From 237256ca6806f537547fd8b855d13a5ada5849c1 Mon Sep 17 00:00:00 2001 From: "P. L. Lim" <2090236+pllim@users.noreply.github.com> Date: Fri, 27 Sep 2024 12:00:52 -0400 Subject: [PATCH] MNT: Use hash for Action workflow versions and update if needed --- .github/workflows/ci_workflows.yml | 4 ++-- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/open_actions.yml | 6 +++--- .github/workflows/predeps_workflows.yml | 2 +- .github/workflows/publish-to-pypi.yml | 6 +++--- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci_workflows.yml b/.github/workflows/ci_workflows.yml index fe8202e..a2fc583 100644 --- a/.github/workflows/ci_workflows.yml +++ b/.github/workflows/ci_workflows.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check base branch - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 if: github.event_name == 'pull_request' with: script: | @@ -35,7 +35,7 @@ jobs: tests: needs: initial_checks - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 with: setenv: | jref: "https://ssb.stsci.edu/trds_open/jref" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fae9e15..78ed24c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,11 +37,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0 diff --git a/.github/workflows/open_actions.yml b/.github/workflows/open_actions.yml index 6dc0f0e..b064efa 100644 --- a/.github/workflows/open_actions.yml +++ b/.github/workflows/open_actions.yml @@ -17,12 +17,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Label PR - uses: actions/labeler@v5 + uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' with: repo-token: "${{ secrets.GITHUB_TOKEN }}" - name: 'Comment Draft PR' - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 if: github.event.pull_request.draft == true with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -34,6 +34,6 @@ jobs: body: '👋 Thank you for your draft pull request! Do you know that you can use `[ci skip]` or `[skip ci]` in your commit messages to skip running continuous integration tests until you are ready?' }) #- name: Special comment - # uses: pllim/action-special_pr_comment@main + # uses: pllim/action-special_pr_comment@5126c189c02418a55448480b28efd1a00af48d7b # 0.2 # with: # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/predeps_workflows.yml b/.github/workflows/predeps_workflows.yml index 9bf5bea..938055a 100644 --- a/.github/workflows/predeps_workflows.yml +++ b/.github/workflows/predeps_workflows.yml @@ -12,7 +12,7 @@ permissions: jobs: rc_tests: - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 with: setenv: | jref: "https://ssb.stsci.edu/trds_open/jref" diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index e496189..13a90f9 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -32,11 +32,11 @@ jobs: if: (github.repository == 'spacetelescope/acstools' && (github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'Build wheels'))) steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.11' @@ -56,7 +56,7 @@ jobs: # Use appropriate token if debugging with TestPyPI - name: Publish distribution đŸ“Ļ to PyPI if: (startsWith(github.ref, 'refs/tags/') && github.event_name == 'push') - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2 with: user: __token__ password: ${{ secrets.PYPI_TOKEN }}