @@ -691,7 +691,7 @@ jobs: - name: "Upload COVERAGE summary" id: upload-coverage-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ./COVERAGE-Summary-Artifact.txt name: COVERAGE-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} @@ -949,7 +949,7 @@ jobs: fail_ci_if_error: false - name: Upload Extra Python ${{ matrix.python-version }} Artifact id: integration-reports-upload - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Integration-Test-Report-${{ matrix.os }}-${{ matrix.python-version }} path: ./test-reports/ @@ -1200,7 +1200,7 @@ jobs: - name: "Upload integration Summary" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: EXTRAS name: ${{ steps.output_integration_step_summary.outputs.integration-artifact-name }} @@ -1281,7 +1281,7 @@ jobs: - name: "Upload INTEGRATION summary" id: upload-integration-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ./Integration-Summary-Artifact.txt name: INTEGRATION-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8c1071dd..97ab9577 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -50,7 +50,7 @@ jobs: # uploads of run results in SARIF format to the repository Actions tab. # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts - name: "Upload artifact" - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: SARIF file path: results.sarif From 97d5ccd8c10e7e20c405523fc033b6b92db87aa7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 21:18:47 +0000 Subject: [PATCH 10/30] [UPDATE] (deps): Bump actions/download-artifact in /.github/workflows Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/CI-BUILD.yml | 6 +++--- .github/workflows/CI-CHGLOG.yml | 6 +++--- .github/workflows/CI-DOCS.yml | 6 +++--- .github/workflows/CI-MATs.yml | 6 +++--- .github/workflows/Tests.yml | 10 +++++----- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/CI-BUILD.yml b/.github/workflows/CI-BUILD.yml index 1de30d16..adb55bed 100644 --- a/.github/workflows/CI-BUILD.yml +++ b/.github/workflows/CI-BUILD.yml @@ -255,7 +255,7 @@ jobs: build-artifact-attestation-id: ${{ steps.multicast-build-attest.outputs.attestation-id }} steps: - name: Download All Artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: ${{ github.workspace }}/dist pattern: multicast-build-${{ github.sha }} @@ -338,7 +338,7 @@ jobs: printf "%s\n" "build_id=${{ github.run_id }}" >> "$GITHUB_OUTPUT" cat <"$GITHUB_OUTPUT" >> "BUILD-info.txt" - name: Download All Artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: ${{ github.workspace }}/dist pattern: multicast-build-${{ github.sha }} @@ -414,7 +414,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-build-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: BUILD-COMMENT-BODY-${{ github.sha }} github-token: ${{ github.token }} diff --git a/.github/workflows/CI-CHGLOG.yml b/.github/workflows/CI-CHGLOG.yml index e31351ea..af57ebc4 100644 --- a/.github/workflows/CI-CHGLOG.yml +++ b/.github/workflows/CI-CHGLOG.yml @@ -75,7 +75,7 @@ jobs: fi - name: "Fetch Build Info" if: ${{ (steps.check.outputs.should_run == 'true') && success() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: "BUILD-info.txt" pattern: multicast-info-* @@ -214,7 +214,7 @@ jobs: steps: - name: Download ChangeLog Artifact id: download - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: '${{ runner.temp }}/' artifact-ids: ${{ needs.CHGLOG.outputs.artifact-id }} @@ -359,7 +359,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-chglog-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: chglog-COMMENT-BODY-${{ needs.check_build.outputs.sha }} github-token: ${{ github.token }} diff --git a/.github/workflows/CI-DOCS.yml b/.github/workflows/CI-DOCS.yml index b332d5dd..f4116055 100644 --- a/.github/workflows/CI-DOCS.yml +++ b/.github/workflows/CI-DOCS.yml @@ -71,7 +71,7 @@ jobs: fi - name: "Fetch MATs Info" if: ${{ (github.repository == 'reactive-firewall-org/multicast') && success() }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: "multicast-info.txt" pattern: multicast-info-* @@ -210,7 +210,7 @@ jobs: if: ${{ !cancelled() && (needs.check_mats.outputs.should_run == 'true') && (needs.DOCS.outputs.docs_outcome != 'cancelled') }} steps: - name: Download All Artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: ${{ github.workspace }}/Multicast-Documentation pattern: Multicast-Documentation-${{ needs.check_mats.outputs.build_sha }}-*-* @@ -290,7 +290,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-documentation-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: DOCUMENTATION-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} github-token: ${{ github.token }} diff --git a/.github/workflows/CI-MATs.yml b/.github/workflows/CI-MATs.yml index 584ce363..113fef27 100644 --- a/.github/workflows/CI-MATs.yml +++ b/.github/workflows/CI-MATs.yml @@ -79,7 +79,7 @@ jobs: fi - name: "Fetch Build Info" if: ${{ (github.repository == 'reactive-firewall-org/multicast') && (steps.check.outputs.should_run == 'true') && success() }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: "BUILD-info.txt" pattern: multicast-info-* @@ -217,7 +217,7 @@ jobs: build_sha: ${{ needs.check_build.outputs.sha }} steps: - name: Download All Artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: ${{ github.workspace }}/MATS pattern: multicast-mats-${{ needs.check_build.outputs.sha }}-part-* @@ -391,7 +391,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-mats-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: MATS-COMMENT-BODY-${{ needs.check_build.outputs.sha }} github-token: ${{ github.token }} diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 63972f0b..447fef0b 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -96,7 +96,7 @@ jobs: fi - name: "Fetch MATs Info" if: ${{ (steps.check.outputs.should_run == 'true') && (github.repository == 'reactive-firewall-org/multicast') && success() }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: "multicast-info.txt" pattern: multicast-info-* @@ -652,7 +652,7 @@ jobs: if: ${{ !cancelled() && (needs.check_mats.outputs.should_run == 'true') && (needs.COVERAGE.outputs.coverage_outcome != 'cancelled') }} steps: - name: Download All Artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: ${{ github.workspace }}/COVERAGE pattern: multicast-coverage-${{ needs.check_mats.outputs.build_sha }}-part-* @@ -717,7 +717,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-coverage-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: COVERAGE-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} github-token: ${{ github.token }} @@ -1226,7 +1226,7 @@ jobs: if: ${{ !cancelled() && (needs.check_mats.outputs.should_run == 'true') && (needs.INTEGRATION.outputs.integration_outcome != 'cancelled') }} steps: - name: Download All Artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: ${{ github.workspace }}/EXTRAS pattern: multicast-integration-${{ needs.check_mats.outputs.build_sha }}-part-* @@ -1322,7 +1322,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-integration-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: INTEGRATION-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} github-token: ${{ github.token }} From 1f213d484bc10404af6227e36b22fe40d6784274 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Wed, 4 Mar 2026 14:59:39 -0800 Subject: [PATCH 11/30] [UPDATE] Add missing actions/upload-artifact updates to v7.0.0 (- WIP PR #536 -) Changes in file .github/actions/run-minimal-acceptance-tests/action.yml: * bump actions/upload-artifact to v7.0.0 Changes in file .github/actions/setup-py-reqs/action.yml: * bump actions/upload-artifact to v7.0.0 Changes in file .github/actions/test-reporter-upload/action.yml: * bump actions/upload-artifact to v7.0.0 Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] --- .github/actions/run-minimal-acceptance-tests/action.yml | 2 +- .github/actions/setup-py-reqs/action.yml | 2 +- .github/actions/test-reporter-upload/action.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/run-minimal-acceptance-tests/action.yml b/.github/actions/run-minimal-acceptance-tests/action.yml index 2adae05c..fdcb3cb2 100644 --- a/.github/actions/run-minimal-acceptance-tests/action.yml +++ b/.github/actions/run-minimal-acceptance-tests/action.yml @@ -353,7 +353,7 @@ runs: - name: "Upload Details" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: MATS name: ${{ steps.output_artifact_name.outputs.artifact-name }} diff --git a/.github/actions/setup-py-reqs/action.yml b/.github/actions/setup-py-reqs/action.yml index 80491aeb..c751d1b7 100644 --- a/.github/actions/setup-py-reqs/action.yml +++ b/.github/actions/setup-py-reqs/action.yml @@ -282,7 +282,7 @@ runs: - name: "Upload Details" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: DEPS name: ${{ steps.output_artifact_name.outputs.artifact-name }} diff --git a/.github/actions/test-reporter-upload/action.yml b/.github/actions/test-reporter-upload/action.yml index 16532a91..b5418bc6 100644 --- a/.github/actions/test-reporter-upload/action.yml +++ b/.github/actions/test-reporter-upload/action.yml @@ -321,7 +321,7 @@ runs: - name: Upload ${{ steps.output_os.outputs.os }} Python ${{ steps.output_python.outputs.python-version }} Artifact id: coverage-reports-upload if: ${{ !cancelled() && (steps.output_can_upload.outputs.can_upload == 'true') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Test-Report-${{ steps.output_os.outputs.os }}-${{ steps.output_python.outputs.python-version }}-${{ steps.output_sha.outputs.sha }} path: ./test-reports/ From 20b0e98a23de15d5210515a450614ec14ac641b3 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Wed, 4 Mar 2026 15:11:20 -0800 Subject: [PATCH 12/30] [UPDATE] Add missing actions/download-artifact updates Changes in file .github/actions/checkout-and-rebuild/action.yml: * version bump actions/download-artifact to v8.0.0 Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] --- .github/actions/checkout-and-rebuild/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/checkout-and-rebuild/action.yml b/.github/actions/checkout-and-rebuild/action.yml index 574d1c72..49124df9 100644 --- a/.github/actions/checkout-and-rebuild/action.yml +++ b/.github/actions/checkout-and-rebuild/action.yml @@ -127,7 +127,7 @@ runs: - id: fetch_artifact_files name: "Fetch Build Files" if: ${{ (github.repository == 'reactive-firewall-org/multicast') && success() }} - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: path: ${{ inputs.path }}/dist pattern: multicast-build-${{ steps.output_sha.outputs.sha }} From 54fe2d363a0f4c405b35e6fc0e1df4470857c169 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Wed, 4 Mar 2026 15:13:10 -0800 Subject: [PATCH 13/30] [SECURITY] Configure per-run ID tagged download actions to error on digest mismatch (- WIP PR #537 -) Changes in file .github/actions/checkout-and-rebuild/action.yml: * configure to error on digest mismatch Changes in file .github/workflows/CI-CHGLOG.yml: * configure to error on digest mismatch Changes in file .github/workflows/CI-DOCS.yml: * configure to error on digest mismatch Changes in file .github/workflows/CI-MATs.yml: * configure to error on digest mismatch Changes in file .github/workflows/Tests.yml: * configure to error on digest mismatch --- .github/actions/checkout-and-rebuild/action.yml | 1 + .github/workflows/CI-CHGLOG.yml | 1 + .github/workflows/CI-DOCS.yml | 1 + .github/workflows/CI-MATs.yml | 1 + .github/workflows/Tests.yml | 1 + 5 files changed, 5 insertions(+) diff --git a/.github/actions/checkout-and-rebuild/action.yml b/.github/actions/checkout-and-rebuild/action.yml index 49124df9..5e041e5b 100644 --- a/.github/actions/checkout-and-rebuild/action.yml +++ b/.github/actions/checkout-and-rebuild/action.yml @@ -135,6 +135,7 @@ runs: repository: reactive-firewall-org/multicast github-token: ${{ inputs.token }} run-id: ${{ inputs.build-run-id }} + digest-mismatch: error - name: "Enumerate Fetched Files" id: output_artifact_files if: ${{ (github.repository == 'reactive-firewall-org/multicast') && success() }} diff --git a/.github/workflows/CI-CHGLOG.yml b/.github/workflows/CI-CHGLOG.yml index af57ebc4..6b2a2806 100644 --- a/.github/workflows/CI-CHGLOG.yml +++ b/.github/workflows/CI-CHGLOG.yml @@ -83,6 +83,7 @@ jobs: merge-multiple: true github-token: ${{ env.GH_TOKEN }} run-id: ${{ steps.get_trigger_id.outputs.trigger_id }} + digest-mismatch: error - name: "move into place" if: ${{ (steps.check.outputs.should_run == 'true') && success() && (github.repository == 'reactive-firewall-org/multicast') }} id: load_build_info diff --git a/.github/workflows/CI-DOCS.yml b/.github/workflows/CI-DOCS.yml index f4116055..51a8a13f 100644 --- a/.github/workflows/CI-DOCS.yml +++ b/.github/workflows/CI-DOCS.yml @@ -79,6 +79,7 @@ jobs: merge-multiple: true github-token: ${{ env.GH_TOKEN }} run-id: ${{ steps.get_trigger_id.outputs.trigger_id }} + digest-mismatch: error - name: "move into place" id: load_build_info if: ${{ (github.repository == 'reactive-firewall-org/multicast') && success() }} diff --git a/.github/workflows/CI-MATs.yml b/.github/workflows/CI-MATs.yml index 113fef27..b407f854 100644 --- a/.github/workflows/CI-MATs.yml +++ b/.github/workflows/CI-MATs.yml @@ -87,6 +87,7 @@ jobs: merge-multiple: true github-token: ${{ env.GH_TOKEN }} run-id: ${{ steps.get_trigger_id.outputs.trigger_id }} + digest-mismatch: error - name: "move into place" id: load_build_info if: ${{ (github.repository == 'reactive-firewall-org/multicast') && (steps.check.outputs.should_run == 'true') && success() }} diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 447fef0b..f655d063 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -104,6 +104,7 @@ jobs: merge-multiple: true github-token: ${{ env.GH_TOKEN }} run-id: ${{ steps.get_trigger_id.outputs.trigger_id }} + digest-mismatch: error - name: "move into place" id: load_build_info if: ${{ (steps.check.outputs.should_run == 'true') && (github.repository == 'reactive-firewall-org/multicast') && success() }} From f589c80b03129dca92fc0596f1e5ce6b1e1d222b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2026 01:13:29 +0000 Subject: [PATCH 14/30] [UPDATE] (deps): Bump actions/attest-build-provenance Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3.2.0 to 4.1.0. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/96278af6caaf10aea03fd8d33a09a777ca52d62f...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/CI-BUILD.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/CI-BUILD.yml b/.github/workflows/CI-BUILD.yml index 7b955e7f..d3791ee6 100644 --- a/.github/workflows/CI-BUILD.yml +++ b/.github/workflows/CI-BUILD.yml @@ -266,14 +266,14 @@ jobs: - name: "Attest Build Checksums" id: multicast-build-chksum-attest if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') && (needs.BUILD.outputs.build_environment == 'Deployment' && startsWith(github.ref, 'refs/tags/v')) }} - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-checksums: build.checksums.txt github-token: ${{ github.token }} - name: "Attest Build Artifact" id: multicast-build-attest if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-name: multicast-build-${{ github.sha }} subject-digest: sha256:${{ needs.BUILD.outputs.artifact-digest }} From 512b3989c569436aa15a2e870b98be712b490706 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2026 01:13:36 +0000 Subject: [PATCH 15/30] [UPDATE] (deps): Bump reactive-firewall/shellcheck-scan Bumps [reactive-firewall/shellcheck-scan](https://github.com/reactive-firewall/shellcheck-scan) from 2.2 to 2.3. - [Release notes](https://github.com/reactive-firewall/shellcheck-scan/releases) - [Commits](https://github.com/reactive-firewall/shellcheck-scan/compare/50ac9fbbffe3dcce0e5479a274875d7514e59c73...9e323955cc8c1eb727a1ee0a50a9aca29f81d8c9) --- updated-dependencies: - dependency-name: reactive-firewall/shellcheck-scan dependency-version: '2.3' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/shellcheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 0a660bbf..17b1bc46 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -23,7 +23,7 @@ jobs: with: persist-credentials: false - name: Shellcheck Scan - uses: reactive-firewall/shellcheck-scan@50ac9fbbffe3dcce0e5479a274875d7514e59c73 # v2 + uses: reactive-firewall/shellcheck-scan@9e323955cc8c1eb727a1ee0a50a9aca29f81d8c9 # v2 with: # optional arguments match: 'tests/check_* **/*.sh' publish-artifacts: true From 29b14dab69becf3818318da6515c8607d9ae6699 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2026 01:13:55 +0000 Subject: [PATCH 16/30] [UPDATE] (deps): Bump github/codeql-action in /.github/workflows Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.5 to 4.32.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...0d579ffd059c29b07949a3cce3983f0780820c98) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index beffdc4a..97cef5c6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 + uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -61,7 +61,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 + uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -75,4 +75,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 + uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d3256271..cd295194 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,6 +57,6 @@ jobs: retention-days: 5 # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: results.sarif From ced586cd34899b970f57cae6474b41ab976454cc Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Wed, 11 Mar 2026 20:20:44 -0700 Subject: [PATCH 17/30] [UPDATE] Refactor to use pure attest instead of wrapper. Changes in file .github/workflows/CI-BUILD.yml: * use actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 - 4.1.0 instead of wrapper --- .github/workflows/CI-BUILD.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/CI-BUILD.yml b/.github/workflows/CI-BUILD.yml index d3791ee6..da58f200 100644 --- a/.github/workflows/CI-BUILD.yml +++ b/.github/workflows/CI-BUILD.yml @@ -246,6 +246,7 @@ jobs: id-token: write contents: read attestations: write + artifact-metadata: write needs: [BUILD] runs-on: ubuntu-latest environment: ${{ needs.BUILD.outputs.build_environment }} @@ -266,14 +267,14 @@ jobs: - name: "Attest Build Checksums" id: multicast-build-chksum-attest if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') && (needs.BUILD.outputs.build_environment == 'Deployment' && startsWith(github.ref, 'refs/tags/v')) }} - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 with: subject-checksums: build.checksums.txt github-token: ${{ github.token }} - name: "Attest Build Artifact" id: multicast-build-attest if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 with: subject-name: multicast-build-${{ github.sha }} subject-digest: sha256:${{ needs.BUILD.outputs.artifact-digest }} From 269b26aa63baa12b9c0ef38c61577cd4ffe9819e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 01:13:14 +0000 Subject: [PATCH 18/30] [UPDATE] (deps): Bump actions/download-artifact in /.github/workflows Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 8.0.0 to 8.0.1. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/CI-BUILD.yml | 6 +++--- .github/workflows/CI-CHGLOG.yml | 6 +++--- .github/workflows/CI-DOCS.yml | 6 +++--- .github/workflows/CI-MATs.yml | 6 +++--- .github/workflows/Tests.yml | 10 +++++----- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/CI-BUILD.yml b/.github/workflows/CI-BUILD.yml index da58f200..f7f73fde 100644 --- a/.github/workflows/CI-BUILD.yml +++ b/.github/workflows/CI-BUILD.yml @@ -256,7 +256,7 @@ jobs: build-artifact-attestation-id: ${{ steps.multicast-build-attest.outputs.attestation-id }} steps: - name: Download All Artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ github.workspace }}/dist pattern: multicast-build-${{ github.sha }} @@ -339,7 +339,7 @@ jobs: printf "%s\n" "build_id=${{ github.run_id }}" >> "$GITHUB_OUTPUT" cat <"$GITHUB_OUTPUT" >> "BUILD-info.txt" - name: Download All Artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ github.workspace }}/dist pattern: multicast-build-${{ github.sha }} @@ -415,7 +415,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-build-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: BUILD-COMMENT-BODY-${{ github.sha }} github-token: ${{ github.token }} diff --git a/.github/workflows/CI-CHGLOG.yml b/.github/workflows/CI-CHGLOG.yml index 3680b564..fe9acd71 100644 --- a/.github/workflows/CI-CHGLOG.yml +++ b/.github/workflows/CI-CHGLOG.yml @@ -75,7 +75,7 @@ jobs: fi - name: "Fetch Build Info" if: ${{ (steps.check.outputs.should_run == 'true') && success() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: "BUILD-info.txt" pattern: multicast-info-* @@ -215,7 +215,7 @@ jobs: steps: - name: Download ChangeLog Artifact id: download - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: '${{ runner.temp }}/' artifact-ids: ${{ needs.CHGLOG.outputs.artifact-id }} @@ -360,7 +360,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-chglog-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: chglog-COMMENT-BODY-${{ needs.check_build.outputs.sha }} github-token: ${{ github.token }} diff --git a/.github/workflows/CI-DOCS.yml b/.github/workflows/CI-DOCS.yml index 3b47862a..062bc956 100644 --- a/.github/workflows/CI-DOCS.yml +++ b/.github/workflows/CI-DOCS.yml @@ -71,7 +71,7 @@ jobs: fi - name: "Fetch MATs Info" if: ${{ (github.repository == 'reactive-firewall-org/multicast') && success() }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: "multicast-info.txt" pattern: multicast-info-* @@ -211,7 +211,7 @@ jobs: if: ${{ !cancelled() && (needs.check_mats.outputs.should_run == 'true') && (needs.DOCS.outputs.docs_outcome != 'cancelled') }} steps: - name: Download All Artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ github.workspace }}/Multicast-Documentation pattern: Multicast-Documentation-${{ needs.check_mats.outputs.build_sha }}-*-* @@ -291,7 +291,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-documentation-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: DOCUMENTATION-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} github-token: ${{ github.token }} diff --git a/.github/workflows/CI-MATs.yml b/.github/workflows/CI-MATs.yml index af40e55e..ad1d24d2 100644 --- a/.github/workflows/CI-MATs.yml +++ b/.github/workflows/CI-MATs.yml @@ -79,7 +79,7 @@ jobs: fi - name: "Fetch Build Info" if: ${{ (github.repository == 'reactive-firewall-org/multicast') && (steps.check.outputs.should_run == 'true') && success() }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: "BUILD-info.txt" pattern: multicast-info-* @@ -218,7 +218,7 @@ jobs: build_sha: ${{ needs.check_build.outputs.sha }} steps: - name: Download All Artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ github.workspace }}/MATS pattern: multicast-mats-${{ needs.check_build.outputs.sha }}-part-* @@ -392,7 +392,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-mats-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: MATS-COMMENT-BODY-${{ needs.check_build.outputs.sha }} github-token: ${{ github.token }} diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 944106b2..e25e9d8d 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -96,7 +96,7 @@ jobs: fi - name: "Fetch MATs Info" if: ${{ (steps.check.outputs.should_run == 'true') && (github.repository == 'reactive-firewall-org/multicast') && success() }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: "multicast-info.txt" pattern: multicast-info-* @@ -653,7 +653,7 @@ jobs: if: ${{ !cancelled() && (needs.check_mats.outputs.should_run == 'true') && (needs.COVERAGE.outputs.coverage_outcome != 'cancelled') }} steps: - name: Download All Artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ github.workspace }}/COVERAGE pattern: multicast-coverage-${{ needs.check_mats.outputs.build_sha }}-part-* @@ -718,7 +718,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-coverage-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: COVERAGE-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} github-token: ${{ github.token }} @@ -1227,7 +1227,7 @@ jobs: if: ${{ !cancelled() && (needs.check_mats.outputs.should_run == 'true') && (needs.INTEGRATION.outputs.integration_outcome != 'cancelled') }} steps: - name: Download All Artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ github.workspace }}/EXTRAS pattern: multicast-integration-${{ needs.check_mats.outputs.build_sha }}-part-* @@ -1323,7 +1323,7 @@ jobs: - name: "Download Status Summary Artifact" id: download-integration-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: INTEGRATION-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} github-token: ${{ github.token }} From ee9babcfb6fa6d0108f19900d05f7526b9bf9274 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Mar 2026 01:13:40 +0000 Subject: [PATCH 19/30] [UPDATE] (deps): Bump actions/cache in /.github/workflows Bumps [actions/cache](https://github.com/actions/cache) from 5.0.3 to 5.0.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/CI-BUILD.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI-BUILD.yml b/.github/workflows/CI-BUILD.yml index da58f200..5d79c51a 100644 --- a/.github/workflows/CI-BUILD.yml +++ b/.github/workflows/CI-BUILD.yml @@ -70,7 +70,7 @@ jobs: printf "python-version=%s\n" "${{ steps.build-python.outputs.python-version }}" >> "$GITHUB_OUTPUT" printf "PYTHON_VERSION=%s\n" "${{ steps.build-python.outputs.python-version }}" >> "$GITHUB_ENV" printf "%s\n" "::endgroup::" - - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} From 1c90726c7ad84f8f1c3eeb870516e157cb6c2a36 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Mar 2026 01:13:40 +0000 Subject: [PATCH 20/30] [UPDATE] (deps): Bump github/codeql-action in /.github/workflows Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.6 to 4.35.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...c10b8064de6f491fea524254123dbe5e09572f13) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 97cef5c6..2cd26dca 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -61,7 +61,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -75,4 +75,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cd295194..d90d959d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,6 +57,6 @@ jobs: retention-days: 5 # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: results.sarif From 0dbcd23bb2dde258a31a2b212bf0359aa1614b44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Mar 2026 01:13:50 +0000 Subject: [PATCH 21/30] [UPDATE] (deps): Bump codecov/codecov-action in /.github/workflows Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.2 to 6.0.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/Tests.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 944106b2..4070638d 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -224,7 +224,7 @@ jobs: make -f Makefile test || exit 1 - name: Upload Python ${{ matrix.python-version }} test coverage to Codecov id: coverage-unittests-codecov-upload - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} job_code: ${{ needs.check_mats.outputs.build_id }}-${{ github.run_number }} @@ -241,7 +241,7 @@ jobs: fail_ci_if_error: false - name: Upload Python ${{ matrix.python-version }} second flag coverage to Codecov id: coverage-project-codecov-upload - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} job_code: ${{ needs.check_mats.outputs.build_id }}-${{ github.run_number }} @@ -482,7 +482,7 @@ jobs: make -f Makefile test-mat-doctests || exit 1 - name: Upload Python ${{ matrix.python-version }} doctest coverage to Codecov id: doctests-codecov-upload - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} job_code: ${{ needs.check_mats.outputs.build_id }}-${{ github.run_number }} @@ -931,7 +931,7 @@ jobs: shell: bash - name: Upload Python ${{ matrix.python-version }} integration coverage to Codecov id: integration-codecov-upload - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} job_code: ${{ needs.check_mats.outputs.build_id }}-${{ github.run_number }} @@ -967,7 +967,7 @@ jobs: - name: Upload Python ${{ matrix.python-version }} integration test results to Codecov if: ${{ !cancelled() && (env.TESTS_USE_PYTEST == '1') }} id: integration-codecov-results-upload - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: report_type: 'test_results' token: ${{ secrets.CODECOV_TOKEN }} From 15b99a31fc0d18ae7733205b2deb1005f06e14e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Mar 2026 01:13:58 +0000 Subject: [PATCH 22/30] [UPDATE] (deps): Bump actions/setup-go in /.github/workflows Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/makefile-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/makefile-lint.yml b/.github/workflows/makefile-lint.yml index ccc169bb..ec0a4e7e 100644 --- a/.github/workflows/makefile-lint.yml +++ b/.github/workflows/makefile-lint.yml @@ -51,7 +51,7 @@ jobs: yamllint --version || { print_error "Yamllint installation failed." 40 41 ; exit 126; } pandoc --version || { print_error "Pandoc installation failed." 40 41 ; exit 126; } - name: Force Setup newer go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: 1.25 check-latest: true From fe3981a93304ef3e768e482f7325028c78ccb57b Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Thu, 2 Apr 2026 13:41:16 -0700 Subject: [PATCH 23/30] [UPDATE] Also bump GHA actions to use download-artifact v8.0.1 (- WIP PR #543 -) Changes in file .github/actions/checkout-and-rebuild/action.yml: * bump download-artifact to v8.0.1 --- .github/actions/checkout-and-rebuild/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/checkout-and-rebuild/action.yml b/.github/actions/checkout-and-rebuild/action.yml index 5e041e5b..62015610 100644 --- a/.github/actions/checkout-and-rebuild/action.yml +++ b/.github/actions/checkout-and-rebuild/action.yml @@ -127,7 +127,7 @@ runs: - id: fetch_artifact_files name: "Fetch Build Files" if: ${{ (github.repository == 'reactive-firewall-org/multicast') && success() }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ inputs.path }}/dist pattern: multicast-build-${{ steps.output_sha.outputs.sha }} From fe35f91034f3fc830fc81e8e53d92f1fa6bc9392 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Thu, 2 Apr 2026 13:47:20 -0700 Subject: [PATCH 24/30] [UPDATE] also update GHA to use codecov/codecov-action v6 (- WIP PR #549 -) Changes in file .github/actions/test-reporter-upload/action.yml: * version bump codecov/codecov-action to v6.0.0 --- .github/actions/test-reporter-upload/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/test-reporter-upload/action.yml b/.github/actions/test-reporter-upload/action.yml index b5418bc6..452d6fe4 100644 --- a/.github/actions/test-reporter-upload/action.yml +++ b/.github/actions/test-reporter-upload/action.yml @@ -304,7 +304,7 @@ runs: - name: Upload ${{ steps.output_os.outputs.os }} Python ${{ steps.output_python.outputs.python-version }} coverage to Codecov id: coverage-codecov-upload if: ${{ success() && (steps.output_can_upload.outputs.can_upload == 'true') && (steps.output_upload_tools.outputs.can_upload_to_codecov == 'true') }} - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ inputs.codecov-token }} job_code: ${{ inputs.job_code || '' }} From 314cc979bea18e9dca8c9fb00a21b40b8dfa981c Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Fri, 3 Apr 2026 19:17:03 -0700 Subject: [PATCH 25/30] [HOTFIX] Possible fix for pip-licenses update regression Changes in file .github/workflows/Tests.yml: * update version Changes in file tests/check_pip: * Attempt workaround based on different packages format for MIT licenses. --- .github/workflows/Tests.yml | 2 +- tests/check_pip | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index df07a4af..3eb106f3 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -1388,7 +1388,7 @@ jobs: id: install-pip-tools run: | printf "%s\n" "::group::install-tools" - pip install -U "pip-licenses>=5.5.1" + pip install -U "pip-licenses>=5.5.5" printf "%s\n" "::endgroup::" shell: bash - name: Pre-Clean diff --git a/tests/check_pip b/tests/check_pip index ecd23779..35100229 100755 --- a/tests/check_pip +++ b/tests/check_pip @@ -249,7 +249,7 @@ SCRIPT_FILE="tests/check_pip" # Set pip-audit options AUDIT_OPTIONS="--progress-spinner off --desc on --requirement" # List of Allowed Licenses delimited by semicolon ; -ALLOW_LICENSES="Public Domain;CC0 1.0 Universal;Public Domain Dedication; Zero-Clause BSD;Apache Software License;Apache-2.0;MIT License;BSD License;Python Software Foundation License;The Unlicense (Unlicense);Mozilla Public License 2.0 (MPL 2.0);" +ALLOW_LICENSES="Public Domain;CC0 1.0 Universal;Public Domain Dedication; Zero-Clause BSD;Apache Software License;Apache-2.0;MIT License;BSD License;Python Software Foundation License;The Unlicense (Unlicense);Mozilla Public License 2.0 (MPL 2.0);MIT;" # Set pip-licenses options LICENSE_OPTIONS="--from=mixed" # Set pip options From 494283feacfa491c7b557bdf70f4d7b9bb382153 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sat, 4 Apr 2026 11:50:05 -0700 Subject: [PATCH 26/30] [SECURITY] Fix for possible CWE-601 Changes in file .github/actions/check-control/action.yml: * Mitigated 'details-url' to only accept "https://github.com" urls to restrict possible CWE-601 * Hardened GHA by adding some sanitization and normalization to mitigate possible CWE-74/CWE-78 (caused by CWE-20) --- .github/actions/check-control/action.yml | 35 ++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/.github/actions/check-control/action.yml b/.github/actions/check-control/action.yml index c25e0af6..49524204 100644 --- a/.github/actions/check-control/action.yml +++ b/.github/actions/check-control/action.yml @@ -192,11 +192,40 @@ runs: printf "check_date=%s\n" $(TZ=UTC date -Iseconds | cut -d+ -f1-1) >> "$GITHUB_OUTPUT" - id: output_check_details_url if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} + env: + CI_INPUT_TARGET_URL: '${{ inputs.details-url }}' + SAFEURL: 'https://github.com/' shell: bash run: | - if [[ "${{ inputs.details-url }}" != "DEFAULT" ]] ; then - printf "details_url=%s\n" '${{ inputs.details-url }}' >> "$GITHUB_OUTPUT" - printf "::debug:: %s\n" "Check detail url was provided: ${{ inputs.details-url }}" ; + set -euo pipefail + raw_input="${CI_INPUT_TARGET_URL}" + # Reject NUL or newline immediately + if printf '%s' "$raw_input" | grep -q '[^[:print:]]'; then + printf "::error title='Invalid':: %s\n" "Error: input contains disallowed control characters" >&2 + exit 1 + fi + # Strip one level of surrounding quotes and trim whitespace + normalize() { + local s="$1" + s="${s#"${s%%[![:space:]]*}"}" + s="${s%"${s##*[![:space:]]}"}" + if [[ (${s:0:1} == "'" && ${s: -1} == "'") || (${s:0:1} == '"' && ${s: -1} == '"') ]]; then + s="${s:1:-1}" + fi + if [[ "$s" == *$'\n'* ]] || [[ "$s" == *$'\r'* ]]; then + printf "::error title='Invalid Detail Link'::%s\n" "Input contains newline or CR" >&2 + return 125 + fi + if [[ "$s" == *$'::'* ]] || [[ "$s" == *$'##'* ]]; then + printf "::error title='Invalid Detail Link'::%s\n" "Input contains anomalies" >&2 + return 125 + fi + printf '%s' "$s" + } + input_url="$(normalize "$raw_input")" + if [[ "${input_url:0:7}" != "DEFAULT" ]] && [[ "${input_url:0:19}" == "${SAFEURL}" ]] ; then + printf "details_url=%s\n" "${input_url}" >> "$GITHUB_OUTPUT" + printf "::debug:: %s\n" "Check detail url was provided: ${input_url}" ; else if [[ "${{ inputs.workflow-run-id }}" != "" ]] ; then printf "details_url=%s\n" 'https://github.com/reactive-firewall-org/multicast/actions/runs/${{ github.run_id }}' >> "$GITHUB_OUTPUT" From 3ab200c0c7f60b05416effedcc6418ecffc7f337 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sun, 5 Apr 2026 13:22:58 -0700 Subject: [PATCH 27/30] [DEPENDENCIES] Possible fix for CI/CD License check false failures Changes in file tests/check_pip: * Expand allowed License pattern for BSD Licenses (allows BSD-2-clause) * Tighten license ignore list slightly for packages that don't properly declare "MIT License" (on rationale that just "MIT" are typos) --- tests/check_pip | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/check_pip b/tests/check_pip index 35100229..c1aa6e08 100755 --- a/tests/check_pip +++ b/tests/check_pip @@ -249,7 +249,7 @@ SCRIPT_FILE="tests/check_pip" # Set pip-audit options AUDIT_OPTIONS="--progress-spinner off --desc on --requirement" # List of Allowed Licenses delimited by semicolon ; -ALLOW_LICENSES="Public Domain;CC0 1.0 Universal;Public Domain Dedication; Zero-Clause BSD;Apache Software License;Apache-2.0;MIT License;BSD License;Python Software Foundation License;The Unlicense (Unlicense);Mozilla Public License 2.0 (MPL 2.0);MIT;" +ALLOW_LICENSES="Public Domain;CC0 1.0 Universal;Public Domain Dedication; Zero-Clause BSD;BSD-2-Clause;Apache Software License;Apache-2.0;MIT License;BSD License;Python Software Foundation License;The Unlicense (Unlicense);Mozilla Public License 2.0 (MPL 2.0);MIT;" # Set pip-licenses options LICENSE_OPTIONS="--from=mixed" # Set pip options @@ -269,7 +269,7 @@ fi ; # typing_extensions is licensed under Python Software Foundation License, but reports "UNKNOWN" # pytest-enabler is licensed under MIT, but reports "UNKNOWN" # pycodestyle is licensed under MIT, but reports just "MIT" (which does not match "MIT License") -LICENSE_OPTIONS="${LICENSE_OPTIONS} urllib3 pip setuptools wheel build hypothesis certifi roman-numerals-py Sphinx typing_extensions pytest-enabler pycodestyle" +LICENSE_OPTIONS="${LICENSE_OPTIONS} urllib3 pip setuptools wheel build hypothesis certifi roman-numerals-py Sphinx typing_extensions pytest-enabler" # Enable auto-fix if '--fix' argument is provided if [[ "$1" == "--fix" ]]; then AUDIT_OPTIONS="--fix --strict ${AUDIT_OPTIONS}" From 627a4a183a15f3b80224143de6450560a7031168 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 01:13:41 +0000 Subject: [PATCH 28/30] [UPDATE] (deps): Bump actions/upload-artifact in /.github/workflows Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/CI-BUILD.yml | 6 +++--- .github/workflows/CI-CHGLOG.yml | 6 +++--- .github/workflows/CI-DOCS.yml | 6 +++--- .github/workflows/CI-MATs.yml | 4 ++-- .github/workflows/Tests.yml | 14 +++++++------- .github/workflows/scorecard.yml | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/CI-BUILD.yml b/.github/workflows/CI-BUILD.yml index 1ce1e491..3a06b320 100644 --- a/.github/workflows/CI-BUILD.yml +++ b/.github/workflows/CI-BUILD.yml @@ -123,7 +123,7 @@ jobs: - name: Upload build artifact id: upload if: ${{ !cancelled() && (steps.buildfiles.outputs.files != '') && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: dist name: multicast-build-${{ github.sha }} @@ -347,7 +347,7 @@ jobs: - name: Upload build summary id: upload-build-info if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "BUILD-info.txt" name: multicast-info-${{ github.sha }} @@ -394,7 +394,7 @@ jobs: - name: Upload build summary id: upload-build-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: ./Build-Summary-Artifact.txt name: BUILD-COMMENT-BODY-${{ github.sha }} diff --git a/.github/workflows/CI-CHGLOG.yml b/.github/workflows/CI-CHGLOG.yml index fe9acd71..5e923ecf 100644 --- a/.github/workflows/CI-CHGLOG.yml +++ b/.github/workflows/CI-CHGLOG.yml @@ -190,7 +190,7 @@ jobs: - name: Upload CHANGELOG artifact id: upload if: ${{ success() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: CHANGELOG.md name: 'multicast-chglog-${{ needs.check_build.outputs.sha }}' @@ -260,7 +260,7 @@ jobs: - name: "Upload chglog summary" id: upload-chglog-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: ./chglog-Summary-Artifact.txt name: chglog-COMMENT-BODY-${{ needs.check_build.outputs.sha }} @@ -340,7 +340,7 @@ jobs: - name: Upload build summary id: upload-build-info if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "chglog-info.txt" name: multicast-chglog-info-${{ needs.check_build.outputs.sha }} diff --git a/.github/workflows/CI-DOCS.yml b/.github/workflows/CI-DOCS.yml index 062bc956..b52eb2f1 100644 --- a/.github/workflows/CI-DOCS.yml +++ b/.github/workflows/CI-DOCS.yml @@ -183,7 +183,7 @@ jobs: fi - name: Upload Docs Artifact with Python ${{ matrix.python-version }} on ${{ matrix.os }} id: upload-documentation - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: Multicast-Documentation-${{ needs.check_mats.outputs.build_sha }}-${{ matrix.os }}-${{ matrix.python-version }} path: ./Multicast-Documentation @@ -239,7 +239,7 @@ jobs: - name: "Upload DOCs summary" id: upload-docs-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: ./DOCUMENTATION-Summary-Artifact.txt name: DOCUMENTATION-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} @@ -250,7 +250,7 @@ jobs: - name: "Upload DOCs Bundle" id: upload-docs-bundle if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: Multicast-Documentation name: Multicast-Documentation-${{ needs.check_mats.outputs.build_sha }}-ALL diff --git a/.github/workflows/CI-MATs.yml b/.github/workflows/CI-MATs.yml index ad1d24d2..d93a7de8 100644 --- a/.github/workflows/CI-MATs.yml +++ b/.github/workflows/CI-MATs.yml @@ -292,7 +292,7 @@ jobs: - name: "Upload MATs summary" id: upload-mats-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: ./MATs-Summary-Artifact.txt name: MATS-COMMENT-BODY-${{ needs.check_build.outputs.sha }} @@ -372,7 +372,7 @@ jobs: - name: Upload build summary id: upload-build-info if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "multicast-info.txt" name: multicast-info-${{ needs.check_build.outputs.sha }} diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 3eb106f3..1eb37b54 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -398,7 +398,7 @@ jobs: - name: "Upload Coverage Summary" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: COVERAGE name: ${{ steps.output_coverage_step_summary.outputs.coverage-artifact-name }} @@ -500,7 +500,7 @@ jobs: fail_ci_if_error: false - name: Upload Python ${{ matrix.python-version }} Artifact id: doctests-reports-upload - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: DocTest-Report-${{ matrix.os }}-${{ matrix.python-version }} path: ./test-reports/ @@ -632,7 +632,7 @@ jobs: - name: "Upload Doctests Summary" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: COVERAGE name: ${{ steps.output_doctests_step_summary.outputs.doctests-artifact-name }} @@ -692,7 +692,7 @@ jobs: - name: "Upload COVERAGE summary" id: upload-coverage-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: ./COVERAGE-Summary-Artifact.txt name: COVERAGE-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} @@ -950,7 +950,7 @@ jobs: fail_ci_if_error: false - name: Upload Extra Python ${{ matrix.python-version }} Artifact id: integration-reports-upload - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: Integration-Test-Report-${{ matrix.os }}-${{ matrix.python-version }} path: ./test-reports/ @@ -1201,7 +1201,7 @@ jobs: - name: "Upload integration Summary" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: EXTRAS name: ${{ steps.output_integration_step_summary.outputs.integration-artifact-name }} @@ -1282,7 +1282,7 @@ jobs: - name: "Upload INTEGRATION summary" id: upload-integration-summary if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: ./Integration-Summary-Artifact.txt name: INTEGRATION-COMMENT-BODY-${{ needs.check_mats.outputs.build_sha }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d90d959d..37010a6e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -50,7 +50,7 @@ jobs: # uploads of run results in SARIF format to the repository Actions tab. # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts - name: "Upload artifact" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif From 9b2965415471a0bda9960b69121baf165591b254 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 01:13:46 +0000 Subject: [PATCH 29/30] [UPDATE] (deps): Bump actions/cache in /.github/workflows Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/CI-BUILD.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI-BUILD.yml b/.github/workflows/CI-BUILD.yml index 1ce1e491..4f6ffcac 100644 --- a/.github/workflows/CI-BUILD.yml +++ b/.github/workflows/CI-BUILD.yml @@ -70,7 +70,7 @@ jobs: printf "python-version=%s\n" "${{ steps.build-python.outputs.python-version }}" >> "$GITHUB_OUTPUT" printf "PYTHON_VERSION=%s\n" "${{ steps.build-python.outputs.python-version }}" >> "$GITHUB_ENV" printf "%s\n" "::endgroup::" - - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} From 365032f131585ef556558c7d44b4f5fa5d41a780 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Tue, 14 Apr 2026 15:00:13 -0700 Subject: [PATCH 30/30] [PATCH] Also version bump reusable GHA workflows for actions/upload-artifact to v7.0.1 (- WIP PR #552 -) * This resolves the review of PR #552 Changes in file .github/actions/run-minimal-acceptance-tests/action.yml: * also update actions/upload-artifact to v7.0.1 Changes in file .github/actions/setup-py-reqs/action.yml: * also update actions/upload-artifact to v7.0.1 Changes in file .github/actions/test-reporter-upload/action.yml: * also update actions/upload-artifact to v7.0.1 Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] --- .github/actions/run-minimal-acceptance-tests/action.yml | 2 +- .github/actions/setup-py-reqs/action.yml | 2 +- .github/actions/test-reporter-upload/action.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/run-minimal-acceptance-tests/action.yml b/.github/actions/run-minimal-acceptance-tests/action.yml index fdcb3cb2..033d29aa 100644 --- a/.github/actions/run-minimal-acceptance-tests/action.yml +++ b/.github/actions/run-minimal-acceptance-tests/action.yml @@ -353,7 +353,7 @@ runs: - name: "Upload Details" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: MATS name: ${{ steps.output_artifact_name.outputs.artifact-name }} diff --git a/.github/actions/setup-py-reqs/action.yml b/.github/actions/setup-py-reqs/action.yml index c751d1b7..c73e2441 100644 --- a/.github/actions/setup-py-reqs/action.yml +++ b/.github/actions/setup-py-reqs/action.yml @@ -282,7 +282,7 @@ runs: - name: "Upload Details" id: upload if: ${{ !cancelled() && (github.repository == 'reactive-firewall-org/multicast') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: DEPS name: ${{ steps.output_artifact_name.outputs.artifact-name }} diff --git a/.github/actions/test-reporter-upload/action.yml b/.github/actions/test-reporter-upload/action.yml index 452d6fe4..100a50ce 100644 --- a/.github/actions/test-reporter-upload/action.yml +++ b/.github/actions/test-reporter-upload/action.yml @@ -321,7 +321,7 @@ runs: - name: Upload ${{ steps.output_os.outputs.os }} Python ${{ steps.output_python.outputs.python-version }} Artifact id: coverage-reports-upload if: ${{ !cancelled() && (steps.output_can_upload.outputs.can_upload == 'true') }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: Test-Report-${{ steps.output_os.outputs.os }}-${{ steps.output_python.outputs.python-version }}-${{ steps.output_sha.outputs.sha }} path: ./test-reports/