Skip to content

Commit 5424ea4

Browse files
lhoupertlhoupert
committed
ci: pin GitHub Actions to SHA digests
1 parent aeb95fa commit 5424ea4

3 files changed

Lines changed: 13 additions & 13 deletions

File tree

.github/workflows/lint.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,10 @@ jobs:
99
pre-commit:
1010
runs-on: ubuntu-latest
1111
steps:
12-
- uses: actions/checkout@v4
12+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
1313

1414
- name: Set up Python
15-
uses: actions/setup-python@v5
15+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
1616
with:
1717
python-version: "3.11"
1818
cache: "pip"

.github/workflows/publish.yaml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@ jobs:
99
runs-on: ubuntu-latest
1010

1111
steps:
12-
- uses: actions/checkout@v4
12+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
1313
- name: Set up Python
14-
uses: actions/setup-python@v5
14+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
1515
with:
1616
python-version: "3.x"
1717
- name: Rewrite image URLs
@@ -29,7 +29,7 @@ jobs:
2929
- name: Build a binary wheel and a source tarball
3030
run: python3 -m build
3131
- name: Store the distribution packages
32-
uses: actions/upload-artifact@v4
32+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
3333
with:
3434
name: python-package-distributions
3535
path: dist/
@@ -49,12 +49,12 @@ jobs:
4949

5050
steps:
5151
- name: Download all the dists
52-
uses: actions/download-artifact@v4
52+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
5353
with:
5454
name: python-package-distributions
5555
path: dist/
5656
- name: Publish distribution 📦 to PyPI
57-
uses: pypa/gh-action-pypi-publish@release/v1
57+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1
5858

5959
github-release:
6060
name: >-
@@ -70,12 +70,12 @@ jobs:
7070

7171
steps:
7272
- name: Download all the dists
73-
uses: actions/download-artifact@v4
73+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
7474
with:
7575
name: python-package-distributions
7676
path: dist/
7777
- name: Sign the dists with Sigstore
78-
uses: sigstore/gh-action-sigstore-python@v3.0.0
78+
uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
7979
with:
8080
inputs: >-
8181
./dist/*.tar.gz
@@ -114,12 +114,12 @@ jobs:
114114

115115
steps:
116116
- name: Download all the dists
117-
uses: actions/download-artifact@v4
117+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
118118
with:
119119
name: python-package-distributions
120120
path: dist/
121121
- name: Publish distribution 📦 to TestPyPI
122-
uses: pypa/gh-action-pypi-publish@release/v1
122+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1
123123
with:
124124
repository-url: https://test.pypi.org/legacy/
125125
continue-on-error: true

.github/workflows/test.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,10 @@ jobs:
1010
pytest:
1111
runs-on: ubuntu-latest
1212
steps:
13-
- uses: actions/checkout@v4
13+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
1414

1515
- name: Set up Python
16-
uses: actions/setup-python@v5
16+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
1717
with:
1818
python-version: "3.11"
1919
cache: "pip"

0 commit comments

Comments
 (0)