Skip to content

Commit e552651

Browse files
chore(deps): pin dependencies (#855)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 00e0af9 commit e552651

10 files changed

Lines changed: 53 additions & 53 deletions

File tree

.github/workflows/deployment.yml

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -37,14 +37,14 @@ jobs:
3737
# We need extglob for REFERENCE_BRANCH substitution
3838
shell: bash -l -O extglob {0}
3939
steps:
40-
- uses: actions/checkout@v6
40+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
4141
with:
4242
token: ${{ github.token }}
4343
- run: |
4444
git fetch --prune --unshallow
4545
git config --global user.email "ci@diracgrid.org"
4646
git config --global user.name "DIRACGrid CI"
47-
- uses: actions/setup-python@v6
47+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
4848
with:
4949
python-version: '3.14'
5050
- name: Installing dependencies
@@ -84,7 +84,7 @@ jobs:
8484
# Also build the diracx metapackage
8585
python -m build --outdir $PWD/dist .
8686
- name: 'Upload Artifact'
87-
uses: actions/upload-artifact@v7
87+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
8888
with:
8989
name: diracx-whl
9090
path: dist/diracx*.whl
@@ -101,19 +101,19 @@ jobs:
101101
runs-on: ubuntu-latest
102102
steps:
103103
- name: Checkout
104-
uses: actions/checkout@v6
104+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
105105
- name: Set up QEMU
106-
uses: docker/setup-qemu-action@v4
106+
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4
107107
- name: Set up Docker Buildx
108-
uses: docker/setup-buildx-action@v4
108+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
109109
- name: Login to GitHub container registry
110-
uses: docker/login-action@v4
110+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
111111
with:
112112
registry: ghcr.io
113113
username: ${{ github.actor }}
114114
password: ${{ secrets.GITHUB_TOKEN }}
115115
- name: Download diracx wheels
116-
uses: actions/download-artifact@v8
116+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
117117
with:
118118
name: diracx-whl
119119
- name: "Find wheels"
@@ -128,7 +128,7 @@ jobs:
128128
done
129129
130130
- name: Build and push client (release)
131-
uses: docker/build-push-action@v7
131+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7
132132
if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
133133
with:
134134
context: containers/client/
@@ -137,7 +137,7 @@ jobs:
137137
platforms: linux/amd64,linux/arm64
138138
build-args: EXTRA_PACKAGES_TO_INSTALL=DIRACCommon~=9.0.0
139139
- name: Build and push services (release)
140-
uses: docker/build-push-action@v7
140+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7
141141
if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
142142
with:
143143
context: containers/services/
@@ -147,7 +147,7 @@ jobs:
147147
build-args: EXTRA_PACKAGES_TO_INSTALL=DIRACCommon~=9.0.0
148148

149149
- name: Build and push client (dev)
150-
uses: docker/build-push-action@v7
150+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7
151151
with:
152152
context: containers/client/
153153
push: ${{ github.event_name != 'pull_request' && github.repository == 'DIRACGrid/diracx' && github.ref_name == 'main' }}
@@ -156,7 +156,7 @@ jobs:
156156
build-args: |
157157
EXTRA_PACKAGES_TO_INSTALL=git+https://github.com/DIRACGrid/DIRAC.git@integration#egg=diraccommon\&subdirectory=dirac-common
158158
- name: Build and push services (dev)
159-
uses: docker/build-push-action@v7
159+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7
160160
with:
161161
context: containers/services/
162162
push: ${{ github.event_name != 'pull_request' && github.repository == 'DIRACGrid/diracx' && github.ref_name == 'main' }}
@@ -174,12 +174,12 @@ jobs:
174174
if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }}
175175
steps:
176176
- name: Checkout diracx
177-
uses: actions/checkout@v6
177+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
178178
with:
179179
path: diracx
180180

181181
- name: Checkout diracx-charts
182-
uses: actions/checkout@v6
182+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
183183
with:
184184
repository: DIRACGrid/diracx-charts
185185
token: ${{ secrets.CHARTS_UPDATE_TOKEN }}

.github/workflows/draft-on-changes-requested.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
outputs:
1717
pr_number: ${{ steps.pr.outputs.number }}
1818
steps:
19-
- uses: actions/download-artifact@v8
19+
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
2020
with:
2121
name: pr-info
2222
run-id: ${{ github.event.workflow_run.id }}

.github/workflows/integration.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,8 @@ jobs:
2525
dirac-branch:
2626
- integration
2727
steps:
28-
- uses: actions/checkout@v6
29-
- uses: actions/setup-python@v6
28+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
29+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
3030
with:
3131
python-version: '3.14'
3232
- name: Build wheels
@@ -77,7 +77,7 @@ jobs:
7777
docker logs diracx 2>&1 | tee /tmp/service-logs/diracx.log
7878
cd /tmp/DIRACRepo
7979
./integration_tests.py logs --no-follow --lines 1000 2>&1 | tee /tmp/service-logs/dirac.log
80-
- uses: actions/upload-artifact@v7
80+
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
8181
if: ${{ failure() }}
8282
with:
8383
name: service-logs-${{ github.job }}

.github/workflows/main.yml

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,12 @@ jobs:
1919
runs-on: ubuntu-latest
2020
steps:
2121
- name: Checkout code
22-
uses: actions/checkout@v6
23-
- uses: prefix-dev/setup-pixi@v0.9.4
22+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
23+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
2424
with:
2525
run-install: false
2626
post-cleanup: false
27-
- uses: prefix-dev/setup-pixi@v0.9.4
27+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
2828
with:
2929
cache: false
3030
environments: shellcheck
@@ -54,8 +54,8 @@ jobs:
5454
- gubbins-cli
5555
steps:
5656
- name: Checkout code
57-
uses: actions/checkout@v6
58-
- uses: prefix-dev/setup-pixi@v0.9.4
57+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
58+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
5959
with:
6060
run-install: false
6161
post-cleanup: false
@@ -66,7 +66,7 @@ jobs:
6666
rm pixi.toml.bak
6767
# Show any changes
6868
git diff
69-
- uses: prefix-dev/setup-pixi@v0.9.4
69+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
7070
with:
7171
cache: false
7272
environments: ${{ matrix.package }}
@@ -105,8 +105,8 @@ jobs:
105105
echo "After cleanup:"
106106
df -h
107107
- name: Checkout code
108-
uses: actions/checkout@v6
109-
- uses: prefix-dev/setup-pixi@v0.9.4
108+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
109+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
110110
with:
111111
run-install: false
112112
post-cleanup: false
@@ -117,7 +117,7 @@ jobs:
117117
rm pixi.toml.bak
118118
# Show any changes
119119
git diff
120-
- uses: prefix-dev/setup-pixi@v0.9.4
120+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
121121
with:
122122
cache: false
123123
environments: ${{ matrix.extension == 'diracx' && 'default' || 'default-gubbins' }}
@@ -143,10 +143,10 @@ jobs:
143143
done
144144
- name: Set up Docker Buildx
145145
if: ${{ matrix.extension == 'gubbins' }}
146-
uses: docker/setup-buildx-action@v4
146+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
147147
- name: Build container for gubbins
148148
if: ${{ matrix.extension == 'gubbins' }}
149-
uses: docker/build-push-action@v7
149+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7
150150
with:
151151
context: extensions/containers/services
152152
tags: gubbins/services:dev
@@ -228,12 +228,12 @@ jobs:
228228
package: [diracx, gubbins]
229229
steps:
230230
- name: Checkout code
231-
uses: actions/checkout@v6
232-
- uses: prefix-dev/setup-pixi@v0.9.4
231+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
232+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
233233
with:
234234
run-install: false
235235
post-cleanup: false
236-
- uses: prefix-dev/setup-pixi@v0.9.4
236+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
237237
with:
238238
cache: false
239239
locked: false

.github/workflows/pr-title.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
name: Validate PR title
1313
runs-on: ubuntu-latest
1414
steps:
15-
- uses: amannn/action-semantic-pull-request@v6
15+
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6
1616
if: ${{ github.actor != 'pre-commit-ci[bot]' }}
1717
env:
1818
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/record-changes-requested.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ jobs:
1010
runs-on: ubuntu-latest
1111
steps:
1212
- run: echo "${{ github.event.pull_request.number }}" > pr_number.txt
13-
- uses: actions/upload-artifact@v7
13+
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
1414
with:
1515
name: pr-info
1616
path: pr_number.txt

.github/workflows/release-please.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414
release-please:
1515
runs-on: ubuntu-latest
1616
steps:
17-
- uses: googleapis/release-please-action@v4
17+
- uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4
1818
with:
1919
token: ${{ secrets.MY_RELEASE_PLEASE_TOKEN }}
2020
release-type: simple

.github/workflows/update_security_txt_expiry.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,10 @@ jobs:
1616

1717
steps:
1818
- name: Checkout repository
19-
uses: actions/checkout@v6
19+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2020

2121
- name: Set up Python
22-
uses: actions/setup-python@v6
22+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
2323
with:
2424
python-version: '3.x'
2525

@@ -74,7 +74,7 @@ jobs:
7474

7575
- name: Create Pull Request
7676
if: steps.update_script.outputs.changes_made == 'true'
77-
uses: peter-evans/create-pull-request@v8
77+
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8
7878
with:
7979
token: ${{ secrets.GITHUB_TOKEN }}
8080
commit-message: "chore(security): Update security.txt expiry date"

.github/workflows/vulnerabilities.yml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -16,34 +16,34 @@ jobs:
1616
runs-on: ubuntu-latest
1717
steps:
1818
- name: Checkout
19-
uses: actions/checkout@v6
19+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2020
with:
2121
fetch-depth: 0
2222
tags: true
2323

2424
- name: Run Trivy (client:dev)
25-
uses: aquasecurity/trivy-action@0.35.0
25+
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
2626
with:
2727
image-ref: "ghcr.io/diracgrid/diracx/client:dev"
2828
format: "sarif"
2929
output: "client-dev-vulnerability-report.sarif"
3030

3131
- name: Upload SARIF to GitHub Security (client:dev)
32-
uses: github/codeql-action/upload-sarif@v4
32+
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4
3333
with:
3434
sarif_file: "client-dev-vulnerability-report.sarif"
3535
category: "client-dev"
3636

3737
- name: Run Trivy (services:dev)
38-
uses: aquasecurity/trivy-action@0.35.0
38+
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
3939
with:
4040
image-ref: "ghcr.io/diracgrid/diracx/services:dev"
4141
format: "sarif"
4242
output: "services-dev-vulnerability-report.sarif"
4343
skip-setup-trivy: true
4444

4545
- name: Upload SARIF to GitHub Security (services:dev)
46-
uses: github/codeql-action/upload-sarif@v4
46+
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4
4747
with:
4848
sarif_file: "services-dev-vulnerability-report.sarif"
4949
category: "services-dev"
@@ -61,7 +61,7 @@ jobs:
6161
6262
- name: Run Trivy (client:release)
6363
if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }}
64-
uses: aquasecurity/trivy-action@0.35.0
64+
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
6565
with:
6666
image-ref: "ghcr.io/diracgrid/diracx/client:${{ steps.get-latest-tag.outputs.latest_tag }}"
6767
format: "sarif"
@@ -70,14 +70,14 @@ jobs:
7070

7171
- name: Upload SARIF to GitHub Security (client:rel)
7272
if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }}
73-
uses: github/codeql-action/upload-sarif@v4
73+
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4
7474
with:
7575
sarif_file: "client-rel-vulnerability-report.sarif"
7676
category: "client-rel"
7777

7878
- name: Run Trivy (services:release)
7979
if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }}
80-
uses: aquasecurity/trivy-action@0.35.0
80+
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
8181
with:
8282
image-ref: "ghcr.io/diracgrid/diracx/services:${{ steps.get-latest-tag.outputs.latest_tag }}"
8383
format: "sarif"
@@ -86,7 +86,7 @@ jobs:
8686

8787
- name: Upload SARIF to GitHub Security (services:rel)
8888
if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }}
89-
uses: github/codeql-action/upload-sarif@v4
89+
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4
9090
with:
9191
sarif_file: "services-rel-vulnerability-report.sarif"
9292
category: "services-rel"

extensions/gubbins/.github/workflows/main.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,8 @@ jobs:
2525
- gubbins-cli
2626
steps:
2727
- name: Checkout code
28-
uses: actions/checkout@v6
29-
- uses: prefix-dev/setup-pixi@v0.9.4
28+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
29+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
3030
with:
3131
run-install: false
3232
post-cleanup: false
@@ -37,7 +37,7 @@ jobs:
3737
rm pixi.toml.bak
3838
# Show any changes
3939
git diff
40-
- uses: prefix-dev/setup-pixi@v0.9.4
40+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
4141
with:
4242
environments: ${{ matrix.package }}
4343
- name: Run pytest
@@ -49,12 +49,12 @@ jobs:
4949
runs-on: ubuntu-latest
5050
steps:
5151
- name: Checkout code
52-
uses: actions/checkout@v6
53-
- uses: prefix-dev/setup-pixi@v0.9.4
52+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
53+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
5454
with:
5555
run-install: false
5656
post-cleanup: false
57-
- uses: prefix-dev/setup-pixi@v0.9.4
57+
- uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
5858
with:
5959
environments: generate-client
6060
- name: Run autorest

0 commit comments

Comments
 (0)