chore: pin GitHub Actions to commit SHA

quentin-laplanche-docker · quentin-laplanche-docker · commit c26427bd18ec · 2026-04-20T10:15:35.000+02:00
Signed-off-by: Quentin Laplanche &lt;quentin.laplanche@docker.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,8 +10,8 @@ jobs:
     lint:
         runs-on: ubuntu-latest
         steps:
-            - uses: actions/checkout@v4
-            - uses: actions/setup-python@v5
+            - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+            - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
               with:
                   python-version: '3.x'
             - run: pip install -U ruff==0.1.8
@@ -21,12 +21,12 @@ jobs:
     build:
       runs-on: ubuntu-22.04
       steps:
-        - uses: actions/checkout@v4
-        - uses: actions/setup-python@v5
+        - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
           with:
             python-version: '3.x'
         - run: pip3 install build && python -m build .
-        - uses: actions/upload-artifact@v4
+        - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
           with:
             name: dist
             path: dist
@@ -38,9 +38,9 @@ jobs:
                 python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
 
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
             - name: Set up Python ${{ matrix.python-version }}
-              uses: actions/setup-python@v5
+              uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
               with:
                 python-version: ${{ matrix.python-version }}
                 allow-prereleases: true
@@ -61,7 +61,7 @@ jobs:
                 variant: [ "integration-dind", "integration-dind-ssl", "integration-dind-ssh" ]
 
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
               with:
                 fetch-depth: 0
                 fetch-tags: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,9 +20,9 @@ jobs:
   publish:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
         with:
           python-version: '3.x'
 
@@ -36,13 +36,13 @@ jobs:
           SETUPTOOLS_SCM_PRETEND_VERSION: ${{ inputs.tag }}
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1
         if: '! inputs.dry-run'
         with:
           password: ${{ secrets.PYPI_API_TOKEN }}
 
       - name: Create GitHub release
-        uses: ncipollo/release-action@v1
+        uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1
         if: '! inputs.dry-run'
         with:
           artifacts: "dist/*"
