diff --git a/.github/workflows/_build_container.yml b/.github/workflows/_build_container.yml index f19770a..6551af2 100644 --- a/.github/workflows/_build_container.yml +++ b/.github/workflows/_build_container.yml @@ -48,12 +48,12 @@ jobs: image_tag: ${{ steps.build.outputs.image_tag }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v3 - name: Log in to GitHub Container Registry if: ${{ inputs.push }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v3 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/_build_package.yml b/.github/workflows/_build_package.yml index 95c0944..d1177b1 100644 --- a/.github/workflows/_build_package.yml +++ b/.github/workflows/_build_package.yml @@ -41,7 +41,7 @@ jobs: metadata: ${{ steps.build.outputs.metadata }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: "Set up build toolchain" @@ -58,7 +58,7 @@ jobs: SHA=$(find dist/ -type f | sort | xargs sha256sum | sha256sum | awk '{print $1}') echo "metadata=${SHA}" >> "$GITHUB_OUTPUT" - name: Upload build artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: build-artifact-${{ inputs.build_type }}-${{ github.run_id }} path: dist/ diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index 7fa1cfa..82d0ff1 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -45,11 +45,11 @@ jobs: deployed_url: ${{ steps.dest.outputs.path }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: "3.x" - name: Configure Git Credentials @@ -62,21 +62,21 @@ jobs: hatch run docs:mkdocs --version - name: Download unit test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-unit-* path: docs/coverage/unit merge-multiple: true - name: Download integration test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-integration-* path: docs/coverage/integration merge-multiple: true - name: Download e2e test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-e2e-* path: docs/coverage/e2e diff --git a/.github/workflows/_link-check.yml b/.github/workflows/_link-check.yml index 2ea4ea3..ce1db07 100644 --- a/.github/workflows/_link-check.yml +++ b/.github/workflows/_link-check.yml @@ -36,9 +36,9 @@ jobs: report_content: ${{ steps.read-report.outputs.content }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Run lychee link checker - uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2 + uses: lycheeverse/lychee-action@e7477775783ea5526144ba13e8db5eec57747ce8 # v2 id: lychee with: args: --verbose --no-progress --accept 200,206,301,302,429 --exclude-loopback --exclude diff --git a/.github/workflows/_pr_comment.yml b/.github/workflows/_pr_comment.yml index aa813ba..1d10476 100644 --- a/.github/workflows/_pr_comment.yml +++ b/.github/workflows/_pr_comment.yml @@ -29,7 +29,7 @@ jobs: - name: "Download PR Number Artifact" # Wait, how does it know the PR number? The `development.yml` needs to upload the PR number as an artifact # so this workflow can read it. Let's write the script to find the PR associated with the commit. - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: |- const workflowRun = context.payload.workflow_run; diff --git a/.github/workflows/_quality.yml b/.github/workflows/_quality.yml index 4fa5411..cd2454a 100644 --- a/.github/workflows/_quality.yml +++ b/.github/workflows/_quality.yml @@ -28,9 +28,9 @@ jobs: python-version: ${{ fromJson(inputs.python_versions) }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" @@ -49,9 +49,9 @@ jobs: python-version: ${{ fromJson(inputs.python_versions) }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" diff --git a/.github/workflows/_security.yml b/.github/workflows/_security.yml index e4c5404..f464f1a 100644 --- a/.github/workflows/_security.yml +++ b/.github/workflows/_security.yml @@ -18,11 +18,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Run TruffleHog - uses: trufflesecurity/trufflehog@8a12e8e2fb6f3c4a4294a8e63b3659af6c08cfe3 # main + uses: trufflesecurity/trufflehog@8feb77b20aeb64366d106b08f2941287755c173b # main with: path: ./ dependency-audit: @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up toolchain run: pip install pip-audit hatch - name: Run dependency vulnerability scan @@ -40,7 +40,7 @@ jobs: pip-audit -r requirements.txt --output json -o audit.json - name: Upload SCA results if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: sca-results-${{ github.run_id }} path: audit.json diff --git a/.github/workflows/_tests.yml b/.github/workflows/_tests.yml index 7e1592f..bdb204f 100644 --- a/.github/workflows/_tests.yml +++ b/.github/workflows/_tests.yml @@ -68,9 +68,9 @@ jobs: coverage_location: "coverage/" steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" @@ -105,7 +105,7 @@ jobs: fi - name: Upload test results if: ${{ inputs.publish_results }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-${{ matrix.test-config.level }}-py${{ matrix.python-version }}-${{ github.run_id }} @@ -114,7 +114,7 @@ jobs: if-no-files-found: warn - name: Upload coverage report if: ${{ inputs.publish_results && (inputs.generate_coverage == true || matrix.test-config.coverage == true) }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage-report-${{ matrix.test-config.level }}-py${{ matrix.python-version }}-${{ github.run_id }} diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml index f2c0680..dae5096 100644 --- a/.github/workflows/development.yml +++ b/.github/workflows/development.yml @@ -31,9 +31,9 @@ jobs: docs: ${{ steps.filter.outputs.docs }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Check for docs changes - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3 + uses: dorny/paths-filter@7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2 id: filter with: filters: | diff --git a/.github/workflows/development_cleanup.yml b/.github/workflows/development_cleanup.yml index f28a465..069570c 100644 --- a/.github/workflows/development_cleanup.yml +++ b/.github/workflows/development_cleanup.yml @@ -22,11 +22,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: "3.x" - name: Configure Git Credentials diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 5ae3f85..687d5d7 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -27,7 +27,7 @@ jobs: has_changes: ${{ steps.check.outputs.has_changes }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Check for recent commits @@ -113,14 +113,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Download build artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4 with: name: build-artifact-nightly-${{ github.run_id }} path: dist/ - name: Generate artifact attestations - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v1.5.1 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v1.5.1 with: subject-path: dist/* # - name: Publish to PyPI diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9fbb0e5..30f7405 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,14 +73,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Download build artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4 with: name: build-artifact-release-${{ github.run_id }} path: dist/ - name: Generate artifact attestations - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v1.5.1 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v1.5.1 with: subject-path: dist/* # - name: Publish to PyPI @@ -89,7 +89,7 @@ jobs: # packages-dir: dist/ - name: Create GitHub Release if: ${{ github.ref_type == 'tag' }} - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: files: dist/* generate_release_notes: true