From 4fc8e61853f0cbb44d761b54bb7a35c17e182f94 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 29 Apr 2025 09:16:24 -0500 Subject: [PATCH] INTPYTHON-608 Use pinned sources for GitHub Actions --- .github/workflows/release-python.yml | 2 +- .github/workflows/test-python.yml | 20 ++++++++++---------- .github/workflows/zizmor.yml | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index df42c18..9843e19 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -77,7 +77,7 @@ jobs: path: dist/ - name: Publish distribution 📦 to PyPI if: startsWith(env.DRY_RUN, 'false') - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # release/v1 post-publish: needs: [publish] diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 583dbca..9b8d6c9 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -27,11 +27,11 @@ jobs: persist-credentials: false fetch-depth: 0 - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: enable-cache: true python-version: ${{ matrix.python-version }} - - uses: extractions/setup-just@v3 + - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3 - run: just install - run: just lint - run: just docs @@ -50,14 +50,14 @@ jobs: persist-credentials: false fetch-depth: 0 - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: enable-cache: true python-version: ${{ matrix.python-version }} - - uses: extractions/setup-just@v3 + - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3 - name: Start MongoDB on Linux if: ${{ startsWith(runner.os, 'Linux') }} - uses: supercharge/mongodb-github-action@1.12.0 + uses: supercharge/mongodb-github-action@90004df786821b6308fb02299e5835d0dae05d0d # 1.12.0 with: mongodb-version: ${{ env.MAX_MONGODB }} mongodb-replica-set: test-rs @@ -86,18 +86,18 @@ jobs: persist-credentials: false fetch-depth: 0 - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: enable-cache: true python-version: ${{ env.MIN_PYTHON }} - - uses: extractions/setup-just@v3 + - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3 - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: enable-cache: true python-version: ${{ env.MIN_PYTHON }} - - uses: extractions/setup-just@v3 - - uses: supercharge/mongodb-github-action@1.12.0 + - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3 + - uses: supercharge/mongodb-github-action@90004df786821b6308fb02299e5835d0dae05d0d # 1.12.0 with: mongodb-version: ${{ env.MIN_MONGODB }} mongodb-replica-set: test-rs diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 0fbdbd6..5b55068 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -18,7 +18,7 @@ jobs: with: persist-credentials: false - name: Setup Rust - uses: actions-rust-lang/setup-rust-toolchain@v1 + uses: actions-rust-lang/setup-rust-toolchain@9d7e65c320fdb52dcd45ffaa68deb6c02c8754d9 # v1 - name: Get zizmor run: cargo install zizmor - name: Run zizmor @@ -26,7 +26,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3 with: sarif_file: results.sarif category: zizmor