diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b9b7f70..8c78689 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -66,7 +66,7 @@ jobs: - name: Install Just uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Install Emacs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e2da7b7..2e6b445 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -48,7 +48,7 @@ jobs: python-version: "3.14" allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false restore-cache: false @@ -99,7 +99,7 @@ jobs: id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download all the dists - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: name: python-package-distributions path: dist/ @@ -119,12 +119,12 @@ jobs: steps: - name: Download all the dists - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: name: python-package-distributions path: dist/ - name: Sign the dists with Sigstore - uses: sigstore/gh-action-sigstore-python@a5caf349bc536fbef3668a10ed7f5cd309a4b53d + uses: sigstore/gh-action-sigstore-python@04cffa1d795717b140764e8b640de88853c92acc with: inputs: >- ./dist/*.tar.gz diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 83a1b50..b0a0696 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 318252e..5a1a96f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -77,7 +77,7 @@ jobs: - name: Setup Just uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Install Emacs @@ -154,7 +154,7 @@ jobs: - name: Setup Just uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: install-emacs-macos @@ -234,12 +234,12 @@ jobs: - name: Setup Just uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: install-vim-windows if: ${{ github.event.inputs.debug == 'true' }} - uses: rhysd/action-setup-vim@19e3dd31a84dbc2c5445d65e9b363f616cab96c1 + uses: rhysd/action-setup-vim@febef33995d6649302e9d88dda81e071b68f16a7 - name: Setup tmate session if: ${{ github.event.inputs.debug == 'true' }} uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 @@ -281,7 +281,7 @@ jobs: - name: Setup Just uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup venv @@ -291,7 +291,7 @@ jobs: just setup "$TEST_PYTHON" - name: Get coverage files - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: pattern: "*.coverage" merge-multiple: true @@ -299,7 +299,7 @@ jobs: - run: just coverage - name: Upload coverage to Codecov - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 with: token: ${{ secrets.CODECOV_TOKEN }} files: diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index afb93d9..6a17974 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -29,7 +29,7 @@ jobs: persist-credentials: false - name: Set up Rust - uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 + uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 - name: Install jq run: | sudo apt-get update @@ -50,7 +50,7 @@ jobs: retention-days: 7 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 with: sarif_file: zizmor.sarif