From 2e9e81aab58ec8365e679274126527f57b465aa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Houpert?= <10154151+lhoupert@users.noreply.github.com> Date: Fri, 3 Apr 2026 14:38:41 +0100 Subject: [PATCH] ci: pin GitHub Actions to SHA digests --- .github/workflows/benchmarks.yaml | 6 +++--- .github/workflows/preview_catalogue.yaml | 2 +- .github/workflows/publish_docs.yaml | 12 ++++++------ .github/workflows/unittests.yaml | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/benchmarks.yaml b/.github/workflows/benchmarks.yaml index d41aa97f..ebc36915 100644 --- a/.github/workflows/benchmarks.yaml +++ b/.github/workflows/benchmarks.yaml @@ -12,9 +12,9 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: "3.12" - name: Install benchmark dependencies @@ -65,7 +65,7 @@ jobs: if: ${{ !cancelled() }} run: ls -alR qa/benchmarks/tmp_path_root - name: upload report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: ${{ !cancelled() }} with: name: report diff --git a/.github/workflows/preview_catalogue.yaml b/.github/workflows/preview_catalogue.yaml index a39b00d3..292dbdc8 100644 --- a/.github/workflows/preview_catalogue.yaml +++ b/.github/workflows/preview_catalogue.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Generate a token for gh cli id: generate-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 with: app-id: ${{ vars.GH_CATALOGUE_APP_ID }} private-key: ${{ secrets.GH_CATALOGUE_APP_PRIVATE_KEY }} diff --git a/.github/workflows/publish_docs.yaml b/.github/workflows/publish_docs.yaml index 73488584..68ec56b1 100644 --- a/.github/workflows/publish_docs.yaml +++ b/.github/workflows/publish_docs.yaml @@ -17,24 +17,24 @@ jobs: contents: write steps: - name: Check out repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: submodules: true - name: Set up Quarto - uses: quarto-dev/quarto-actions/setup@v2 + uses: quarto-dev/quarto-actions/setup@8a96df13519ee81fd526f2dfca5962811136661b # v2 with: tinytex: true version: '1.6.31' - name: Render documentation pages run: quarto render --output-dir _build - name: Setup GitHub pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 - name: Upload build artifacts - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 with: path: "docs/_build" - name: Upload build folder - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: build-folder path: "docs/_build" @@ -52,4 +52,4 @@ jobs: steps: - name: Deploy to GitHub pages id: deployment - uses: actions/deploy-pages@v4 \ No newline at end of file + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 \ No newline at end of file diff --git a/.github/workflows/unittests.yaml b/.github/workflows/unittests.yaml index 145ce6d4..9bf7e288 100644 --- a/.github/workflows/unittests.yaml +++ b/.github/workflows/unittests.yaml @@ -6,9 +6,9 @@ jobs: unittests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: "3.12" - name: Install test suite dependencies