@@ -19,23 +19,23 @@ jobs:
1919 - { name: "mypy-ma3", tox: mypy-marshmallow3 }
2020 - { name: "mypy-madev", tox: mypy-marshmallowdev }
2121 steps :
22- - uses : actions/checkout@v6
23- - uses : astral-sh/setup-uv@v7
22+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
23+ - uses : astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
2424 with :
2525 enable-cache : true
2626 - run : uv run tox -e${{ matrix.tox }}
2727 build :
2828 name : Build package
2929 runs-on : ubuntu-latest
3030 steps :
31- - uses : actions/checkout@v6
32- - uses : astral-sh/setup-uv@v7
31+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
32+ - uses : astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
3333 with :
3434 enable-cache : true
3535 - run : uv build
3636 - run : uvx twine check --strict dist/*
3737 - name : Store the distribution packages
38- uses : actions/upload-artifact@v7
38+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
3939 with :
4040 name : python-package-distributions
4141 path : dist/
4545 if : startsWith(github.ref, 'refs/tags')
4646 runs-on : ubuntu-latest
4747 steps :
48- - uses : actions/checkout@v6
49- - uses : astral-sh/setup-uv@v7
48+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
49+ - uses : astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
5050 with :
5151 enable-cache : true
5252 - run : uv run tox -e lint
6262 id-token : write
6363 steps :
6464 - name : Download all the dists
65- uses : actions/download-artifact@v8
65+ uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
6666 with :
6767 name : python-package-distributions
6868 path : dist/
6969 - name : Publish distribution to PyPI
70- uses : pypa/gh-action-pypi-publish@release/v1
70+ uses : pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
0 commit comments