From f23c2578e385964ad90671dc800efe33307dc9a8 Mon Sep 17 00:00:00 2001 From: Sasa Bojanic <48201593+sale3@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:18:01 +0100 Subject: [PATCH] sbojanic/ci improve security (#567) * ci: replace tags with commit hashes * docs: add tag name to comment --- .github/workflows/ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 18b486244..63b74fde3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,10 +32,10 @@ jobs: matrix: python-version: ${{ fromJSON(needs.set_python_versions.outputs.all_versions) }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #@v5 with: python-version: ${{ matrix.python-version }} @@ -68,10 +68,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #@v4 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #@v5 with: # build it on the minimum version python-version: ${{ fromJSON(needs.set_python_versions.outputs.all_versions)[0] }} @@ -117,14 +117,14 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #@v4 - name: Get Upload URL id: get_upload_url run: echo "${{ github.event.release.upload_url }}" - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #@v5 with: # the newest python that we support python-version: ${{ needs.set_python_versions.outputs.last_version }}