fix: safer github actions version usage

spin3l · spin3l · commit c5363c700f88 · 2026-04-13T10:59:59.000+02:00
diff --git a/.github/workflows/package-testing.yaml b/.github/workflows/package-testing.yaml
@@ -19,12 +19,12 @@ jobs:
         python-version: ["3.10-alpine", "3.11-alpine", "3.12-alpine", "3.13-alpine"]
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
 
     - name: Setup and install uv
-      uses: astral-sh/setup-uv@v5
+      uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57
       with:
-        version: "0.6.4"
+        version: "0.10.8"
 
     - name: Setup python
       run: uv python install
diff --git a/.github/workflows/pypi-publish.yaml b/.github/workflows/pypi-publish.yaml
@@ -21,14 +21,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
         with:
           fetch-depth: 0
 
       - name: Setup and Install uv
-        uses: astral-sh/setup-uv@v5
+        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57
         with:
-          version: "0.6.4"
+          version: "0.10.8"
 
       - name: Set up Python
         run: uv python install
@@ -67,7 +67,7 @@ jobs:
           uv build
 
       - name: pypi-publish
-        uses: pypa/gh-action-pypi-publish@v1.12.3
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b
         with:
           password: ${{ secrets.pypi_token }}
           skip-existing: false
