Skip to content

Commit

Permalink
build: hash-pin all actions
Browse files Browse the repository at this point in the history
  • Loading branch information
nedbat committed Jun 22, 2024
1 parent c6e0985 commit 9516cf6
Show file tree
Hide file tree
Showing 8 changed files with 42 additions and 41 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,11 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@412ab5c4176178930892df540237c587c71786c9 # v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -60,7 +60,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@412ab5c4176178930892df540237c587c71786c9 # v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -74,4 +74,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@412ab5c4176178930892df540237c587c71786c9 # v3
18 changes: 9 additions & 9 deletions .github/workflows/coverage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,10 @@ jobs:

steps:
- name: "Check out the repo"
uses: "actions/checkout@v4"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Set up Python"
uses: "actions/setup-python@v5"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "${{ matrix.python-version }}"
allow-prereleases: true
Expand Down Expand Up @@ -125,7 +125,7 @@ jobs:
mv .metacov .metacov.$MATRIX_ID
- name: "Upload coverage data"
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: metacov-${{ env.MATRIX_ID }}
path: .metacov.*
Expand All @@ -141,10 +141,10 @@ jobs:

steps:
- name: "Check out the repo"
uses: "actions/checkout@v4"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Set up Python"
uses: "actions/setup-python@v5"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.8" # Minimum of PYVERSIONS
# At a certain point, installing dependencies failed on pypy 3.9 and
Expand All @@ -167,7 +167,7 @@ jobs:
python igor.py zip_mods
- name: "Download coverage data"
uses: actions/download-artifact@v4
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
pattern: metacov-*
merge-multiple: true
Expand All @@ -181,7 +181,7 @@ jobs:
python igor.py combine_html
- name: "Upload HTML report"
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: html_report
path: htmlcov
Expand Down Expand Up @@ -234,7 +234,7 @@ jobs:
- name: "Download coverage HTML report"
if: ${{ github.ref == 'refs/heads/master' }}
uses: actions/download-artifact@v4
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: html_report
path: reports_repo/${{ env.report_dir }}
Expand Down Expand Up @@ -270,7 +270,7 @@ jobs:
github.repository_owner == 'nedbat'
&& github.ref == 'refs/heads/master'
# https://gist.githubusercontent.com/nedbat/8c6980f77988a327348f9b02bbaf67f5
uses: schneegans/dynamic-badges-action@e9a478b16159b4d31420099ba146cdc50f134483
uses: schneegans/dynamic-badges-action@e9a478b16159b4d31420099ba146cdc50f134483 # v1.7.0
with:
auth: ${{ secrets.METACOV_GIST_SECRET }}
gistID: 8c6980f77988a327348f9b02bbaf67f5
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: 'Dependency Review'
uses: actions/dependency-review-action@v4
uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
with:
base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
26 changes: 13 additions & 13 deletions .github/workflows/kit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -143,15 +143,15 @@ jobs:
steps:
- name: "Setup QEMU"
if: matrix.os == 'ubuntu'
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
platforms: arm64

- name: "Check out the repo"
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Install Python 3.8"
uses: actions/setup-python@v5
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
# PYVERSIONS
python-version: "3.8"
Expand Down Expand Up @@ -181,7 +181,7 @@ jobs:
python -m twine check wheelhouse/*
- name: "Upload wheels"
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: dist-${{ env.MATRIX_ID }}
path: wheelhouse/*.whl
Expand All @@ -192,10 +192,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Check out the repo"
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Install Python 3.8"
uses: actions/setup-python@v5
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
# PYVERSIONS
python-version: "3.8"
Expand All @@ -219,7 +219,7 @@ jobs:
python -m twine check dist/*
- name: "Upload sdist"
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: dist-sdist
path: dist/*.tar.gz
Expand All @@ -230,10 +230,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Check out the repo"
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Install PyPy"
uses: actions/setup-python@v5
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "pypy-3.8" # Minimum of PyPy PYVERSIONS
cache: pip
Expand Down Expand Up @@ -261,7 +261,7 @@ jobs:
python -m twine check dist/*
- name: "Upload wheels"
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: dist-pypy
path: dist/*.whl
Expand All @@ -280,13 +280,13 @@ jobs:
id-token: write
steps:
- name: "Download artifacts"
uses: actions/download-artifact@v4
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
pattern: dist-*
merge-multiple: true

- name: "Sign artifacts"
uses: sigstore/gh-action-sigstore-python@v2.1.1
uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1
with:
inputs: coverage-*.*

Expand All @@ -295,7 +295,7 @@ jobs:
ls -alR
- name: "Upload signatures"
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: signatures
path: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
steps:
- name: "Find latest kit.yml run"
id: runs
uses: octokit/request-action@v2.3.1
uses: octokit/request-action@872c5c97b3c85c23516a572f02b31401ef82415d # v2.3.1
with:
route: GET /repos/nedbat/coveragepy/actions/workflows/kit.yml/runs
env:
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/python-nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,17 +84,17 @@ jobs:

steps:
- name: "Check out the repo"
uses: "actions/checkout@v4"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Install ${{ matrix.python-version }} with deadsnakes"
uses: deadsnakes/action@6c8b9b82fe0b4344f4b98f2775fcc395df45e494
uses: deadsnakes/action@6c8b9b82fe0b4344f4b98f2775fcc395df45e494 # v3.1.0
if: "!startsWith(matrix.python-version, 'pypy-')"
with:
python-version: "${{ matrix.python-version }}"
nogil: "${{ matrix.nogil || false }}"

- name: "Install ${{ matrix.python-version }} with setup-python"
uses: "actions/setup-python@v5"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
if: "startsWith(matrix.python-version, 'pypy-')"
with:
python-version: "${{ matrix.python-version }}"
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/quality.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@ jobs:

steps:
- name: "Check out the repo"
uses: "actions/checkout@v4"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Install Python"
uses: "actions/setup-python@v5"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.8" # Minimum of PYVERSIONS
cache: pip
Expand All @@ -60,10 +60,10 @@ jobs:

steps:
- name: "Check out the repo"
uses: "actions/checkout@v4"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Install Python"
uses: "actions/setup-python@v5"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.8" # Minimum of PYVERSIONS, but at least 3.8
cache: pip
Expand All @@ -83,10 +83,10 @@ jobs:

steps:
- name: "Check out the repo"
uses: "actions/checkout@v4"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Install Python"
uses: "actions/setup-python@v5"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.11" # Doc version from PYVERSIONS
cache: pip
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/testsuite.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,10 +74,10 @@ jobs:

steps:
- name: "Check out the repo"
uses: "actions/checkout@v4"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: "Set up Python"
uses: "actions/setup-python@v5"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "${{ matrix.python-version }}"
allow-prereleases: true
Expand Down Expand Up @@ -123,6 +123,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
uses: re-actors/alls-green@afee1c1eac2a506084c274e9c02c8e0687b48d9e # v1.2.2
with:
jobs: ${{ toJSON(needs) }}

0 comments on commit 9516cf6

Please sign in to comment.