From 10f948d8c0af6e7cf9e6381f666a87eb4f26994f Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Wed, 1 Mar 2023 13:55:58 +1100
Subject: [PATCH] feat(ci): consider `dtolnay/rust-toolchain` a trusted action

dtolnay is a very reputable member of the Rust community. I'd like to propose to make an exception to the "pin all external actions to a hash" rule. The action is updated very regularly and causes spam in the form of dependabot PRs.

Additionally, by pinning the action we cannot make use of the very neat shorthand syntax of specifying the desired Rust version.

Pull-Request: #3487.
---
 .github/workflows/cache-factory.yml |  8 +++-----
 .github/workflows/ci.yml            | 30 +++++++++--------------------
 2 files changed, 12 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/cache-factory.yml b/.github/workflows/cache-factory.yml
index bdf3b3e5..25f75a2f 100644
--- a/.github/workflows/cache-factory.yml
+++ b/.github/workflows/cache-factory.yml
@@ -38,9 +38,9 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
+      - uses: dtolnay/rust-toolchain@master
         with:
-          toolchain: ${{ matrix.rust }}          
+          toolchain: ${{ matrix.rust }}
 
       - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
         with:
@@ -60,9 +60,7 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
-        with:
-          toolchain: stable          
+      - uses: dtolnay/rust-toolchain@stable
 
       - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
         with:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0c3f1b07..f93d2731 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -35,7 +35,7 @@ jobs:
           echo "version=${RUST_VERSION}" >> $GITHUB_OUTPUT
 
       - name: Install Rust ${{ steps.parse-msrv.outputs.version }} for MSRV check
-        uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
+        uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ steps.parse-msrv.outputs.version }}
 
@@ -47,9 +47,7 @@ jobs:
       - name: Check if ${{ matrix.crate }} compiles on MSRV (Rust ${{ steps.parse-msrv.outputs.version }})
         run: cargo +${{ steps.parse-msrv.outputs.version }} build --package ${{ matrix.crate }} --all-features
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
-        with:
-          toolchain: stable
+      - uses: dtolnay/rust-toolchain@stable
 
       - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
         with:
@@ -108,9 +106,8 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
           target: ${{ matrix.target }}
 
       - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
@@ -134,9 +131,7 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
-        with:
-          toolchain: stable
+      - uses: dtolnay/rust-toolchain@stable
 
       - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
         with:
@@ -154,9 +149,7 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
-        with:
-          toolchain: stable
+      - uses: dtolnay/rust-toolchain@stable
 
       - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
         with:
@@ -180,7 +173,7 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
+      - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust-version }}
           components: clippy
@@ -203,9 +196,7 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
-        with:
-          toolchain: stable
+      - uses: dtolnay/rust-toolchain@stable
 
       - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
         with:
@@ -219,9 +210,8 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
           components: rustfmt
 
       - name: Check formatting
@@ -232,9 +222,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - uses: dtolnay/rust-toolchain@9cd00a88a73addc8617065438eff914dd08d0955 # v1
-        with:          
-          toolchain: stable
+      - uses: dtolnay/rust-toolchain@stable
 
       - name: Ensure `full` feature contains all features
         run: |