diff --git a/.github/workflows/_build_container.yml b/.github/workflows/_build_container.yml index f19770a..6071033 100644 --- a/.github/workflows/_build_container.yml +++ b/.github/workflows/_build_container.yml @@ -48,12 +48,12 @@ jobs: image_tag: ${{ steps.build.outputs.image_tag }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v3 - name: Log in to GitHub Container Registry if: ${{ inputs.push }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v3 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/_build_package.yml b/.github/workflows/_build_package.yml index 95c0944..1d3cf51 100644 --- a/.github/workflows/_build_package.yml +++ b/.github/workflows/_build_package.yml @@ -41,7 +41,7 @@ jobs: metadata: ${{ steps.build.outputs.metadata }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: "Set up build toolchain" @@ -58,7 +58,7 @@ jobs: SHA=$(find dist/ -type f | sort | xargs sha256sum | sha256sum | awk '{print $1}') echo "metadata=${SHA}" >> "$GITHUB_OUTPUT" - name: Upload build artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: build-artifact-${{ inputs.build_type }}-${{ github.run_id }} path: dist/ diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index 7fa1cfa..a82a902 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -45,11 +45,11 @@ jobs: deployed_url: ${{ steps.dest.outputs.path }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.x" - name: Configure Git Credentials @@ -62,21 +62,21 @@ jobs: hatch run docs:mkdocs --version - name: Download unit test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-unit-* path: docs/coverage/unit merge-multiple: true - name: Download integration test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-integration-* path: docs/coverage/integration merge-multiple: true - name: Download e2e test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-e2e-* path: docs/coverage/e2e diff --git a/.github/workflows/_link-check.yml b/.github/workflows/_link-check.yml index 2ea4ea3..dd22b89 100644 --- a/.github/workflows/_link-check.yml +++ b/.github/workflows/_link-check.yml @@ -36,7 +36,7 @@ jobs: report_content: ${{ steps.read-report.outputs.content }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run lychee link checker uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2 id: lychee diff --git a/.github/workflows/_pr_comment.yml b/.github/workflows/_pr_comment.yml index aa813ba..1d10476 100644 --- a/.github/workflows/_pr_comment.yml +++ b/.github/workflows/_pr_comment.yml @@ -29,7 +29,7 @@ jobs: - name: "Download PR Number Artifact" # Wait, how does it know the PR number? The `development.yml` needs to upload the PR number as an artifact # so this workflow can read it. Let's write the script to find the PR associated with the commit. - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: |- const workflowRun = context.payload.workflow_run; diff --git a/.github/workflows/_quality.yml b/.github/workflows/_quality.yml index 4fa5411..baf80fe 100644 --- a/.github/workflows/_quality.yml +++ b/.github/workflows/_quality.yml @@ -28,9 +28,9 @@ jobs: python-version: ${{ fromJson(inputs.python_versions) }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" @@ -49,9 +49,9 @@ jobs: python-version: ${{ fromJson(inputs.python_versions) }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" diff --git a/.github/workflows/_security.yml b/.github/workflows/_security.yml index e4c5404..5101c59 100644 --- a/.github/workflows/_security.yml +++ b/.github/workflows/_security.yml @@ -18,11 +18,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Run TruffleHog - uses: trufflesecurity/trufflehog@8a12e8e2fb6f3c4a4294a8e63b3659af6c08cfe3 # main + uses: trufflesecurity/trufflehog@6c542a5ae69ddd1214cb9dcb57ec2efbaf9ee42d # main with: path: ./ dependency-audit: @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up toolchain run: pip install pip-audit hatch - name: Run dependency vulnerability scan @@ -40,7 +40,7 @@ jobs: pip-audit -r requirements.txt --output json -o audit.json - name: Upload SCA results if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: sca-results-${{ github.run_id }} path: audit.json diff --git a/.github/workflows/_tests.yml b/.github/workflows/_tests.yml index 7e1592f..0ffedc0 100644 --- a/.github/workflows/_tests.yml +++ b/.github/workflows/_tests.yml @@ -68,9 +68,9 @@ jobs: coverage_location: "coverage/" steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" @@ -105,7 +105,7 @@ jobs: fi - name: Upload test results if: ${{ inputs.publish_results }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-${{ matrix.test-config.level }}-py${{ matrix.python-version }}-${{ github.run_id }} @@ -114,7 +114,7 @@ jobs: if-no-files-found: warn - name: Upload coverage report if: ${{ inputs.publish_results && (inputs.generate_coverage == true || matrix.test-config.coverage == true) }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage-report-${{ matrix.test-config.level }}-py${{ matrix.python-version }}-${{ github.run_id }} diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml index f2c0680..4460c39 100644 --- a/.github/workflows/development.yml +++ b/.github/workflows/development.yml @@ -31,9 +31,9 @@ jobs: docs: ${{ steps.filter.outputs.docs }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check for docs changes - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: filters: | diff --git a/.github/workflows/development_cleanup.yml b/.github/workflows/development_cleanup.yml index f28a465..b20e7a5 100644 --- a/.github/workflows/development_cleanup.yml +++ b/.github/workflows/development_cleanup.yml @@ -22,11 +22,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.x" - name: Configure Git Credentials diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 5ae3f85..994d7c9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -27,7 +27,7 @@ jobs: has_changes: ${{ steps.check.outputs.has_changes }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Check for recent commits @@ -113,14 +113,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download build artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4 with: name: build-artifact-nightly-${{ github.run_id }} path: dist/ - name: Generate artifact attestations - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v1.5.1 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v1.5.1 with: subject-path: dist/* # - name: Publish to PyPI diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9fbb0e5..18f19cc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,14 +73,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download build artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4 with: name: build-artifact-release-${{ github.run_id }} path: dist/ - name: Generate artifact attestations - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v1.5.1 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v1.5.1 with: subject-path: dist/* # - name: Publish to PyPI @@ -89,7 +89,7 @@ jobs: # packages-dir: dist/ - name: Create GitHub Release if: ${{ github.ref_type == 'tag' }} - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: files: dist/* generate_release_notes: true