@@ -14,20 +14,20 @@ jobs:
1414 lint :
1515 runs-on : ubuntu-latest
1616 steps :
17- - uses : actions/checkout@v6.0.2
18- - uses : astral-sh/setup-uv@v8.1.0
19- - uses : j178/prek-action@v2.0.3
17+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
18+ - uses : astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
19+ - uses : j178/prek-action@6ad80277337ad479fe43bd70701c3f7f8aa74db3 # v2.0.3
2020
2121 # Make sure commit messages follow the conventional commits convention:
2222 # https://www.conventionalcommits.org
2323 commitlint :
2424 name : Lint Commit Messages
2525 runs-on : ubuntu-latest
2626 steps :
27- - uses : actions/checkout@v6.0.2
27+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2828 with :
2929 fetch-depth : 0
30- - uses : wagoid/commitlint-github-action@v6.2.1
30+ - uses : wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1
3131
3232 test :
3333 strategy :
@@ -43,15 +43,15 @@ jobs:
4343 - macOS-latest
4444 runs-on : ${{ matrix.os }}
4545 steps :
46- - uses : actions/checkout@v6.0.2
47- - uses : astral-sh/setup-uv@v8.1.0
46+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
47+ - uses : astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
4848 with :
4949 python-version : ${{ matrix.python-version }}
5050 - run : uv sync
5151 shell : bash
5252 - run : uv run pytest
5353 shell : bash
54- - uses : codecov/codecov-action@v6
54+ - uses : codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6
5555 with :
5656 token : ${{ secrets.CODECOV_TOKEN }}
5757
7070 contents : write
7171
7272 steps :
73- - uses : actions/checkout@v6.0.2
73+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7474 with :
7575 fetch-depth : 0
7676 ref : ${{ github.sha }}
@@ -81,32 +81,32 @@ jobs:
8181
8282 # Do a dry run of PSR
8383 - name : Test release
84- uses : python-semantic-release/python-semantic-release@v10.5.3
84+ uses : python-semantic-release/python-semantic-release@350c48fcb3ffcdfd2e0a235206bc2ecea6b69df0 # v10.5.3
8585 if : github.ref_name != 'main'
8686 with :
8787 no_operation_mode : true
8888 github_token : noop
8989
9090 # On main branch: actual PSR + upload to PyPI & GitHub
9191 - name : Release
92- uses : python-semantic-release/python-semantic-release@v10.5.3
92+ uses : python-semantic-release/python-semantic-release@350c48fcb3ffcdfd2e0a235206bc2ecea6b69df0 # v10.5.3
9393 if : github.ref_name == 'main'
9494 id : release
9595 with :
9696 github_token : ${{ secrets.GITHUB_TOKEN }}
9797
9898 - name : Attest build provenance
99- uses : actions/attest@v4
99+ uses : actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4
100100 if : steps.release.outputs.released == 'true'
101101 with :
102102 subject-path : " dist/*"
103103
104104 - name : Publish package distributions to PyPI
105- uses : pypa/gh-action-pypi-publish@v1.14.0
105+ uses : pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
106106 if : steps.release.outputs.released == 'true'
107107
108108 - name : Publish package distributions to GitHub Releases
109- uses : python-semantic-release/publish-action@v10.5.3
109+ uses : python-semantic-release/publish-action@310a9983a0ae878b29f3aac778d7c77c1db27378 # v10.5.3
110110 if : steps.release.outputs.released == 'true'
111111 with :
112112 github_token : ${{ secrets.GITHUB_TOKEN }}
0 commit comments