diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml index 414e0e4d9..3c444eef1 100644 --- a/.github/workflows/clean.yml +++ b/.github/workflows/clean.yml @@ -10,7 +10,7 @@ jobs: permissions: packages: write steps: - - uses: actions/delete-package-versions@v4 + - uses: actions/delete-package-versions@0d39a63126868f5eefaa47169615edd3c0f61e20 # v4 with: package-name: errbot package-type: container diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index fa13a2e3b..1dfc48ed8 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -15,10 +15,10 @@ jobs: steps: - name: checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: build and push image - uses: mr-smithers-excellent/docker-build-push@v6 + uses: mr-smithers-excellent/docker-build-push@f8f78238603ab7953b961d99dc93ef0701295c60 # v6 with: image: errbot-hl registry: ghcr.io diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 721d6feb1..d2a522551 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -10,11 +10,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: "3.11" - name: Install pypa/build @@ -23,7 +23,7 @@ jobs: - name: Build a binary wheel and a source tarball run: python3 -m build - name: Store the distribution packages - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 with: name: python-package-distributions path: dist/ @@ -42,7 +42,7 @@ jobs: id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download all the dists - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: python-package-distributions path: dist/ diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 660a9c908..29c48dec8 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -20,9 +20,9 @@ jobs: python-version: [3.8, 3.9, "3.10", "3.11", "3.12"] steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4.7.1 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 85e533d14..5b7131933 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@e995b4e40ace2eb5bf13137d9abe242c98f3aab6 # v1 id: app-token with: app-id: ${{ vars.GET_TOKEN_APP_ID }} diff --git a/.github/workflows/update_release_branch.yml b/.github/workflows/update_release_branch.yml index ca53636c3..f76dd1dba 100644 --- a/.github/workflows/update_release_branch.yml +++ b/.github/workflows/update_release_branch.yml @@ -22,6 +22,6 @@ jobs: file=$(find . -name "version.py") version_number=${HEAD_COMMIT_TITLE##* } sed -i "s/^VERSION .*$/VERSION = \"$version_number\"/" $file - - uses: stefanzweifel/git-auto-commit-action@v5 + - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5 with: commit_message: set release version