From a83e11b61cdf606b10853b7f707ae1a18347b93a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 10:43:35 +0000 Subject: [PATCH 1/2] Initial plan From 82d2af92b7035ce50f4de3bbac92d40e37f44507 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 10:50:07 +0000 Subject: [PATCH 2/2] chore(ci): pin github actions to commit SHAs Agent-Logs-Url: https://github.com/CycloneDX/cyclonedx-python-lib/sessions/9f3a5c14-6295-44ef-bc74-ca8fa5a9e5a5 Co-authored-by: jkowalleck <2765863+jkowalleck@users.noreply.github.com> --- .github/workflows/python.yml | 48 +++++++++++++++++------------------ .github/workflows/release.yml | 24 +++++++++--------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index db50276fa..46e29b82f 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -33,16 +33,16 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -57,16 +57,16 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -81,16 +81,16 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -105,16 +105,16 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -141,16 +141,16 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ matrix.python-version }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -191,12 +191,12 @@ jobs: git config --global core.eol lf - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Create reports directory run: mkdir ${{ env.REPORTS_DIR }} - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ matrix.python-version }} architecture: 'x64' @@ -207,7 +207,7 @@ jobs: print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding())) - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -226,7 +226,7 @@ jobs: - name: Artifact reports if: ${{ ! cancelled() }} # see https://github.com/actions/upload-artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: ${{ env.TESTS_REPORTS_ARTIFACT }}-${{ matrix.os }}-py${{ matrix.python-version }}${{ matrix.toxenv-factors }} path: ${{ env.REPORTS_DIR }} @@ -240,7 +240,7 @@ jobs: steps: - name: fetch test artifacts # see https://github.com/actions/download-artifact - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: path: ${{ env.REPORTS_DIR }} pattern: ${{ env.TESTS_REPORTS_ARTIFACT }}-* @@ -250,7 +250,7 @@ jobs: CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} if: ${{ env.CODACY_PROJECT_TOKEN != '' }} ## see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets # see https://github.com/codacy/codacy-coverage-reporter-action - uses: codacy/codacy-coverage-reporter-action@v1 + uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1 with: project-token: ${{ env.CODACY_PROJECT_TOKEN }} coverage-reports: ${{ env.REPORTS_DIR }}/coverage/* @@ -269,10 +269,10 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '>=3.9 <=3.14' # supported version range - name: Validate Python Environment @@ -282,7 +282,7 @@ jobs: print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding())) - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install package and prod dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eb99f16a7..57a3d6840 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -48,16 +48,16 @@ jobs: steps: - name: Checkout code # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -70,16 +70,16 @@ jobs: steps: - name: Checkout code # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry - uses: Gr1N/setup-poetry@v9 + uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies @@ -105,19 +105,19 @@ jobs: steps: - name: Checkout code # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Setup python # see https://github.com/actions/setup-python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install and configure Poetry # See https://github.com/marketplace/actions/install-poetry-action - uses: snok/install-poetry@v1 + uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1 with: version: ${{ env.POETRY_VERSION }} virtualenvs-create: true @@ -132,7 +132,7 @@ jobs: id: release # see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html # see https://github.com/python-semantic-release/python-semantic-release - uses: python-semantic-release/python-semantic-release@v10.0.2 + uses: python-semantic-release/python-semantic-release@1a324000f2251a9e722e77b128bf72712653813f # v10.0.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} force: ${{ github.event.inputs.release_force }} @@ -142,14 +142,14 @@ jobs: - name: Publish package distributions to PyPI if: steps.release.outputs.released == 'true' # see https://github.com/pypa/gh-action-pypi-publish - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 with: attestations: true - name: Publish package distributions to GitHub Releases if: steps.release.outputs.released == 'true' # see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html#python-semantic-release-publish-action - uses: python-semantic-release/publish-action@v10 + uses: python-semantic-release/publish-action@310a9983a0ae878b29f3aac778d7c77c1db27378 # v10 with: github_token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.release.outputs.tag }}