diff --git a/.github/actions/install-nix/action.yml b/.github/actions/install-nix/action.yml
index 579eb66a..ee17c03b 100644
--- a/.github/actions/install-nix/action.yml
+++ b/.github/actions/install-nix/action.yml
@@ -14,6 +14,6 @@ runs:
- name: Install Nix ❄️
if: ${{ steps.check-nix.outputs.nix-found != 'true' }}
- uses: cachix/install-nix-action@v31
+ uses: cachix/install-nix-action@f0fe604f8a612776892427721526b4c7cfb23aba # v31
with:
github_access_token: ${{ github.token }}
diff --git a/.github/actions/setup-dotnet/action.yml b/.github/actions/setup-dotnet/action.yml
index cb1f4081..70ecb42f 100644
--- a/.github/actions/setup-dotnet/action.yml
+++ b/.github/actions/setup-dotnet/action.yml
@@ -6,13 +6,13 @@ runs:
using: 'composite'
steps:
- name: Setup MSBuild # Needed for APPX packaging
- uses: microsoft/setup-msbuild@v1.3
+ uses: microsoft/setup-msbuild@ede762b26a2de8d110bb5a3db4d7e0e080c0e917 # v1.3
with:
vs-version: '[17.2,'
- name: Setup .NET SDK
id: setup-dotnet
- uses: actions/setup-dotnet@v4
+ uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
with:
dotnet-version: 8
cache: true
diff --git a/.github/workflows/on_command.yml b/.github/workflows/on_command.yml
index d773dbe7..5fd87371 100644
--- a/.github/workflows/on_command.yml
+++ b/.github/workflows/on_command.yml
@@ -19,7 +19,7 @@ jobs:
- name: Get actor permissions
id: check-permissions
continue-on-error: true
- uses: prince-chrismc/check-actor-permissions-action@v3.0.2
+ uses: prince-chrismc/check-actor-permissions-action@d504e74ba31658f4cdf4fcfeb509d4c09736d88e # v3.0.2
with:
permission: write
@@ -30,7 +30,7 @@ jobs:
- name: Post error message if not permitted
if: ${{ !steps.check-permissions.outputs.permitted && github.actor != 'nixos-wsl-bot' }}
- uses: thollander/actions-comment-pull-request@v3.0.1
+ uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
pr-number: ${{ inputs.pr_number || github.event.issue.number }}
message: |
@@ -54,7 +54,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v4.2.2
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get PR branch
id: branch
@@ -64,7 +64,7 @@ jobs:
echo "branch=$(gh pr view ${{ github.event.issue.number }} --json headRefName -q .headRefName)" >> $GITHUB_OUTPUT
- name: Dispatch workflow
- uses: actions/github-script@v7.0.1
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
github.rest.actions.createWorkflowDispatch({
diff --git a/.github/workflows/on_label.yml b/.github/workflows/on_label.yml
index 14b32e59..9a539e8a 100644
--- a/.github/workflows/on_label.yml
+++ b/.github/workflows/on_label.yml
@@ -23,16 +23,16 @@ jobs:
steps:
- name: Check actor permissions
id: check-permissions
- uses: prince-chrismc/check-actor-permissions-action@v3.0.2
+ uses: prince-chrismc/check-actor-permissions-action@d504e74ba31658f4cdf4fcfeb509d4c09736d88e # v3.0.2
with:
permission: write
- name: Checkout
- uses: actions/checkout@v4.2.2
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create backport PR
id: backport
- uses: korthout/backport-action@v3.2.1
+ uses: korthout/backport-action@0193454f0c5947491d348f33a275c119f30eb736 # v3.2.1
with:
merge_commits: "skip"
add_author_as_assignee: true
@@ -48,7 +48,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v4.2.2
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get PR branch
id: branch
@@ -58,7 +58,7 @@ jobs:
echo "branch=$(gh pr view ${{ matrix.pr }} --json headRefName -q .headRefName)" >> $GITHUB_OUTPUT
- name: Dispatch workflow
- uses: actions/github-script@v7.0.1
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
github.rest.actions.createWorkflowDispatch({
diff --git a/.github/workflows/on_push.yml b/.github/workflows/on_push.yml
index 46c5444e..5362a014 100644
--- a/.github/workflows/on_push.yml
+++ b/.github/workflows/on_push.yml
@@ -25,7 +25,7 @@ jobs:
if: ${{ inputs.post_result }}
runs-on: ubuntu-latest
steps:
- - uses: thollander/actions-comment-pull-request@v3.0.1
+ - uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
pr-number: ${{ inputs.pr_number || github.event.pull_request.number }}
comment-tag: ci-status
@@ -94,7 +94,7 @@ jobs:
- docs
runs-on: ubuntu-latest
steps:
- - uses: thollander/actions-comment-pull-request@v3.0.1
+ - uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
pr-number: ${{ inputs.pr_number || github.event.pull_request.number }}
comment-tag: ci-status
diff --git a/.github/workflows/on_release.yml b/.github/workflows/on_release.yml
index 63c9d0ba..00a267eb 100644
--- a/.github/workflows/on_release.yml
+++ b/.github/workflows/on_release.yml
@@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download Tarball 📥
- uses: actions/download-artifact@v4
+ uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: tarball
@@ -25,7 +25,7 @@ jobs:
sha256sum nixos.wsl > nixos.wsl.sha256
- name: Attach to Release 📎
- uses: softprops/action-gh-release@v2
+ uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2
with:
files: |
nixos.wsl
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 0df2e3f1..2f5edccb 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -24,6 +24,6 @@ jobs:
pull-requests: write
runs-on: ubuntu-latest
steps:
- - uses: release-drafter/release-drafter@v6
+ - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/run_build.yml b/.github/workflows/run_build.yml
index f664382c..18001fcf 100644
--- a/.github/workflows/run_build.yml
+++ b/.github/workflows/run_build.yml
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
@@ -30,7 +30,7 @@ jobs:
filename: nixos.wsl
- name: Upload Tarball 📤
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: tarball
path: nixos.wsl
diff --git a/.github/workflows/run_checks.yml b/.github/workflows/run_checks.yml
index ad2d2297..3434c90b 100644
--- a/.github/workflows/run_checks.yml
+++ b/.github/workflows/run_checks.yml
@@ -11,7 +11,7 @@ jobs:
checks: ${{ steps.checks.outputs.checks }}
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
diff --git a/.github/workflows/run_docs.yml b/.github/workflows/run_docs.yml
index 385aa2b9..53a99d28 100644
--- a/.github/workflows/run_docs.yml
+++ b/.github/workflows/run_docs.yml
@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
@@ -38,11 +38,11 @@ jobs:
sed -i 's|||' dist/404.html
- name: Upload documentation 📥
- uses: actions/upload-pages-artifact@v3
+ uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
with:
path: dist
- name: Deploy to GitHub Pages 🚀
if: github.ref == 'refs/heads/main'
id: deployment
- uses: actions/deploy-pages@v4
+ uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4
diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml
index 30e5c29d..efb8f4ca 100644
--- a/.github/workflows/run_tests.yml
+++ b/.github/workflows/run_tests.yml
@@ -11,7 +11,7 @@ jobs:
tests: ${{ steps.tests.outputs.tests }}
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
@@ -34,12 +34,12 @@ jobs:
runs-on: windows-latest
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Download Tarball 📥
- uses: actions/download-artifact@v4
+ uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: tarball
diff --git a/flake.lock b/flake.lock
index e1b710b9..454beeef 100644
--- a/flake.lock
+++ b/flake.lock
@@ -18,16 +18,16 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1751792365,
- "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
+ "lastModified": 1751943650,
+ "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
+ "rev": "88983d4b665fb491861005137ce2b11a9f89f203",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-unstable",
+ "ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
diff --git a/flake.nix b/flake.nix
index 6a819e8a..cf74d7a1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
description = "NixOS WSL";
inputs = {
- nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
flake-compat = {
url = "github:edolstra/flake-compat";