File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -34,13 +34,13 @@ jobs:
3434
3535 # Initializes the CodeQL tools for scanning.
3636 - name : Initialize CodeQL
37- uses : github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
37+ uses : github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
3838 with :
3939 languages : ${{ matrix.language }}
4040 build-mode : ${{ matrix.build-mode }}
4141 queries : security-extended
4242
4343 - name : Perform CodeQL Analysis
44- uses : github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
44+ uses : github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
4545 with :
4646 category : " /language:${{matrix.language}}"
Original file line number Diff line number Diff line change 2222 with :
2323 python-version-file : " .python-version"
2424 - name : Install uv
25- uses : astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
25+ uses : astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
2626 - name : Install dependencies
2727 run : |
2828 uv sync --locked --extra docs
Original file line number Diff line number Diff line change 2626 with :
2727 python-version-file : " .python-version"
2828 - name : Install uv
29- uses : astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
29+ uses : astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
3030 - name : Install dependencies
3131 run : |
3232 uv sync --locked --all-extras
4545 with :
4646 python-version-file : " .python-version"
4747 - name : Install uv
48- uses : astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
48+ uses : astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
4949 - name : Install dependencies
5050 run : |
5151 uv sync --locked --extra tests
Original file line number Diff line number Diff line change @@ -26,14 +26,14 @@ jobs:
2626 - name : Build sdist
2727 run : |
2828 uv build --sdist
29- - uses : actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 .0.0
29+ - uses : actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 .0.0
3030 with :
3131 name : artifact-sdist
3232 path : dist/*.tar.gz
3333 - name : Build wheel
3434 run : |
3535 uv build --wheel
36- - uses : actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 .0.0
36+ - uses : actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 .0.0
3737 with :
3838 name : artifact-wheel
3939 path : dist/*.whl
4848 id-token : write # required by trusted publisher
4949 steps :
5050 - name : Download artifacts
51- uses : actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
51+ uses : actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
5252 with :
5353 path : dist
5454 pattern : artifact-*
Original file line number Diff line number Diff line change 7272 private-key : ${{ secrets.RENOVATE_APP_PEM }}
7373
7474 - name : Self-hosted Renovate
75- uses : renovatebot/github-action@5712c6a41dea6cdf32c72d92a763bd417e6606aa # v44.0.5
75+ uses : renovatebot/github-action@8b7941943a108b2cc2150730963164aa8baeab8c # v44.2.2
7676 with :
7777 configurationFile : .github/renovate.json5
7878 token : " ${{ steps.get-github-app-token.outputs.token }}"
Original file line number Diff line number Diff line change 3535
3636 # Upload the results to GitHub's code scanning dashboard
3737 - name : Upload to code-scanning
38- uses : github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
38+ uses : github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
3939 with :
4040 sarif_file : results.sarif
Original file line number Diff line number Diff line change 2424 with :
2525 persist-credentials : false
2626 - name : Run Zizmor scan
27- uses : open-edge-platform/geti-ci/actions/zizmor@66652424b4ec87ff529dce5ae4a03f339e58a84b
27+ uses : open-edge-platform/geti-ci/actions/zizmor@d30e32248aa6bd06adeda7129b50a38bdbceca12
2828 with :
2929 scan-scope : " all"
3030 severity-level : " LOW"
4242 with :
4343 persist-credentials : false
4444 - name : Run Bandit scan
45- uses : open-edge-platform/geti-ci/actions/bandit@66652424b4ec87ff529dce5ae4a03f339e58a84b
45+ uses : open-edge-platform/geti-ci/actions/bandit@d30e32248aa6bd06adeda7129b50a38bdbceca12
4646 with :
4747 scan-scope : " all"
4848 severity-level : " LOW"
6262 persist-credentials : false
6363 - name : Run Trivy scan
6464 id : trivy
65- uses : open-edge-platform/geti-ci/actions/trivy@66652424b4ec87ff529dce5ae4a03f339e58a84b
65+ uses : open-edge-platform/geti-ci/actions/trivy@d30e32248aa6bd06adeda7129b50a38bdbceca12
6666 with :
6767 scan_type : " fs"
6868 scan-scope : all
8484 persist-credentials : false
8585 - name : Run Semgrep scan
8686 id : semgrep
87- uses : open-edge-platform/geti-ci/actions/semgrep@66652424b4ec87ff529dce5ae4a03f339e58a84b
87+ uses : open-edge-platform/geti-ci/actions/semgrep@d30e32248aa6bd06adeda7129b50a38bdbceca12
8888 with :
8989 scan-scope : " all"
9090 severity : " LOW"
Original file line number Diff line number Diff line change 2727 with :
2828 persist-credentials : false
2929 - name : Install uv
30- uses : astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
30+ uses : astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
3131 with :
3232 enable-cache : false
3333 python-version : ${{ matrix.python-version }}
Original file line number Diff line number Diff line change 2929 with :
3030 persist-credentials : false
3131 - name : Install uv
32- uses : astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
32+ uses : astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
3333 with :
3434 enable-cache : false
3535 python-version : ${{ matrix.python-version }}
5252 with :
5353 persist-credentials : false
5454 - name : Run Zizmor scan
55- uses : open-edge-platform/geti-ci/actions/zizmor@66652424b4ec87ff529dce5ae4a03f339e58a84b
55+ uses : open-edge-platform/geti-ci/actions/zizmor@d30e32248aa6bd06adeda7129b50a38bdbceca12
5656 with :
5757 scan-scope : " changed"
5858 severity-level : " LOW"
6868 with :
6969 persist-credentials : false
7070 - name : Run Bandit scan
71- uses : open-edge-platform/geti-ci/actions/bandit@66652424b4ec87ff529dce5ae4a03f339e58a84b
71+ uses : open-edge-platform/geti-ci/actions/bandit@d30e32248aa6bd06adeda7129b50a38bdbceca12
7272 with :
7373 scan-scope : " changed"
7474 severity-level : " LOW"
8888 persist-credentials : false
8989 fetch-depth : 0
9090 - name : Run Semgrep scan
91- uses : open-edge-platform/geti-ci/actions/semgrep@66652424b4ec87ff529dce5ae4a03f339e58a84b
91+ uses : open-edge-platform/geti-ci/actions/semgrep@d30e32248aa6bd06adeda7129b50a38bdbceca12
9292 with :
9393 scan-scope : " changed"
9494 severity : " LOW"
You can’t perform that action at this time.
0 commit comments