From 3cc2908d0af0a8edcfe811cff40d3950cab3af81 Mon Sep 17 00:00:00 2001 From: Camille Owens Date: Tue, 23 Jun 2026 17:10:16 -0600 Subject: [PATCH 1/3] fix(chore): update version tags with commit SHAs --- .github/workflows/bump-version.yml | 6 +++--- .github/workflows/ci.yml | 4 ++-- .github/workflows/release-please.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 8c5a23b..df3b09c 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -9,7 +9,7 @@ jobs: bump-version: runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@v3.2.0 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ secrets.CSDA_RELEASE_BOT_CLIENT_ID }} @@ -17,7 +17,7 @@ jobs: owner: ${{ github.repository_owner }} repositories: ${{ github.event.repository.name }} - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: token: ${{ steps.app-token.outputs.token }} @@ -32,7 +32,7 @@ jobs: fi - if: steps.check.outputs.should_run == 'true' - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - if: steps.check.outputs.should_run == 'true' id: bump diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75203a1..712c292 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: astral-sh/setup-uv@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Run tests run: uv run pytest diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 5ba894e..d3baccf 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -13,7 +13,7 @@ jobs: release-please: runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@v3.2.0 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ secrets.CSDA_RELEASE_BOT_CLIENT_ID }} From aba8c65709f7b2c45a1b8ea76bcb1ca5ebd9b569 Mon Sep 17 00:00:00 2001 From: Camille Owens Date: Tue, 23 Jun 2026 17:31:43 -0600 Subject: [PATCH 2/3] fix(chore): update version tags with commit SHAs --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 712c292..4ad28d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,6 +11,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 + - uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Run tests run: uv run pytest From b58b4d95791b556fcd7aa2c8f092447e107fc180 Mon Sep 17 00:00:00 2001 From: Camille Owens Date: Wed, 24 Jun 2026 16:08:24 -0600 Subject: [PATCH 3/3] set checkout actions to use v6.0.3 --- .github/workflows/bump-version.yml | 2 +- .github/workflows/ci.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index df3b09c..32751da 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -17,7 +17,7 @@ jobs: owner: ${{ github.repository_owner }} repositories: ${{ github.event.repository.name }} - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4ad28d9..8e3e5aa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Run tests run: uv run pytest