From 3d4dc1f2429d0925150cf11a8daa41abeef77cea Mon Sep 17 00:00:00 2001 From: "P. L. Lim" <2090236+pllim@users.noreply.github.com> Date: Fri, 27 Sep 2024 12:01:30 -0400 Subject: [PATCH] MNT: Use hash for Action workflow versions and update if needed --- .github/workflows/check_milestone.yml | 2 +- .github/workflows/ci_workflows.yml | 8 ++++---- .github/workflows/codeql-analysis.yml | 10 +++++----- .github/workflows/open_actions.yml | 8 ++++---- .github/workflows/predeps_workflow.yml | 4 ++-- .github/workflows/publish-to-pypi.yml | 22 +++++++++++----------- 6 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/check_milestone.yml b/.github/workflows/check_milestone.yml index d573423..2a72ea1 100644 --- a/.github/workflows/check_milestone.yml +++ b/.github/workflows/check_milestone.yml @@ -17,7 +17,7 @@ jobs: milestone_checker: runs-on: ubuntu-latest steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 if: github.repository == 'spacetelescope/synphot_refactor' with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci_workflows.yml b/.github/workflows/ci_workflows.yml index 217682f..ddab735 100644 --- a/.github/workflows/ci_workflows.yml +++ b/.github/workflows/ci_workflows.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check base branch - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 if: github.event_name == 'pull_request' with: script: | @@ -99,11 +99,11 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: ${{ matrix.python }} - name: Install Python dependencies @@ -113,6 +113,6 @@ jobs: run: tox -e ${{ matrix.toxenv }} -- ${{ matrix.toxposargs }} - name: Upload coverage to codecov if: ${{ contains(matrix.toxenv,'-cov') }} - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: file: ./coverage.xml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3441c1c..4b63656 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -43,13 +43,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -61,7 +61,7 @@ jobs: # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild if: matrix.language != 'cpp' - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -71,7 +71,7 @@ jobs: # uses a compiled language - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 if: matrix.language == 'cpp' with: python-version: '3.12' @@ -84,4 +84,4 @@ jobs: python setup.py build_ext --inplace - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0 diff --git a/.github/workflows/open_actions.yml b/.github/workflows/open_actions.yml index f3cc798..53d1eb7 100644 --- a/.github/workflows/open_actions.yml +++ b/.github/workflows/open_actions.yml @@ -13,12 +13,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Label PR - uses: actions/labeler@v5 + uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 if: github.event_name == 'pull_request_target' with: repo-token: "${{ secrets.GITHUB_TOKEN }}" - name: 'Reviewer Checklist' - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 if: github.event_name == 'pull_request_target' with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -38,7 +38,7 @@ jobs: - [ ] Is a change log needed?` }) - name: 'Comment Draft PR' - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 if: github.event.pull_request.draft == true with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -50,6 +50,6 @@ jobs: body: '👋 Thank you for your draft pull request! Do you know that you can use `[ci skip]` or `[skip ci]` in your commit messages to skip running continuous integration tests until you are ready?' }) #- name: Special comment - # uses: pllim/action-special_pr_comment@main + # uses: pllim/action-special_pr_comment@5126c189c02418a55448480b28efd1a00af48d7b # 0.2 # with: # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/predeps_workflow.yml b/.github/workflows/predeps_workflow.yml index 2196c3f..917ff1f 100644 --- a/.github/workflows/predeps_workflow.yml +++ b/.github/workflows/predeps_workflow.yml @@ -37,11 +37,11 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: ${{ matrix.python }} - name: Install Python dependencies diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index 34fe5e1..6c38c78 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -32,17 +32,17 @@ jobs: matrix: os: [ubuntu-latest, windows-latest, macos-latest] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.x' - name: Install dependencies run: | python -m pip install pip "twine>=3.3" -U - name: Build wheels - uses: pypa/cibuildwheel@v2.20.0 + uses: pypa/cibuildwheel@d4a2945fcc8d13f20a1b99d461b8e844d5fc6e23 # v2.21.1 env: CIBW_BUILD: 'cp310-* cp311-* cp312-* cp313-*' CIBW_SKIP: '*-musllinux_*' @@ -57,7 +57,7 @@ jobs: # Upload artifacts because gh-action-pypi-publish Docker is only on Linux - name: Upload wheels if: (github.event_name == 'release' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: additional-pylons-${{ matrix.os }} path: ./wheelhouse/*.whl @@ -69,10 +69,10 @@ jobs: runs-on: ubuntu-latest if: (github.repository == 'spacetelescope/synphot_refactor' && ( github.event_name == 'release' || github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'Build wheels'))) steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.x' - name: Install dependencies @@ -91,7 +91,7 @@ jobs: testenv/bin/python -c "import synphot; synphot.test()" - name: Upload dist if: github.event_name == 'release' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: additional-pylons-dist path: ./dist/*.tar.gz @@ -108,7 +108,7 @@ jobs: id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download wheels - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: dist pattern: additional-pylons-* @@ -116,7 +116,7 @@ jobs: - name: Pylons inspection run: ls dist/* - name: Publish package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2 anaconda: name: Publish nightly wheel to Anaconda @@ -125,14 +125,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Download wheels - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: dist pattern: additional-pylons-* merge-multiple: true - name: Pylons inspection run: ls dist/* - - uses: OpenAstronomy/publish-wheels-anaconda@612ea808f79152bd52a019316f684a12bbe8ba33 # main 2024-09-06 + - uses: OpenAstronomy/publish-wheels-anaconda@612ea808f79152bd52a019316f684a12bbe8ba33 # main with: anaconda_user: STScI anaconda_package: synphot