diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9a460a741..9b820059c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: linting: runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install uv and set Python version @@ -37,7 +37,7 @@ jobs: type-checking: runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install uv and set Python version @@ -78,7 +78,7 @@ jobs: name: Unit tests on Python ${{ matrix.python-version }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install uv and set Python version @@ -141,7 +141,7 @@ jobs: name: ${{ matrix.job_name }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install uv and set Python version diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1834f6f10..290bfee87 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -55,7 +55,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/package-availability-check.yml b/.github/workflows/package-availability-check.yml index 3f43ddd21..836213f89 100644 --- a/.github/workflows/package-availability-check.yml +++ b/.github/workflows/package-availability-check.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: Install dependencies using pip diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bc81ae2a4..efff90e16 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -64,7 +64,7 @@ jobs: INPUTS_CONFIRM_MAJOR: ${{ inputs.confirm_major }} - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 token: ${{ secrets.GH_ACCESS_TOKEN }} @@ -321,7 +321,7 @@ jobs: - name: Notify Slack on success if: success() - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: webhook: ${{ secrets.SLACK_WEBHOOK_RELEASES }} webhook-type: incoming-webhook @@ -405,7 +405,7 @@ jobs: - name: Notify Slack on failure if: failure() - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: webhook: ${{ secrets.SLACK_WEBHOOK_ENGINEERING }} webhook-type: incoming-webhook diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 725619c3f..03d663f9d 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -22,7 +22,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Run zizmor