diff --git a/.github/workflows/auto-add-to-project.yml b/.github/workflows/auto-add-to-project.yml index 12a37042..5a05b24f 100644 --- a/.github/workflows/auto-add-to-project.yml +++ b/.github/workflows/auto-add-to-project.yml @@ -18,7 +18,7 @@ jobs: fi - name: Add issue or PR to project - uses: actions/add-to-project@v0.5.0 + uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0 with: project-url: ${{ secrets.PROJECT_URL }} github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/auto-label-issues.yml b/.github/workflows/auto-label-issues.yml index 92c8974e..77bdc9a9 100644 --- a/.github/workflows/auto-label-issues.yml +++ b/.github/workflows/auto-label-issues.yml @@ -11,7 +11,7 @@ jobs: issues: write steps: - name: Auto-label based on title and body - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | const issue = context.payload.issue; diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 866cf3ab..21724bcb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,13 +11,13 @@ jobs: name: Lint (ruff & flake8) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: '3.12' - name: Cache pip - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }} @@ -42,13 +42,13 @@ jobs: runs-on: ubuntu-latest needs: [lint] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: '3.12' - name: Cache pip - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }} @@ -65,7 +65,7 @@ jobs: coverage run -m pytest -q coverage report -m --fail-under=75 - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 with: fail_ci_if_error: true env: diff --git a/.github/workflows/create-labels.yml b/.github/workflows/create-labels.yml index 35523829..bf6b69df 100644 --- a/.github/workflows/create-labels.yml +++ b/.github/workflows/create-labels.yml @@ -11,7 +11,7 @@ jobs: issues: write steps: - name: Create all project labels - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | const labels = [ diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index e5e04445..2e8ea1fe 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -24,19 +24,19 @@ jobs: steps: # Step 1: Download the code - name: 📥 Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 # Step 2: Set up QEMU for multi-platform builds (ARM, AMD64, etc.) - name: 🔧 Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 # Step 3: Set up Docker Buildx (advanced Docker builder) - name: 🔧 Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 # Step 4: Log in to GitHub Container Registry - name: 🔐 Log in to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -45,7 +45,7 @@ jobs: # Step 5: Figure out what tags to use - name: 🏷️ Extract metadata (tags, labels) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -71,7 +71,7 @@ jobs: # Step 7: Build and push Docker image - name: 🐳 Build and push Docker image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 with: context: . file: ./Dockerfile diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 262a8d8a..dc39b65f 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -26,14 +26,14 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Log in to Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -41,7 +41,7 @@ jobs: - name: Extract metadata (tags, labels) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -58,7 +58,7 @@ jobs: - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 with: context: . platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 6db95c81..12958f12 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -29,11 +29,11 @@ jobs: steps: # Step 1: Get the code - name: 📥 Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 # Step 2: Set up Node.js (for building any JS-based doc tools) - name: 🔧 Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: '20' @@ -318,7 +318,7 @@ jobs: # Step 4: Upload the built site - name: 📤 Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 with: path: '_site' @@ -334,7 +334,7 @@ jobs: # Deploy to GitHub Pages - name: 🚀 Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 # Create a summary - name: 📋 Create deployment summary diff --git a/.github/workflows/propagate-changes.yml b/.github/workflows/propagate-changes.yml index ec3d4f3c..c59085a1 100644 --- a/.github/workflows/propagate-changes.yml +++ b/.github/workflows/propagate-changes.yml @@ -18,7 +18,7 @@ jobs: github.event.pusher != null\n " steps: - name: Set up Node (for github-script) - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: '18' @@ -33,7 +33,7 @@ jobs: fi - name: Create or update Pull Request - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | const source = process.env.SOURCE_BRANCH || process.env.GITHUB_REF.replace('refs/heads/',''); diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4628e182..b7c269c0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 @@ -37,7 +37,7 @@ jobs: echo "Generated changelog with $(echo "$CHANGELOG" | wc -l) commits" - name: Create GitHub Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: body_path: CHANGELOG.txt generate_release_notes: true