Skip to content

Commit 35fa54f

Browse files
committed
CI: use hashes for actions
1 parent b41da86 commit 35fa54f

File tree

5 files changed

+18
-18
lines changed

5 files changed

+18
-18
lines changed

.github/workflows/cd.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,11 @@ jobs:
1414
dist:
1515
runs-on: ubuntu-latest
1616
steps:
17-
- uses: actions/checkout@v4
17+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
1818
with:
1919
fetch-depth: 0
2020

21-
- uses: hynek/build-and-inspect-python-package@v2
21+
- uses: hynek/build-and-inspect-python-package@b5076c307dc91924a82ad150cdd1533b444d3310 # v2.12.0
2222

2323
publish:
2424
needs: [dist]
@@ -31,14 +31,14 @@ jobs:
3131
if: github.event_name == 'release' && github.event.action == 'published'
3232

3333
steps:
34-
- uses: actions/download-artifact@v4
34+
- uses: actions/download-artifact@b14cf4c92620c250e1c074ab0a5800e37df86765 # v4.2.0
3535
with:
3636
name: Packages
3737
path: dist
3838

3939
- name: Generate artifact attestation for sdist and wheel
40-
uses: actions/attest-build-provenance@v2.2.3
40+
uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
4141
with:
4242
subject-path: "dist/*"
4343

44-
- uses: pypa/gh-action-pypi-publish@release/v1
44+
- uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4

.github/workflows/ci.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,16 +21,16 @@ jobs:
2121
name: Format
2222
runs-on: ubuntu-latest
2323
steps:
24-
- uses: actions/checkout@v4
24+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2525
with:
2626
fetch-depth: 0
27-
- uses: actions/setup-python@v5
27+
- uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
2828
with:
2929
python-version: "3.x"
30-
- uses: pre-commit/action@v3.0.1
30+
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
3131
with:
3232
extra_args: --hook-stage manual --all-files
33-
- uses: prefix-dev/setup-pixi@v0.8.3
33+
- uses: prefix-dev/setup-pixi@92815284c57faa15cd896c4d5cfb2d59f32dc43d # v0.8.3
3434
with:
3535
pixi-version: v0.42.1
3636
cache: true
@@ -52,11 +52,11 @@ jobs:
5252
runs-on: [ubuntu-latest]
5353

5454
steps:
55-
- uses: actions/checkout@v4
55+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
5656
with:
5757
fetch-depth: 0
5858

59-
- uses: prefix-dev/setup-pixi@v0.8.3
59+
- uses: prefix-dev/setup-pixi@92815284c57faa15cd896c4d5cfb2d59f32dc43d # v0.8.3
6060
with:
6161
pixi-version: v0.42.1
6262
cache: true
@@ -66,6 +66,6 @@ jobs:
6666
run: pixi run -e ${{ matrix.environment }} tests-ci
6767

6868
- name: Upload coverage report
69-
uses: codecov/codecov-action@v5.4.0
69+
uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
7070
with:
7171
token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/dependabot-auto-merge.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
steps:
1414
- name: Dependabot metadata
1515
id: metadata
16-
uses: dependabot/fetch-metadata@v2
16+
uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 # v2.3.0
1717
with:
1818
github-token: "${{ secrets.GITHUB_TOKEN }}"
1919
- name: Enable auto-merge for Dependabot PRs

.github/workflows/docs-build.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ jobs:
66
docs-build:
77
runs-on: ubuntu-latest
88
steps:
9-
- uses: actions/checkout@v4
9+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
1010
- uses: prefix-dev/setup-pixi@v0.8.3
1111
with:
1212
pixi-version: v0.42.1
@@ -15,7 +15,7 @@ jobs:
1515
- name: Build Docs
1616
run: pixi run -e docs docs
1717
- name: Upload Artifact
18-
uses: actions/upload-artifact@v4
18+
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
1919
with:
2020
name: docs-build
2121
path: docs/build/

.github/workflows/docs-deploy.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,9 @@ jobs:
1414
environment:
1515
name: docs-deploy
1616
steps:
17-
- uses: actions/checkout@v4
17+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
1818
- name: Download Artifact
19-
uses: dawidd6/action-download-artifact@v9
19+
uses: dawidd6/action-download-artifact@07ab29fd4a977ae4d2b275087cf67563dfdf0295 # v9
2020
with:
2121
workflow: docs-build.yml
2222
name: docs-build
@@ -26,7 +26,7 @@ jobs:
2626
# See
2727
# https://github.com/JamesIves/github-pages-deploy-action/tree/dev#using-an-ssh-deploy-key-
2828
- name: Deploy
29-
uses: JamesIves/github-pages-deploy-action@v4
29+
uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3
3030
with:
3131
folder: docs/build/
3232
ssh-key: ${{ secrets.DEPLOY_KEY }}

0 commit comments

Comments
 (0)