From adbf5153ec2b3e3e76f56d5dc7e5794fb3649f0a Mon Sep 17 00:00:00 2001 From: "P. L. Lim" <2090236+pllim@users.noreply.github.com> Date: Tue, 26 Nov 2024 00:21:40 -0500 Subject: [PATCH] MNT: Use hash for Action workflow versions and update if needed (#234) * MNT: Use hash for Action workflow versions and update if needed * Update dependabot.yml --- .github/dependabot.yml | 8 +++++-- .github/workflows/publish.yml | 28 +++++++++++------------ .github/workflows/publish_pure_python.yml | 12 +++++----- .github/workflows/pull_from_upstream.yml | 2 +- .github/workflows/test_tox.yml | 2 +- .github/workflows/tox.yml | 20 ++++++++-------- .github/workflows/update_tag.yml | 2 +- 7 files changed, 39 insertions(+), 35 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5ace460..963c3a6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,10 @@ version: 2 updates: - package-ecosystem: "github-actions" - directory: "/" + directory: ".github/workflows" # Location of package manifests schedule: - interval: "weekly" + interval: "monthly" + groups: + actions: + patterns: + - "*" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 49080ff..5c00449 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -107,7 +107,7 @@ jobs: matrix: ${{ steps.set-outputs.outputs.matrix }} upload_to_pypi: ${{ steps.set-upload.outputs.upload_to_pypi }} steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.12' - run: python -m pip install PyYAML click @@ -138,7 +138,7 @@ jobs: fail-fast: ${{ inputs.fail-fast }} matrix: ${{fromJSON(needs.targets.outputs.matrix)}} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 lfs: true @@ -146,7 +146,7 @@ jobs: ref: ${{ inputs.checkout_ref }} - name: Set up QEMU if: ${{ matrix.CIBW_ARCHS == 'aarch64' }} - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: all - name: Configure cibuildwheel @@ -168,7 +168,7 @@ jobs: echo "EOF" >> $GITHUB_ENV fi cat $GITHUB_ENV - - uses: actions/setup-python@v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 if: ${{ inputs.env != '' }} with: python-version: '3.12' @@ -183,13 +183,13 @@ jobs: env: SET_ENV_SCRIPT: aW1wb3J0IGpzb24KaW1wb3J0IG9zCmltcG9ydCBzeXMKCmltcG9ydCB5YW1sCgpHSVRIVUJfRU5WID0gb3MuZ2V0ZW52KCJHSVRIVUJfRU5WIikKaWYgR0lUSFVCX0VOViBpcyBOb25lOgogICAgcmFpc2UgVmFsdWVFcnJvcigiR0lUSFVCX0VOViBub3Qgc2V0LiBNdXN0IGJlIHJ1biBpbnNpZGUgR2l0SHViIEFjdGlvbnMuIikKCkRFTElNSVRFUiA9ICJFT0YiCgoKZGVmIHNldF9lbnYoZW52KToKCiAgICBlbnYgPSB5YW1sLmxvYWQoZW52LCBMb2FkZXI9eWFtbC5CYXNlTG9hZGVyKQogICAgcHJpbnQoanNvbi5kdW1wcyhlbnYsIGluZGVudD0yKSkKCiAgICBpZiBub3QgaXNpbnN0YW5jZShlbnYsIGRpY3QpOgogICAgICAgIHRpdGxlID0gImBlbnZgIG11c3QgYmUgbWFwcGluZyIKICAgICAgICBtZXNzYWdlID0gZiJgZW52YCBtdXN0IGJlIG1hcHBpbmcgb2YgZW52IHZhcmlhYmxlcyB0byB2YWx1ZXMsIGdvdCB0eXBlIHt0eXBlKGVudil9IgogICAgICAgIHByaW50KGYiOjplcnJvciB0aXRsZT17dGl0bGV9Ojp7bWVzc2FnZX0iKQogICAgICAgIGV4aXQoMSkKCiAgICBmb3IgaywgdiBpbiBlbnYuaXRlbXMoKToKCiAgICAgICAgaWYgbm90IGlzaW5zdGFuY2Uodiwgc3RyKToKICAgICAgICAgICAgdGl0bGUgPSAiYGVudmAgdmFsdWVzIG11c3QgYmUgc3RyaW5ncyIKICAgICAgICAgICAgbWVzc2FnZSA9IGYiYGVudmAgdmFsdWVzIG11c3QgYmUgc3RyaW5ncywgYnV0IHZhbHVlIG9mIHtrfSBoYXMgdHlwZSB7dHlwZSh2KX0iCiAgICAgICAgICAgIHByaW50KGYiOjplcnJvciB0aXRsZT17dGl0bGV9Ojp7bWVzc2FnZX0iKQogICAgICAgICAgICBleGl0KDEpCgogICAgICAgIHYgPSB2LnNwbGl0KCJcbiIpCgogICAgICAgIHdpdGggb3BlbihHSVRIVUJfRU5WLCAiYSIpIGFzIGY6CiAgICAgICAgICAgIGlmIGxlbih2KSA9PSAxOgogICAgICAgICAgICAgICAgZi53cml0ZShmIntrfT17dlswXX1cbiIpCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICBmb3IgbGluZSBpbiB2OgogICAgICAgICAgICAgICAgICAgIGFzc2VydCBsaW5lLnN0cmlwKCkgIT0gREVMSU1JVEVSCiAgICAgICAgICAgICAgICBmLndyaXRlKGYie2t9PDx7REVMSU1JVEVSfVxuIikKICAgICAgICAgICAgICAgIGZvciBsaW5lIGluIHY6CiAgICAgICAgICAgICAgICAgICAgZi53cml0ZShmIntsaW5lfVxuIikKICAgICAgICAgICAgICAgIGYud3JpdGUoZiJ7REVMSU1JVEVSfVxuIikKCiAgICAgICAgcHJpbnQoZiJ7a30gd3JpdHRlbiB0byBHSVRIVUJfRU5WIikKCgppZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAgc2V0X2VudihzeXMuYXJndlsxXSkK - name: Run cibuildwheel - uses: pypa/cibuildwheel@v2.22.0 + uses: pypa/cibuildwheel@ee63bf16da6cddfb925f542f2c7b59ad50e93969 # v2.22.0 with: output-dir: dist env: CIBW_BUILD: ${{ matrix.CIBW_BUILD }} CIBW_ARCHS: ${{ matrix.CIBW_ARCHS }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 if: | needs.targets.outputs.upload_to_pypi == 'true' || inputs.upload_to_anaconda with: @@ -203,7 +203,7 @@ jobs: runs-on: ${{ inputs.sdist-runs-on }} timeout-minutes: ${{ inputs.timeout-minutes }} steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 if: ${{ inputs.env != '' }} with: python-version: '3.12' @@ -217,23 +217,23 @@ jobs: shell: sh env: SET_ENV_SCRIPT: aW1wb3J0IGpzb24KaW1wb3J0IG9zCmltcG9ydCBzeXMKCmltcG9ydCB5YW1sCgpHSVRIVUJfRU5WID0gb3MuZ2V0ZW52KCJHSVRIVUJfRU5WIikKaWYgR0lUSFVCX0VOViBpcyBOb25lOgogICAgcmFpc2UgVmFsdWVFcnJvcigiR0lUSFVCX0VOViBub3Qgc2V0LiBNdXN0IGJlIHJ1biBpbnNpZGUgR2l0SHViIEFjdGlvbnMuIikKCkRFTElNSVRFUiA9ICJFT0YiCgoKZGVmIHNldF9lbnYoZW52KToKCiAgICBlbnYgPSB5YW1sLmxvYWQoZW52LCBMb2FkZXI9eWFtbC5CYXNlTG9hZGVyKQogICAgcHJpbnQoanNvbi5kdW1wcyhlbnYsIGluZGVudD0yKSkKCiAgICBpZiBub3QgaXNpbnN0YW5jZShlbnYsIGRpY3QpOgogICAgICAgIHRpdGxlID0gImBlbnZgIG11c3QgYmUgbWFwcGluZyIKICAgICAgICBtZXNzYWdlID0gZiJgZW52YCBtdXN0IGJlIG1hcHBpbmcgb2YgZW52IHZhcmlhYmxlcyB0byB2YWx1ZXMsIGdvdCB0eXBlIHt0eXBlKGVudil9IgogICAgICAgIHByaW50KGYiOjplcnJvciB0aXRsZT17dGl0bGV9Ojp7bWVzc2FnZX0iKQogICAgICAgIGV4aXQoMSkKCiAgICBmb3IgaywgdiBpbiBlbnYuaXRlbXMoKToKCiAgICAgICAgaWYgbm90IGlzaW5zdGFuY2Uodiwgc3RyKToKICAgICAgICAgICAgdGl0bGUgPSAiYGVudmAgdmFsdWVzIG11c3QgYmUgc3RyaW5ncyIKICAgICAgICAgICAgbWVzc2FnZSA9IGYiYGVudmAgdmFsdWVzIG11c3QgYmUgc3RyaW5ncywgYnV0IHZhbHVlIG9mIHtrfSBoYXMgdHlwZSB7dHlwZSh2KX0iCiAgICAgICAgICAgIHByaW50KGYiOjplcnJvciB0aXRsZT17dGl0bGV9Ojp7bWVzc2FnZX0iKQogICAgICAgICAgICBleGl0KDEpCgogICAgICAgIHYgPSB2LnNwbGl0KCJcbiIpCgogICAgICAgIHdpdGggb3BlbihHSVRIVUJfRU5WLCAiYSIpIGFzIGY6CiAgICAgICAgICAgIGlmIGxlbih2KSA9PSAxOgogICAgICAgICAgICAgICAgZi53cml0ZShmIntrfT17dlswXX1cbiIpCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICBmb3IgbGluZSBpbiB2OgogICAgICAgICAgICAgICAgICAgIGFzc2VydCBsaW5lLnN0cmlwKCkgIT0gREVMSU1JVEVSCiAgICAgICAgICAgICAgICBmLndyaXRlKGYie2t9PDx7REVMSU1JVEVSfVxuIikKICAgICAgICAgICAgICAgIGZvciBsaW5lIGluIHY6CiAgICAgICAgICAgICAgICAgICAgZi53cml0ZShmIntsaW5lfVxuIikKICAgICAgICAgICAgICAgIGYud3JpdGUoZiJ7REVMSU1JVEVSfVxuIikKCiAgICAgICAgcHJpbnQoZiJ7a30gd3JpdHRlbiB0byBHSVRIVUJfRU5WIikKCgppZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAgc2V0X2VudihzeXMuYXJndlsxXSkK - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 lfs: true submodules: ${{ inputs.submodules }} - name: Install dependencies if: ${{ inputs.libraries != '' }} - uses: ConorMacBride/install-package@main + uses: ConorMacBride/install-package@3e7ad059e07782ee54fa35f827df52aae0626f30 # v1.1.0 with: apt: ${{ inputs.libraries }} - id: build - uses: OpenAstronomy/build-python-dist@main + uses: OpenAstronomy/build-python-dist@bbb0e1c5b132893999ea56d77bd4b526e0097c7d # v1.0.1 with: test_extras: ${{ inputs.test_extras }} test_command: ${{ inputs.test_command }} pure_python_wheel: false - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 if: | needs.targets.outputs.upload_to_pypi == 'true' || inputs.upload_to_anaconda with: @@ -252,19 +252,19 @@ jobs: needs.build_wheels.result != 'failure' && needs.build_sdist.result != 'failure' steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: dist-* path: dist merge-multiple: true - - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2 name: Upload to PyPI if: ${{ needs.targets.outputs.upload_to_pypi == 'true' }} with: user: __token__ password: ${{ secrets.pypi_token }} repository-url: ${{ inputs.repository_url }} - - uses: OpenAstronomy/publish-wheels-anaconda@main + - uses: OpenAstronomy/publish-wheels-anaconda@612ea808f79152bd52a019316f684a12bbe8ba33 # main if: ${{ inputs.upload_to_anaconda }} with: anaconda_user: ${{ inputs.anaconda_user }} diff --git a/.github/workflows/publish_pure_python.yml b/.github/workflows/publish_pure_python.yml index 6298e8d..91f136c 100644 --- a/.github/workflows/publish_pure_python.yml +++ b/.github/workflows/publish_pure_python.yml @@ -91,7 +91,7 @@ jobs: runs-on: ${{ inputs.runs-on }} timeout-minutes: ${{ inputs.timeout-minutes }} steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 if: ${{ inputs.env != '' }} with: python-version: '3.12' @@ -105,7 +105,7 @@ jobs: shell: sh env: SET_ENV_SCRIPT: aW1wb3J0IGpzb24KaW1wb3J0IG9zCmltcG9ydCBzeXMKCmltcG9ydCB5YW1sCgpHSVRIVUJfRU5WID0gb3MuZ2V0ZW52KCJHSVRIVUJfRU5WIikKaWYgR0lUSFVCX0VOViBpcyBOb25lOgogICAgcmFpc2UgVmFsdWVFcnJvcigiR0lUSFVCX0VOViBub3Qgc2V0LiBNdXN0IGJlIHJ1biBpbnNpZGUgR2l0SHViIEFjdGlvbnMuIikKCkRFTElNSVRFUiA9ICJFT0YiCgoKZGVmIHNldF9lbnYoZW52KToKCiAgICBlbnYgPSB5YW1sLmxvYWQoZW52LCBMb2FkZXI9eWFtbC5CYXNlTG9hZGVyKQogICAgcHJpbnQoanNvbi5kdW1wcyhlbnYsIGluZGVudD0yKSkKCiAgICBpZiBub3QgaXNpbnN0YW5jZShlbnYsIGRpY3QpOgogICAgICAgIHRpdGxlID0gImBlbnZgIG11c3QgYmUgbWFwcGluZyIKICAgICAgICBtZXNzYWdlID0gZiJgZW52YCBtdXN0IGJlIG1hcHBpbmcgb2YgZW52IHZhcmlhYmxlcyB0byB2YWx1ZXMsIGdvdCB0eXBlIHt0eXBlKGVudil9IgogICAgICAgIHByaW50KGYiOjplcnJvciB0aXRsZT17dGl0bGV9Ojp7bWVzc2FnZX0iKQogICAgICAgIGV4aXQoMSkKCiAgICBmb3IgaywgdiBpbiBlbnYuaXRlbXMoKToKCiAgICAgICAgaWYgbm90IGlzaW5zdGFuY2Uodiwgc3RyKToKICAgICAgICAgICAgdGl0bGUgPSAiYGVudmAgdmFsdWVzIG11c3QgYmUgc3RyaW5ncyIKICAgICAgICAgICAgbWVzc2FnZSA9IGYiYGVudmAgdmFsdWVzIG11c3QgYmUgc3RyaW5ncywgYnV0IHZhbHVlIG9mIHtrfSBoYXMgdHlwZSB7dHlwZSh2KX0iCiAgICAgICAgICAgIHByaW50KGYiOjplcnJvciB0aXRsZT17dGl0bGV9Ojp7bWVzc2FnZX0iKQogICAgICAgICAgICBleGl0KDEpCgogICAgICAgIHYgPSB2LnNwbGl0KCJcbiIpCgogICAgICAgIHdpdGggb3BlbihHSVRIVUJfRU5WLCAiYSIpIGFzIGY6CiAgICAgICAgICAgIGlmIGxlbih2KSA9PSAxOgogICAgICAgICAgICAgICAgZi53cml0ZShmIntrfT17dlswXX1cbiIpCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICBmb3IgbGluZSBpbiB2OgogICAgICAgICAgICAgICAgICAgIGFzc2VydCBsaW5lLnN0cmlwKCkgIT0gREVMSU1JVEVSCiAgICAgICAgICAgICAgICBmLndyaXRlKGYie2t9PDx7REVMSU1JVEVSfVxuIikKICAgICAgICAgICAgICAgIGZvciBsaW5lIGluIHY6CiAgICAgICAgICAgICAgICAgICAgZi53cml0ZShmIntsaW5lfVxuIikKICAgICAgICAgICAgICAgIGYud3JpdGUoZiJ7REVMSU1JVEVSfVxuIikKCiAgICAgICAgcHJpbnQoZiJ7a30gd3JpdHRlbiB0byBHSVRIVUJfRU5WIikKCgppZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAgc2V0X2VudihzeXMuYXJndlsxXSkK - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 lfs: true @@ -113,11 +113,11 @@ jobs: ref: ${{ inputs.checkout_ref }} - name: Install dependencies if: ${{ inputs.libraries != '' }} - uses: ConorMacBride/install-package@main + uses: ConorMacBride/install-package@3e7ad059e07782ee54fa35f827df52aae0626f30 # v1.1.0 with: apt: ${{ inputs.libraries }} - id: build - uses: OpenAstronomy/build-python-dist@main + uses: OpenAstronomy/build-python-dist@bbb0e1c5b132893999ea56d77bd4b526e0097c7d # v1.0.1 with: test_extras: ${{ inputs.test_extras }} test_command: ${{ inputs.test_command }} @@ -134,14 +134,14 @@ jobs: env: UPLOAD_TO_PYPI: ${{ inputs.upload_to_pypi }} UPLOAD_TAG: ${{ startsWith(inputs.upload_to_pypi, 'refs/tags/') && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || github.event_name == 'create') && startsWith(github.ref, inputs.upload_to_pypi) }} - - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2 name: Upload to PyPI if: ${{ steps.set-upload.outputs.upload_to_pypi == 'true' }} with: user: __token__ password: ${{ secrets.pypi_token }} repository-url: ${{ inputs.repository_url }} - - uses: OpenAstronomy/publish-wheels-anaconda@main + - uses: OpenAstronomy/publish-wheels-anaconda@612ea808f79152bd52a019316f684a12bbe8ba33 # main if: ${{ inputs.upload_to_anaconda }} with: anaconda_user: ${{ inputs.anaconda_user }} diff --git a/.github/workflows/pull_from_upstream.yml b/.github/workflows/pull_from_upstream.yml index 8d537b2..c4707d7 100644 --- a/.github/workflows/pull_from_upstream.yml +++ b/.github/workflows/pull_from_upstream.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout target repository - uses: actions/checkout@v4 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: # Checkout the repository where the workflow is running ref: main diff --git a/.github/workflows/test_tox.yml b/.github/workflows/test_tox.yml index 0531279..4e53239 100644 --- a/.github/workflows/test_tox.yml +++ b/.github/workflows/test_tox.yml @@ -165,7 +165,7 @@ jobs: needs: [test_artifact_upload] runs-on: ubuntu-latest steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: artifact-upload-(ubuntu-latest) path: . diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml index ca09d67..b5ce6cd 100644 --- a/.github/workflows/tox.yml +++ b/.github/workflows/tox.yml @@ -120,7 +120,7 @@ jobs: outputs: matrix: ${{ steps.set-outputs.outputs.matrix }} steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.12' - run: python -m pip install PyYAML click packaging @@ -156,7 +156,7 @@ jobs: shell: bash -l {0} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 lfs: true @@ -165,14 +165,14 @@ jobs: - name: Cache ${{ matrix.cache_key }} if: ${{ matrix.cache-path != '' && matrix.cache-key != '' }} - uses: actions/cache@v4 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ${{ matrix.cache-path }} key: ${{ matrix.cache-key }} restore-keys: ${{ matrix.cache-restore-keys }} - name: Install dependencies - uses: ConorMacBride/install-package@main + uses: ConorMacBride/install-package@3e7ad059e07782ee54fa35f827df52aae0626f30 # v1.1.0 with: brew: ${{ matrix.libraries_brew }} brew-cask: ${{ matrix.libraries_brew_cask }} @@ -181,14 +181,14 @@ jobs: - name: Setup Python ${{ matrix.python_version }} if: ${{ matrix.conda != 'true' }} - uses: actions/setup-python@v5 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: ${{ matrix.python_version }} allow-prereleases: true - name: Setup conda if: ${{ matrix.conda == 'true' }} - uses: mamba-org/setup-micromamba@v2 + uses: mamba-org/setup-micromamba@ab6bf8bf7403e8023a094abeec19d6753bdc143e # v2.0.1 with: environment-name: test condarc: | @@ -214,7 +214,7 @@ jobs: - name: Setup headless display if: ${{ matrix.display == 'true' }} - uses: pyvista/setup-headless-display-action@v2 + uses: pyvista/setup-headless-display-action@8b39741bba8c06652c7def81821b5841adc17582 # v2 - name: Install tox run: python -m pip install --upgrade tox ${{ matrix.toxdeps }} @@ -222,19 +222,19 @@ jobs: - run: python -m tox -e ${{ matrix.toxenv }} ${{ matrix.toxargs }} -- ${{ matrix.pytest_flag }} ${{ matrix.posargs }} - if: ${{ (success() || failure()) && matrix.artifact-path != '' }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: ${{ matrix.artifact-name }} path: ${{ matrix.artifact-path }} - if: ${{ (success() || failure()) && matrix.pytest-results-summary == 'true' && matrix.pytest == 'true' }} - uses: test-summary/action@v2 + uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4 with: paths: "**/results.xml" - name: Upload to Codecov # Even if tox fails, upload coverage if: ${{ (success() || failure()) && contains(matrix.coverage, 'codecov') && matrix.pytest == 'true' }} - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/update_tag.yml b/.github/workflows/update_tag.yml index 60ad25f..2f978d4 100644 --- a/.github/workflows/update_tag.yml +++ b/.github/workflows/update_tag.yml @@ -10,4 +10,4 @@ jobs: name: Update Major Version Tag runs-on: ubuntu-latest steps: - - uses: nowactions/update-majorver@v1 + - uses: nowactions/update-majorver@f2014bbbba95b635e990ce512c5653bd0f4753fb # v1.1.2