diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 8c5a23b..32751da 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -9,7 +9,7 @@ jobs: bump-version: runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@v3.2.0 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ secrets.CSDA_RELEASE_BOT_CLIENT_ID }} @@ -17,7 +17,7 @@ jobs: owner: ${{ github.repository_owner }} repositories: ${{ github.event.repository.name }} - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: token: ${{ steps.app-token.outputs.token }} @@ -32,7 +32,7 @@ jobs: fi - if: steps.check.outputs.should_run == 'true' - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - if: steps.check.outputs.should_run == 'true' id: bump diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75203a1..8e3e5aa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: astral-sh/setup-uv@v7 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Run tests run: uv run pytest diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 5ba894e..d3baccf 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -13,7 +13,7 @@ jobs: release-please: runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@v3.2.0 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ secrets.CSDA_RELEASE_BOT_CLIENT_ID }}