Skip to content

Commit 087376d

Browse files
authored
Hash pin GitHub Actions (#9568)
2 parents b893310 + 2593703 commit 087376d

File tree

13 files changed

+50
-56
lines changed

13 files changed

+50
-56
lines changed

.github/workflows/cifuzz.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,27 +35,27 @@ jobs:
3535
steps:
3636
- name: Build Fuzzers
3737
id: build
38-
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
38+
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@e41e2f295eb18d630932fdd33d072527ba74c87b # master
3939
with:
4040
oss-fuzz-project-name: 'pillow'
4141
language: python
4242
dry-run: false
4343
- name: Run Fuzzers
4444
id: run
45-
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
45+
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@e41e2f295eb18d630932fdd33d072527ba74c87b # master
4646
with:
4747
oss-fuzz-project-name: 'pillow'
4848
fuzz-seconds: 600
4949
language: python
5050
dry-run: false
5151
- name: Upload New Crash
52-
uses: actions/upload-artifact@v7
52+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
5353
if: failure() && steps.build.outcome == 'success'
5454
with:
5555
name: artifacts
5656
path: ./out/artifacts
5757
- name: Upload Legacy Crash
58-
uses: actions/upload-artifact@v7
58+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
5959
if: steps.run.outcome == 'success'
6060
with:
6161
name: crash

.github/workflows/docs.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32,12 +32,12 @@ jobs:
3232
name: Docs
3333

3434
steps:
35-
- uses: actions/checkout@v6
35+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3636
with:
3737
persist-credentials: false
3838

3939
- name: Set up Python
40-
uses: actions/setup-python@v6
40+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
4141
with:
4242
python-version: "3.x"
4343
cache: pip
@@ -49,21 +49,21 @@ jobs:
4949
run: python3 .github/workflows/system-info.py
5050

5151
- name: Cache libavif
52-
uses: actions/cache@v5
52+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
5353
id: cache-libavif
5454
with:
5555
path: ~/cache-libavif
5656
key: ${{ runner.os }}-libavif-${{ hashFiles('depends/install_libavif.sh', 'depends/libavif-svt4.patch') }}
5757

5858
- name: Cache libimagequant
59-
uses: actions/cache@v5
59+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
6060
id: cache-libimagequant
6161
with:
6262
path: ~/cache-libimagequant
6363
key: ${{ runner.os }}-libimagequant-${{ hashFiles('depends/install_imagequant.sh') }}
6464

6565
- name: Cache libwebp
66-
uses: actions/cache@v5
66+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
6767
id: cache-libwebp
6868
with:
6969
path: ~/cache-libwebp

.github/workflows/lint.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,14 @@ jobs:
1818
runs-on: ubuntu-latest
1919
name: Lint
2020
steps:
21-
- uses: actions/checkout@v6
21+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222
with:
2323
persist-credentials: false
24-
- uses: actions/setup-python@v6
24+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
2525
with:
2626
python-version: "3.x"
2727
- name: Install uv
28-
uses: astral-sh/setup-uv@v7
28+
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
2929
- name: Lint
3030
run: uvx --with tox-uv tox -e lint
3131
- name: Mypy

.github/workflows/release-drafter.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,6 @@ jobs:
2626
runs-on: ubuntu-latest
2727
steps:
2828
# Drafts your next release notes as pull requests are merged into "main"
29-
- uses: release-drafter/release-drafter@v7
29+
- uses: release-drafter/release-drafter@5de93583980a40bd78603b6dfdcda5b4df377b32 # v7.2.0
3030
env:
3131
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ jobs:
2525

2626
steps:
2727
- name: "Check issues"
28-
uses: actions/stale@v10
28+
uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
2929
with:
3030
repo-token: ${{ secrets.GITHUB_TOKEN }}
3131
only-labels: "Awaiting OP Action"

.github/workflows/test-docker.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ jobs:
6767
name: ${{ matrix.docker }}
6868

6969
steps:
70-
- uses: actions/checkout@v6
70+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7171
with:
7272
persist-credentials: false
7373

@@ -76,7 +76,7 @@ jobs:
7676

7777
- name: Set up QEMU
7878
if: "matrix.qemu-arch"
79-
uses: docker/setup-qemu-action@v4
79+
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
8080
with:
8181
platforms: ${{ matrix.qemu-arch }}
8282

@@ -104,7 +104,7 @@ jobs:
104104
.ci/after_success.sh
105105
106106
- name: Upload coverage
107-
uses: codecov/codecov-action@v6
107+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
108108
with:
109109
flags: GHA_Docker
110110
name: ${{ matrix.docker }}

.github/workflows/test-mingw.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ jobs:
4646

4747
steps:
4848
- name: Checkout Pillow
49-
uses: actions/checkout@v6
49+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5050
with:
5151
persist-credentials: false
5252

@@ -87,7 +87,7 @@ jobs:
8787
.ci/test.sh
8888
8989
- name: Upload coverage
90-
uses: codecov/codecov-action@v6
90+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
9191
with:
9292
files: ./coverage.xml
9393
flags: GHA_Windows

.github/workflows/test-valgrind-memory.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ jobs:
4444
name: ${{ matrix.docker }}
4545

4646
steps:
47-
- uses: actions/checkout@v6
47+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4848
with:
4949
persist-credentials: false
5050

.github/workflows/test-valgrind.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ jobs:
4242
name: ${{ matrix.docker }}
4343

4444
steps:
45-
- uses: actions/checkout@v6
45+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4646
with:
4747
persist-credentials: false
4848

.github/workflows/test-windows.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -49,27 +49,27 @@ jobs:
4949

5050
steps:
5151
- name: Checkout Pillow
52-
uses: actions/checkout@v6
52+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5353
with:
5454
persist-credentials: false
5555

5656
- name: Checkout cached dependencies
57-
uses: actions/checkout@v6
57+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5858
with:
5959
persist-credentials: false
6060
repository: python-pillow/pillow-depends
6161
path: winbuild\depends
6262

6363
- name: Checkout extra test images
64-
uses: actions/checkout@v6
64+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6565
with:
6666
persist-credentials: false
6767
repository: python-pillow/test-images
6868
path: Tests\test-images
6969

7070
# sets env: pythonLocation
7171
- name: Set up Python
72-
uses: actions/setup-python@v6
72+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
7373
with:
7474
python-version: ${{ matrix.python-version }}
7575
allow-prereleases: true
@@ -113,7 +113,7 @@ jobs:
113113

114114
- name: Cache build
115115
id: build-cache
116-
uses: actions/cache@v5
116+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
117117
with:
118118
path: winbuild\build
119119
key:
@@ -217,7 +217,7 @@ jobs:
217217
shell: bash
218218

219219
- name: Upload errors
220-
uses: actions/upload-artifact@v7
220+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
221221
if: failure()
222222
with:
223223
name: errors
@@ -229,7 +229,7 @@ jobs:
229229
shell: pwsh
230230

231231
- name: Upload coverage
232-
uses: codecov/codecov-action@v6
232+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
233233
with:
234234
files: ./coverage.xml
235235
flags: GHA_Windows

0 commit comments

Comments
 (0)