@@ -14,22 +14,22 @@ jobs:
1414 lint :
1515 runs-on : ubuntu-latest
1616 steps :
17- - uses : actions/checkout@v4
18- - uses : actions/setup-python@v5
17+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
18+ - uses : actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
1919 with :
2020 python-version : 3.x
21- -
uses :
pre-commit/[email protected] 21+ - uses : pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
2222
2323 # Make sure commit messages follow the conventional commits convention:
2424 # https://www.conventionalcommits.org
2525 commitlint :
2626 name : Lint Commit Messages
2727 runs-on : ubuntu-latest
2828 steps :
29- - uses : actions/checkout@v4
29+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
3030 with :
3131 fetch-depth : 0
32- 32+ - uses : wagoid/commitlint-github-action@7f0a61df502599e1f1f50880aaa7ec1e2c0592f2 # v6.0.1
3333
3434 test :
3535 strategy :
@@ -47,17 +47,17 @@ jobs:
4747 - macOS-latest
4848 runs-on : ${{ matrix.os }}
4949 steps :
50- - uses : actions/checkout@v4
51- - uses : actions/setup-python@v5
50+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
51+ - uses : actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
5252 id : setup-python
5353 with :
5454 python-version : ${{ matrix.python-version }}
55- - uses : astral-sh/setup-uv@v5
55+ - uses : astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
5656 - run : uv sync --no-python-downloads
5757 shell : bash
5858 - run : uv run pytest
5959 shell : bash
60- - uses : codecov/codecov-action@v5
60+ - uses : codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5
6161 with :
6262 token : ${{ secrets.CODECOV_TOKEN }}
6363
7676 contents : write
7777
7878 steps :
79- - uses : actions/checkout@v4
79+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
8080 with :
8181 fetch-depth : 0
8282 ref : ${{ github.sha }}
@@ -87,22 +87,22 @@ jobs:
8787
8888# Do a dry run of PSR
8989 - name : Test release
90- uses : python-semantic-release/python-semantic-release@v9
90+ uses : python-semantic-release/python-semantic-release@0dc72ac9058a62054a45f6344c83a423d7f906a8 # v9
9191 if : github.ref_name != 'main'
9292 with :
9393 root_options : --noop
9494 github_token : noop
9595
9696 # On main branch: actual PSR + upload to PyPI & GitHub
9797 - name : Release
98- uses : python-semantic-release/python-semantic-release@v9
98+ uses : python-semantic-release/python-semantic-release@0dc72ac9058a62054a45f6344c83a423d7f906a8 # v9
9999 id : release
100100 if : github.ref_name == 'main'
101101 with :
102102 github_token : ${{ secrets.GITHUB_TOKEN }}
103103
104104 - name : Attest build provenance
105- uses : actions/attest-build-provenance@v1
105+ uses : actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1
106106 if : steps.release.outputs.released == 'true'
107107 with :
108108 subject-path : " dist/*"
@@ -112,7 +112,7 @@ jobs:
112112 if : steps.release.outputs.released == 'true'
113113
114114 - name : Publish package distributions to GitHub Releases
115- uses : python-semantic-release/publish-action@v9
115+ uses : python-semantic-release/publish-action@1aa9f41fac5d531e6764e1991b536783337f3a56 # v9
116116 if : steps.release.outputs.released == 'true'
117117 with :
118118 github_token : ${{ secrets.GITHUB_TOKEN }}
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
0 commit comments