Update GitHub Actions workflows to use full-length commit hashes for actions

2025-09-22 14:24:40 -05:00
parent cb72e57da9
commit c382ed790f
3 changed files with 17 additions and 17 deletions
--- a/.github/workflows/docker-test.yml
+++ b/.github/workflows/docker-test.yml
@@ -18,9 +18,9 @@ jobs:
        python-version: ["3.10", "3.11", "3.12", "3.13"]

    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
      with:
        python-version: ${{ matrix.python-version }}
    - name: Build Docker Image
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,18 +20,18 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
        with:
          platforms: amd64,arm64

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435

      - name: Log in to the Container registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@@ -39,7 +39,7 @@ jobs:

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
@@ -51,7 +51,7 @@ jobs:
            type=sha,format=short

      - name: Build and push Docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
        with:
          context: .
          platforms: linux/amd64,linux/arm64
@@ -63,7 +63,7 @@ jobs:

      - name: Extract metadata (tags, labels) for Docker (rootless)
        id: meta_rootless
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-rootless
          tags: |
@@ -74,7 +74,7 @@ jobs:
            type=sha,format=short,suffix=-rootless

      - name: Build and push rootless Docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
        with:
          context: .
          file: ./Dockerfile.rootless
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -23,11 +23,11 @@ jobs:
      contents: read
      id-token: write
    steps:
-    - uses: actions/checkout@v4.2.2
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        persist-credentials: false
    - name: Set up Python
-      uses: actions/setup-python@v5.3.0
+      uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
      with:
        python-version: "3.13"
    - name: Install pypa/build
@@ -35,7 +35,7 @@ jobs:
    - name: Build a binary wheel and a source tarball
      run: python3 -m build
    - name: Store the distribution packages
-      uses: actions/upload-artifact@v4.5.0
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
      with:
        name: python-package-distributions
        path: dist/
@@ -55,12 +55,12 @@ jobs:

    steps:
    - name: Download all the dists
-      uses: actions/download-artifact@v4.1.8
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
      with:
        name: python-package-distributions
        path: dist/
    - name: Publish distribution 📦 to PyPI
-      uses: pypa/gh-action-pypi-publish@v1.13.0
+      uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e

  github-release:
    name: Sign the Python 🐍 distribution 📦 and create GitHub Release
@@ -73,12 +73,12 @@ jobs:

    steps:
    - name: Download all the dists
-      uses: actions/download-artifact@v4.1.8
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
      with:
        name: python-package-distributions
        path: dist/
    - name: Sign the dists with Sigstore
-      uses: sigstore/gh-action-sigstore-python@v3.0.0
+      uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46
      with:
        inputs: >-
          ./dist/*.tar.gz