Pin GH actions to commit hash as recommended by scorecard (#1781)

Signed-off-by: Jean-Christophe Morin <jean_christophe_morin@hotmail.com>
AcademySoftwareFoundation · Jun 29, 2024 · 980dd0b · 980dd0b
1 parent 57136a3
commit 980dd0b
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 19 deletions.
diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml
@@ -22,10 +22,10 @@ jobs:
 
  steps:
  - name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Setup python ${{ matrix.python-version }}
- uses: actions/setup-python@v5
+ uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
  with:
  python-version: ${{ matrix.python-version }}
 
@@ -46,7 +46,7 @@ jobs:
  run: |
  python ./.github/scripts/validate_benchmark.py
 
- - uses: actions/upload-artifact@v4
+ - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
  with:
  name: "benchmark-result-${{ matrix.python-version }}"
  path: ./out
@@ -65,13 +65,13 @@ jobs:
  max-parallel: 1
 
  steps:
- - uses: actions/download-artifact@v4
+ - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
  with:
  name: "benchmark-result-${{ matrix.python-version }}"
  path: .
 
  - name: Checkout (release)
- uses: actions/checkout@v4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  if: ${{ github.event_name =='release' }}
  with:
  ref: main
@@ -85,13 +85,13 @@ jobs:
  # token: "${{ secrets.GH_ACTION_TOKEN }}"
 
  - name: Checkout (pr)
- uses: actions/checkout@v4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  if: ${{ github.event_name !='release' }}
  with:
  path: src
 
  - name: Setup python ${{ matrix.python-version }}
- uses: actions/setup-python@v5
+ uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
  with:
  python-version: ${{ matrix.python-version }}
 

diff --git a/.github/workflows/copyright.yaml b/.github/workflows/copyright.yaml
@@ -17,10 +17,10 @@ jobs:
 
  steps:
  - name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Set up Python
- uses: actions/setup-python@v5
+ uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
  with:
  python-version: 3
 

diff --git a/.github/workflows/flake8.yaml b/.github/workflows/flake8.yaml
@@ -26,10 +26,10 @@ jobs:
 
  steps:
  - name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Set up Python
- uses: actions/setup-python@v5
+ uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
  with:
  python-version: 3.7
 

diff --git a/.github/workflows/installation.yaml b/.github/workflows/installation.yaml
@@ -76,10 +76,10 @@ jobs:
  REZ_INSTALL_COMMAND: pip install --target C:\ProgramData\rez .
 
  steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Setup python ${{ matrix.python-version }}
- uses: actions/setup-python@v5
+ uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
  with:
  python-version: ${{ matrix.python-version }}
 

diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml
@@ -14,10 +14,10 @@ jobs:
 
  steps:
  - name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Set up Python
- uses: actions/setup-python@v5
+ uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
  with:
  python-version: 3.11
 
@@ -32,6 +32,6 @@ jobs:
  # Note that we don't need credentials.
  # We rely on https://docs.pypi.org/trusted-publishers/.
  - name: Upload to PyPI
- uses: pypa/gh-action-pypi-publish@release/v1
+ uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0
  with:
  packages-dir: dist
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -57,10 +57,10 @@ jobs:
 
  steps:
  - name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Setup python ${{ matrix.python-version }}
- uses: actions/setup-python@v5
+ uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
  with:
  python-version: ${{ matrix.python-version }}
 
@@ -95,7 +95,7 @@ jobs:
  _REZ_ENSURE_TEST_SHELLS: ${{ matrix.shells }}
 
  - name: Upload coverage reports to Codecov
- uses: codecov/codecov-action@v4
+ uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
  # Run on both success and failure, but only if coverage.xml exists.
  if: ${{ hashFiles('coverage.xml') != '' && (steps.tests.outcome == 'success' || steps.tests.outcome == 'failure') }}
  with: