diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 7686bfa..2ede6e6 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -21,11 +21,11 @@ jobs: runs-on: ubuntu-latest name: sdists steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v3 + uses: astral-sh/setup-uv@c14a0593fa503d0af0f4c9fb8ce8c7e1d9c496f9 # v3 with: version: "0.4.18" enable-cache: true @@ -33,7 +33,7 @@ jobs: - name: Make sdist (rfc3161_client) run: uv build --sdist - name: Upload sdist - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: rfc3161-sdist path: dist/rfc3161_client* @@ -48,12 +48,12 @@ jobs: - target: aarch64 - target: armv7 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: python-version: 3.x - name: Build wheels - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1 with: target: ${{ matrix.platform.target }} args: --release --out dist --find-interpreter @@ -70,7 +70,7 @@ jobs: cpanm --verbose --notest install Sub::Util fi - name: Upload wheels - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: wheels-linux-${{ matrix.platform.target }} path: dist @@ -85,19 +85,19 @@ jobs: - target: aarch64 - target: armv7 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: python-version: 3.x - name: Build wheels - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1 with: target: ${{ matrix.platform.target }} args: --release --out dist --find-interpreter sccache: 'true' manylinux: musllinux_1_2 - name: Upload wheels - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: wheels-musllinux-${{ matrix.platform.target }} path: dist @@ -113,14 +113,14 @@ jobs: - {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'} name: ${{ matrix.WINDOWS.WINDOWS }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - uses: actions/download-artifact@v4.1.8 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: rfc3161-sdist - name: Install the latest version of uv - uses: astral-sh/setup-uv@v3 + uses: astral-sh/setup-uv@c14a0593fa503d0af0f4c9fb8ce8c7e1d9c496f9 # v3 with: version: "0.4.18" enable-cache: true @@ -128,7 +128,7 @@ jobs: # We cannot use `uv python install` because it doesn't allow to install python # version for another architecture - name: Setup python - uses: actions/setup-python@v5.3.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.x architecture: ${{ matrix.WINDOWS.ARCH }} @@ -136,7 +136,7 @@ jobs: with: toolchain: stable target: ${{ matrix.WINDOWS.RUST_TRIPLE }} - - uses: dawidd6/action-download-artifact@v6 + - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 with: repo: pyca/infra workflow: build-windows-openssl.yml @@ -164,7 +164,7 @@ jobs: python -c "import rfc3161_client" shell: bash - name: Upload wheels - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: "wheels-windows-${{ matrix.WINDOWS.ARCH }}" path: wheelhouse @@ -179,12 +179,12 @@ jobs: - runner: macos-14 target: aarch64 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: python-version: 3.x - name: Build wheels - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1 env: # Do not build OpenSSL on MacOS, since it's already installed # and we don't need to cross-compile. @@ -194,7 +194,7 @@ jobs: args: --release --out dist --find-interpreter sccache: 'true' - name: Upload wheels - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: wheels-macos-${{ matrix.platform.target }} path: dist @@ -213,11 +213,11 @@ jobs: # Used to publish to PyPI with Trusted Publishing. id-token: write steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: path: dist/ merge-multiple: true - name: Publish distributions - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # release/v1 with: attestations: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9d802f9..9036fb3 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,9 +10,9 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: python-version-file: pyproject.toml @@ -23,7 +23,7 @@ jobs: toolchain: 1.81.0 - name: Install the latest version of uv - uses: astral-sh/setup-uv@v3 + uses: astral-sh/setup-uv@c14a0593fa503d0af0f4c9fb8ce8c7e1d9c496f9 # v3 with: version: "0.4.18" enable-cache: true diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 7d2657b..1397401 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -22,12 +22,12 @@ jobs: runs-on: ${{ matrix.platform }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v3 + uses: astral-sh/setup-uv@c14a0593fa503d0af0f4c9fb8ce8c7e1d9c496f9 # v3 with: version: "0.4.18" enable-cache: true @@ -53,12 +53,12 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v3 + uses: astral-sh/setup-uv@c14a0593fa503d0af0f4c9fb8ce8c7e1d9c496f9 # v3 with: version: "0.4.18" enable-cache: true