diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index bef0624..77d33be 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -25,11 +25,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - - uses: hynek/build-and-inspect-python-package@v2 + - uses: hynek/build-and-inspect-python-package@c52c3a4710070b50470d903818a7b25115dcd076 # v2.13.0 test-publish: needs: [dist] @@ -44,17 +44,17 @@ jobs: if: github.event_name == 'release' && github.event.action == 'published' steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: Packages path: dist - name: Generate artifact attestation for sdist and wheel - uses: actions/attest-build-provenance@v2.4.0 + uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 with: subject-path: "dist/*" - - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 with: repository-url: https://test.pypi.org/legacy/ @@ -68,9 +68,9 @@ jobs: if: github.event_name == 'release' && github.event.action == 'published' steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: Packages path: dist - - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 364b62a..00f81fa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,13 +21,13 @@ jobs: name: Format runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install uv - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v6 - name: Install the project run: uv sync --locked --group test - - uses: pre-commit/action@v3.0.1 + - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 with: extra_args: --hook-stage manual --all-files - name: Run PyLint @@ -44,9 +44,9 @@ jobs: runs-on: [ubuntu-latest, windows-latest, macos-14] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install uv - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v6 - name: Install the project run: uv sync --locked --group test @@ -56,6 +56,6 @@ jobs: --durations=20 - name: Upload coverage report - uses: codecov/codecov-action@v5.4.3 + uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml index c6eec87..09e0969 100644 --- a/.github/workflows/ossar.yml +++ b/.github/workflows/ossar.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Ensure a compatible version of dotnet is installed. # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. @@ -45,7 +45,7 @@ jobs: # dotnet-version: '3.1.x' # Run open source static analysis tools - name: Run OSSAR - uses: github/ossar-action@v1 + uses: github/ossar-action@4e96c4f6e591eb4b991abfd459e40b136a317aea # v2.0.0 id: ossar # Upload results to the Security tab