Skip to content

Commit 82d2af9

Browse files
Copilotjkowalleck
Copilot
and
jkowalleck
authored
chore(ci): pin github actions to commit SHAs
Agent-Logs-Url: https://github.com/CycloneDX/cyclonedx-python-lib/sessions/9f3a5c14-6295-44ef-bc74-ca8fa5a9e5a5 Co-authored-by: jkowalleck <2765863+jkowalleck@users.noreply.github.com>
1 parent a83e11b commit 82d2af9

2 files changed

Lines changed: 36 additions & 36 deletions

File tree

.github/workflows/python.yml

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -33,16 +33,16 @@ jobs:
3333
steps:
3434
- name: Checkout
3535
# see https://github.com/actions/checkout
36-
uses: actions/checkout@v6
36+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
3737
- name: Setup Python Environment
3838
# see https://github.com/actions/setup-python
39-
uses: actions/setup-python@v6
39+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
4040
with:
4141
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
4242
architecture: 'x64'
4343
- name: Install poetry
4444
# see https://github.com/marketplace/actions/setup-poetry
45-
uses: Gr1N/setup-poetry@v9
45+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
4646
with:
4747
poetry-version: ${{ env.POETRY_VERSION }}
4848
- name: Install dependencies
@@ -57,16 +57,16 @@ jobs:
5757
steps:
5858
- name: Checkout
5959
# see https://github.com/actions/checkout
60-
uses: actions/checkout@v6
60+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
6161
- name: Setup Python Environment
6262
# see https://github.com/actions/setup-python
63-
uses: actions/setup-python@v6
63+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
6464
with:
6565
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
6666
architecture: 'x64'
6767
- name: Install poetry
6868
# see https://github.com/marketplace/actions/setup-poetry
69-
uses: Gr1N/setup-poetry@v9
69+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
7070
with:
7171
poetry-version: ${{ env.POETRY_VERSION }}
7272
- name: Install dependencies
@@ -81,16 +81,16 @@ jobs:
8181
steps:
8282
- name: Checkout
8383
# see https://github.com/actions/checkout
84-
uses: actions/checkout@v6
84+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
8585
- name: Setup Python Environment
8686
# see https://github.com/actions/setup-python
87-
uses: actions/setup-python@v6
87+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
8888
with:
8989
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
9090
architecture: 'x64'
9191
- name: Install poetry
9292
# see https://github.com/marketplace/actions/setup-poetry
93-
uses: Gr1N/setup-poetry@v9
93+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
9494
with:
9595
poetry-version: ${{ env.POETRY_VERSION }}
9696
- name: Install dependencies
@@ -105,16 +105,16 @@ jobs:
105105
steps:
106106
- name: Checkout
107107
# see https://github.com/actions/checkout
108-
uses: actions/checkout@v6
108+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
109109
- name: Setup Python Environment
110110
# see https://github.com/actions/setup-python
111-
uses: actions/setup-python@v6
111+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
112112
with:
113113
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
114114
architecture: 'x64'
115115
- name: Install poetry
116116
# see https://github.com/marketplace/actions/setup-poetry
117-
uses: Gr1N/setup-poetry@v9
117+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
118118
with:
119119
poetry-version: ${{ env.POETRY_VERSION }}
120120
- name: Install dependencies
@@ -141,16 +141,16 @@ jobs:
141141
steps:
142142
- name: Checkout
143143
# see https://github.com/actions/checkout
144-
uses: actions/checkout@v6
144+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
145145
- name: Setup Python Environment
146146
# see https://github.com/actions/setup-python
147-
uses: actions/setup-python@v6
147+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
148148
with:
149149
python-version: ${{ matrix.python-version }}
150150
architecture: 'x64'
151151
- name: Install poetry
152152
# see https://github.com/marketplace/actions/setup-poetry
153-
uses: Gr1N/setup-poetry@v9
153+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
154154
with:
155155
poetry-version: ${{ env.POETRY_VERSION }}
156156
- name: Install dependencies
@@ -191,12 +191,12 @@ jobs:
191191
git config --global core.eol lf
192192
- name: Checkout
193193
# see https://github.com/actions/checkout
194-
uses: actions/checkout@v6
194+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
195195
- name: Create reports directory
196196
run: mkdir ${{ env.REPORTS_DIR }}
197197
- name: Setup Python Environment
198198
# see https://github.com/actions/setup-python
199-
uses: actions/setup-python@v6
199+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
200200
with:
201201
python-version: ${{ matrix.python-version }}
202202
architecture: 'x64'
@@ -207,7 +207,7 @@ jobs:
207207
print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding()))
208208
- name: Install poetry
209209
# see https://github.com/marketplace/actions/setup-poetry
210-
uses: Gr1N/setup-poetry@v9
210+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
211211
with:
212212
poetry-version: ${{ env.POETRY_VERSION }}
213213
- name: Install dependencies
@@ -226,7 +226,7 @@ jobs:
226226
- name: Artifact reports
227227
if: ${{ ! cancelled() }}
228228
# see https://github.com/actions/upload-artifact
229-
uses: actions/upload-artifact@v6
229+
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
230230
with:
231231
name: ${{ env.TESTS_REPORTS_ARTIFACT }}-${{ matrix.os }}-py${{ matrix.python-version }}${{ matrix.toxenv-factors }}
232232
path: ${{ env.REPORTS_DIR }}
@@ -240,7 +240,7 @@ jobs:
240240
steps:
241241
- name: fetch test artifacts
242242
# see https://github.com/actions/download-artifact
243-
uses: actions/download-artifact@v7
243+
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
244244
with:
245245
path: ${{ env.REPORTS_DIR }}
246246
pattern: ${{ env.TESTS_REPORTS_ARTIFACT }}-*
@@ -250,7 +250,7 @@ jobs:
250250
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
251251
if: ${{ env.CODACY_PROJECT_TOKEN != '' }} ## see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
252252
# see https://github.com/codacy/codacy-coverage-reporter-action
253-
uses: codacy/codacy-coverage-reporter-action@v1
253+
uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1
254254
with:
255255
project-token: ${{ env.CODACY_PROJECT_TOKEN }}
256256
coverage-reports: ${{ env.REPORTS_DIR }}/coverage/*
@@ -269,10 +269,10 @@ jobs:
269269
steps:
270270
- name: Checkout
271271
# see https://github.com/actions/checkout
272-
uses: actions/checkout@v6
272+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
273273
- name: Setup Python Environment
274274
# see https://github.com/actions/setup-python
275-
uses: actions/setup-python@v6
275+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
276276
with:
277277
python-version: '>=3.9 <=3.14' # supported version range
278278
- name: Validate Python Environment
@@ -282,7 +282,7 @@ jobs:
282282
print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding()))
283283
- name: Install poetry
284284
# see https://github.com/marketplace/actions/setup-poetry
285-
uses: Gr1N/setup-poetry@v9
285+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
286286
with:
287287
poetry-version: ${{ env.POETRY_VERSION }}
288288
- name: Install package and prod dependencies

.github/workflows/release.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -48,16 +48,16 @@ jobs:
4848
steps:
4949
- name: Checkout code
5050
# see https://github.com/actions/checkout
51-
uses: actions/checkout@v6
51+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
5252
- name: Setup Python Environment
5353
# see https://github.com/actions/setup-python
54-
uses: actions/setup-python@v6
54+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
5555
with:
5656
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
5757
architecture: 'x64'
5858
- name: Install poetry
5959
# see https://github.com/marketplace/actions/setup-poetry
60-
uses: Gr1N/setup-poetry@v9
60+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
6161
with:
6262
poetry-version: ${{ env.POETRY_VERSION }}
6363
- name: Install dependencies
@@ -70,16 +70,16 @@ jobs:
7070
steps:
7171
- name: Checkout code
7272
# see https://github.com/actions/checkout
73-
uses: actions/checkout@v6
73+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
7474
- name: Setup Python Environment
7575
# see https://github.com/actions/setup-python
76-
uses: actions/setup-python@v6
76+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
7777
with:
7878
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
7979
architecture: 'x64'
8080
- name: Install poetry
8181
# see https://github.com/marketplace/actions/setup-poetry
82-
uses: Gr1N/setup-poetry@v9
82+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
8383
with:
8484
poetry-version: ${{ env.POETRY_VERSION }}
8585
- name: Install dependencies
@@ -105,19 +105,19 @@ jobs:
105105
steps:
106106
- name: Checkout code
107107
# see https://github.com/actions/checkout
108-
uses: actions/checkout@v6
108+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
109109
with:
110110
fetch-depth: 0
111111

112112
- name: Setup python
113113
# see https://github.com/actions/setup-python
114-
uses: actions/setup-python@v6
114+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
115115
with:
116116
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
117117
architecture: 'x64'
118118
- name: Install and configure Poetry
119119
# See https://github.com/marketplace/actions/install-poetry-action
120-
uses: snok/install-poetry@v1
120+
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1
121121
with:
122122
version: ${{ env.POETRY_VERSION }}
123123
virtualenvs-create: true
@@ -132,7 +132,7 @@ jobs:
132132
id: release
133133
# see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html
134134
# see https://github.com/python-semantic-release/python-semantic-release
135-
uses: python-semantic-release/python-semantic-release@v10.0.2
135+
uses: python-semantic-release/python-semantic-release@1a324000f2251a9e722e77b128bf72712653813f # v10.0.2
136136
with:
137137
github_token: ${{ secrets.GITHUB_TOKEN }}
138138
force: ${{ github.event.inputs.release_force }}
@@ -142,14 +142,14 @@ jobs:
142142
- name: Publish package distributions to PyPI
143143
if: steps.release.outputs.released == 'true'
144144
# see https://github.com/pypa/gh-action-pypi-publish
145-
uses: pypa/gh-action-pypi-publish@release/v1
145+
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1
146146
with:
147147
attestations: true
148148

149149
- name: Publish package distributions to GitHub Releases
150150
if: steps.release.outputs.released == 'true'
151151
# see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html#python-semantic-release-publish-action
152-
uses: python-semantic-release/publish-action@v10
152+
uses: python-semantic-release/publish-action@310a9983a0ae878b29f3aac778d7c77c1db27378 # v10
153153
with:
154154
github_token: ${{ secrets.GITHUB_TOKEN }}
155155
tag: ${{ steps.release.outputs.tag }}

0 commit comments

Comments
 (0)