diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 000603d8d..e20ef58e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,10 +15,10 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 - - uses: astral-sh/setup-uv@v8.1.0 - - uses: j178/prek-action@v2 - - uses: pre-commit-ci/lite-action@v1.1.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + - uses: j178/prek-action@bdca6f102f98e2b4c7029491a53dfd366469e33d # v2 + - uses: pre-commit-ci/lite-action@5d6cc0eb514c891a40562a58a8e71576c5c7fb43 # v1.1.0 if: always() test: @@ -38,27 +38,27 @@ jobs: # - macOS-latest steps: - - uses: actions/checkout@v6 - - uses: actions/setup-python@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ matrix.python-version }} allow-prereleases: true - - uses: astral-sh/setup-uv@v8.1.0 + - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 - run: uv sync --no-python-downloads shell: bash - run: uv run pytest --cov-report=xml shell: bash - - uses: codecov/codecov-action@v6 + - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6 with: token: ${{ secrets.CODECOV_TOKEN }} commitlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - - uses: wagoid/commitlint-github-action@v6.2.1 + - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1 release: needs: @@ -75,7 +75,7 @@ jobs: contents: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 ref: ${{ github.sha }} @@ -86,30 +86,30 @@ jobs: # Do a dry run of PSR - name: Test release - uses: python-semantic-release/python-semantic-release@v10 + uses: python-semantic-release/python-semantic-release@350c48fcb3ffcdfd2e0a235206bc2ecea6b69df0 # v10 if: ${{ github.ref_name != 'main' && !startsWith(github.ref_name, 'stable/') }} with: no_operation_mode: true # On main/stable branch: actual PSR + upload to PyPI & GitHub - name: Release - uses: python-semantic-release/python-semantic-release@v10 + uses: python-semantic-release/python-semantic-release@350c48fcb3ffcdfd2e0a235206bc2ecea6b69df0 # v10 id: release if: ${{ github.ref_name == 'main' || startsWith(github.ref_name, 'stable/') }} with: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Attest build provenance - uses: actions/attest@v4 + uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4 if: steps.release.outputs.released == 'true' with: subject-path: "dist/*" - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 if: steps.release.outputs.released == 'true' - name: Publish package distributions to GitHub Releases - uses: python-semantic-release/publish-action@v10 + uses: python-semantic-release/publish-action@310a9983a0ae878b29f3aac778d7c77c1db27378 # v10 if: steps.release.outputs.released == 'true' with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6938fda71..bbabe0114 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,18 +24,18 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v4 + uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/hacktoberfest.yml b/.github/workflows/hacktoberfest.yml index a82069f10..b0f621a58 100644 --- a/.github/workflows/hacktoberfest.yml +++ b/.github/workflows/hacktoberfest.yml @@ -13,6 +13,6 @@ jobs: runs-on: ubuntu-latest steps: - - uses: browniebroke/hacktoberfest-labeler-action@v2 + - uses: browniebroke/hacktoberfest-labeler-action@72564cc2b8f1cd239fb6880cca150a1b8b6b027b # v2 with: github_token: ${{ secrets.CPR_GITHUB_TOKEN }} diff --git a/.github/workflows/issue-manager.yml b/.github/workflows/issue-manager.yml index 2d65e0024..6a9c67072 100644 --- a/.github/workflows/issue-manager.yml +++ b/.github/workflows/issue-manager.yml @@ -18,7 +18,7 @@ jobs: issue-manager: runs-on: ubuntu-latest steps: - - uses: tiangolo/issue-manager@0.6.0 + - uses: tiangolo/issue-manager@2fb3484ec9279485df8659e8ec73de262431737d # 0.6.0 with: token: ${{ secrets.GITHUB_TOKEN }} config: > diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index a32bd9470..2c0b7bb78 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -11,9 +11,9 @@ jobs: labels: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: 3.x - name: Install labels