From 70ab04ba6af930e8bb48809f9fc601e94f2cb802 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Mon, 5 Aug 2024 16:16:52 -0400 Subject: [PATCH] workflows: hash-pin all workflows Signed-off-by: William Woodruff --- .github/workflows/docs.yml | 8 ++++---- .github/workflows/lint.yml | 4 ++-- .github/workflows/release.yml | 6 +++--- .github/workflows/tests.yml | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 79cb494..b7082c5 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -9,9 +9,9 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 with: python-version-file: pyproject.toml cache: "pip" @@ -26,7 +26,7 @@ jobs: make doc - name: upload docs artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 with: path: ./html/ @@ -42,4 +42,4 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} steps: - id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f484a39..b760029 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,9 +10,9 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 with: python-version-file: pyproject.toml cache: "pip" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6e919ac..6ac4909 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,9 +15,9 @@ jobs: name: upload release to PyPI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 with: python-version-file: pyproject.toml cache: "pip" @@ -33,7 +33,7 @@ jobs: uses: pypa/gh-action-pypi-publish@release/v1 - name: attest - uses: actions/attest@v1 + uses: actions/attest@c578ab5e377a70e30e1411d16a0eba675e5dc2e9 # v1 with: subject-path: | ./dist/*.tar.gz diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 0760232..126605e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -17,9 +17,9 @@ jobs: permissions: id-token: write # unit tests use the ambient OIDC credential steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 with: python-version: ${{ matrix.python }} cache: "pip"