From 346a018b64b3269d919d1ad0b0cc04d1b8baa721 Mon Sep 17 00:00:00 2001 From: Marius Merschformann Date: Fri, 1 May 2026 00:09:11 +0200 Subject: [PATCH 1/2] Pinning github actions --- .github/workflows/build.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/static.yml | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e9b4823..509c649 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 47712ea..673040a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,12 +30,12 @@ jobs: id-token: write # This is required for trusted publishing to PyPI steps: - name: git clone ${{ github.ref_name }} - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.ref_name }} - name: set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - name: install dependencies run: | @@ -46,7 +46,7 @@ jobs: run: python -m build - name: python - publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: packages-dir: ./dist diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 24630a3..d44ad3a 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -30,14 +30,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Pages - uses: actions/configure-pages@v4 + uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: # Upload content directory path: "content/" - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 From a3e6b05d8221dcb91bde1f620beb0b7ba5cfe9fd Mon Sep 17 00:00:00 2001 From: Marius Merschformann Date: Fri, 1 May 2026 15:31:42 +0200 Subject: [PATCH 2/2] Pinning more actions --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 509c649..4abaa38 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: # due to the way we are testing python-version: ["3.11"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0