From d13b0bd7cb15bbfd3191d4240b0ad9aca84d76c5 Mon Sep 17 00:00:00 2001 From: Bartosz Sokorski Date: Sun, 11 Jan 2026 16:02:52 +0100 Subject: [PATCH] Update GH Action pins --- .github/workflows/codspeed.yml | 6 +++--- .github/workflows/release.yml | 26 +++++++++++++------------- .github/workflows/tests.yml | 10 +++++----- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/codspeed.yml b/.github/workflows/codspeed.yml index 73b5db6c..a3f87268 100644 --- a/.github/workflows/codspeed.yml +++ b/.github/workflows/codspeed.yml @@ -13,8 +13,8 @@ jobs: benchmarks: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "3.9" @@ -39,7 +39,7 @@ jobs: poetry run python -c 'import pendulum._pendulum' - name: Run benchmarks - uses: CodSpeedHQ/action@v3 + uses: CodSpeedHQ/action@dbda7111f8ac363564b0c51b992d4ce76bb89f2f # v4.5.2 with: token: ${{ secrets.CODSPEED_TOKEN }} run: poetry run pytest tests/ --codspeed diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a18a8140..857a06e0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,16 +52,16 @@ jobs: runs-on: ${{ matrix.os }}-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: set up python - uses: actions/setup-python@v4 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: '3.11' architecture: ${{ matrix.python-architecture || 'x64' }} - name: build wheels - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.target }} manylinux: ${{ matrix.manylinux || 'auto' }} @@ -72,7 +72,7 @@ jobs: - run: ${{ matrix.ls || 'ls -lh' }} dist/ - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: dist-${{ matrix.os }}-${{ matrix.target }}-${{ matrix.manylinux }} path: dist @@ -81,14 +81,14 @@ jobs: runs-on: ubuntu-latest environment: release steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Build sdist - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: command: sdist args: --out dist - name: Upload sdist - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: dist-sdist path: dist @@ -97,7 +97,7 @@ jobs: runs-on: ubuntu-latest environment: release steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install and configure Poetry run: pipx install poetry - name: Hotswap build backend for Poetry @@ -109,7 +109,7 @@ jobs: - name: Run poetry build run: poetry build -f wheel - name: Upload no-ext wheel - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: dist-any path: dist @@ -127,10 +127,10 @@ jobs: url: https://pypi.org/project/pendulum/ steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: dist* path: dist @@ -147,7 +147,7 @@ jobs: || echo prerelease=true >> $GITHUB_OUTPUT - name: Create Release - uses: ncipollo/release-action@v1 + uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: artifacts: "dist/*" draft: false @@ -155,4 +155,4 @@ jobs: body: "See CHANGELOG.md for details" - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1fbce01f..67c408bf 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -17,8 +17,8 @@ jobs: name: Linting runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "3.11" - name: "Install pre-commit" @@ -39,10 +39,10 @@ jobs: shell: bash steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: ${{ matrix.python-version }} allow-prereleases: true @@ -60,7 +60,7 @@ jobs: run: poetry config virtualenvs.in-project true - name: Set up cache - uses: actions/cache@v3 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 id: cache with: path: .venv