@@ -20,23 +20,23 @@ jobs:
2020 - { name: "lowest", tox: py310-lowest }
2121 - { name: "3.14-apispecdev", tox: py314-apispecdev }
2222 steps :
23- - uses : actions/checkout@v6
24- - uses : astral-sh/setup-uv@v7
23+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
24+ - uses : astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
2525 with :
2626 enable-cache : true
2727 - run : uv run tox -e ${{ matrix.tox }}
2828 build :
2929 name : Build package
3030 runs-on : ubuntu-latest
3131 steps :
32- - uses : actions/checkout@v6
33- - uses : astral-sh/setup-uv@v7
32+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
33+ - uses : astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
3434 with :
3535 enable-cache : true
3636 - run : uv build
3737 - run : uvx twine check --strict dist/*
3838 - name : Store the distribution packages
39- uses : actions/upload-artifact@v7
39+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
4040 with :
4141 name : python-package-distributions
4242 path : dist/
4646 if : startsWith(github.ref, 'refs/tags')
4747 runs-on : ubuntu-latest
4848 steps :
49- - uses : actions/checkout@v6
50- - uses : astral-sh/setup-uv@v7
49+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
50+ - uses : astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
5151 with :
5252 enable-cache : true
5353 - run : uv run tox -e lint
6363 id-token : write
6464 steps :
6565 - name : Download all the dists
66- uses : actions/download-artifact@v8
66+ uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
6767 with :
6868 name : python-package-distributions
6969 path : dist/
7070 - name : Publish distribution to PyPI
71- uses : pypa/gh-action-pypi-publish@release/v1
71+ uses : pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
0 commit comments