Skip to content

Commit

Permalink
ci: pin actions by sha
Browse files Browse the repository at this point in the history
  • Loading branch information
neersighted committed Mar 26, 2024
1 parent 703b794 commit e5a1e69
Show file tree
Hide file tree
Showing 8 changed files with 27 additions and 27 deletions.
2 changes: 1 addition & 1 deletion .github/actions/bootstrap-poetry/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ outputs:
runs:
using: composite
steps:
- uses: actions/setup-python@v5
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
id: setup-python
if: inputs.python-version != 'default'
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/poetry-install/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ runs:
if: inputs.cache == 'true'
shell: bash

- uses: actions/cache@v4
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache
if: inputs.cache == 'true'
with:
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/.tests-matrix.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
runs-on: ${{ inputs.runner }}
if: inputs.run-mypy
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- uses: ./.github/actions/bootstrap-poetry
id: bootstrap-poetry
Expand All @@ -37,7 +37,7 @@ jobs:

- uses: ./.github/actions/poetry-install

- uses: actions/cache@v4
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: .mypy_cache
key: mypy-${{ runner.os }}-py${{ steps.bootstrap-poetry.outputs.python-version }}-${{ hashFiles('pyproject.toml', 'poetry.lock') }}
Expand All @@ -52,7 +52,7 @@ jobs:
runs-on: ${{ inputs.runner }}
if: inputs.run-pytest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- uses: ./.github/actions/bootstrap-poetry
with:
Expand All @@ -74,7 +74,7 @@ jobs:
runs-on: ${{ inputs.runner }}
if: inputs.run-pytest-export
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- uses: ./.github/actions/bootstrap-poetry
with:
Expand All @@ -87,7 +87,7 @@ jobs:
- run: poetry run pip list --format json | jq -r '.[] | "\(.name)=\(.version)"' >> $GITHUB_OUTPUT
id: package-versions

- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
path: poetry-plugin-export
repository: python-poetry/poetry-plugin-export
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/backport.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ jobs:
)
)
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
# This workflow requires a non-GHA token in order to trigger downstream CI, and to access the 'fork' repository.
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@78e5f2ddc08efcb88fbbee6cfa3fed770ba550c3 # v1
id: app-token
with:
app-id: ${{ secrets.POETRY_TOKEN_APP_ID }}
Expand All @@ -37,4 +37,4 @@ jobs:
./.github/scripts/backport.sh --pr ${{ github.event.pull_request.number }} --comment --remote fork
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
10 changes: 5 additions & 5 deletions .github/workflows/docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,20 +27,20 @@ jobs:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
repository: python-poetry/website

- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
path: poetry
ref: ${{ github.event.pull_request.head.sha }}

- uses: actions/setup-node@v4
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
with:
node-version: "18"

- uses: peaceiris/actions-hugo@v2
- uses: peaceiris/actions-hugo@16361eb4acea8698b220b76c0d4e84e1fd22c61d # v2
with:
hugo-version: '0.83.1'

Expand All @@ -59,7 +59,7 @@ jobs:
# Build the static website.
hugo -v --minify
- uses: amondnet/vercel-action@v25
- uses: amondnet/vercel-action@16e87c0a08142b0d0d33b76aeaf20823c381b9b9 # v25
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/lock-threads.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
permissions:
issues: write
steps:
- uses: dessant/lock-threads@v5
- uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5
with:
process-only: issues
issue-inactive-days: 30
Expand All @@ -29,7 +29,7 @@ jobs:
issues: write
pull-requests: write
steps:
- uses: dessant/lock-threads@v5
- uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5
with:
process-only: prs
pr-inactive-days: 30
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ jobs:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- run: pipx run build

- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4
with:
name: distfiles
path: dist/
Expand All @@ -26,7 +26,7 @@ jobs:
contents: write
needs: build
steps:
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4
with:
name: distfiles

Expand All @@ -42,10 +42,10 @@ jobs:
id-token: write
needs: build
steps:
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4
with:
name: distfiles

- uses: pypa/gh-action-pypi-publish@release/v1
- uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # release/v1
with:
print-hash: true
10 changes: 5 additions & 5 deletions .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ jobs:
src: ${{ steps.changes.outputs.src }}
tests: ${{ steps.changes.outputs.tests }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- uses: dorny/paths-filter@v3
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: changes
with:
filters: |
Expand Down Expand Up @@ -54,7 +54,7 @@ jobs:
if: needs.changes.outputs.project == 'true'
needs: changes
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- uses: ./.github/actions/bootstrap-poetry

Expand All @@ -66,7 +66,7 @@ jobs:
if: needs.changes.outputs.project == 'true'
needs: lockfile
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- run: pipx run build

Expand All @@ -85,7 +85,7 @@ jobs:
if: needs.changes.outputs.fixtures-pypi == 'true'
needs: changes
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- uses: ./.github/actions/bootstrap-poetry

Expand Down

0 comments on commit e5a1e69

Please sign in to comment.