From 9dd1fad57bc1b7042c0784d42c882402cb939b26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Houpert?= <10154151+lhoupert@users.noreply.github.com> Date: Thu, 2 Apr 2026 17:07:06 +0100 Subject: [PATCH] ci: pin GitHub Actions to SHA digests Refs #77 --- .github/workflows/docs.yaml | 10 +++++----- .github/workflows/pre-commit.yaml | 6 +++--- .github/workflows/test.yaml | 12 ++++++------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 1304bab..dedfcc2 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -13,14 +13,14 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - - uses: r-lib/actions/setup-pandoc@v2 + - uses: r-lib/actions/setup-pandoc@6f6e5bc62fba3a704f74e7ad7ef7676c5c6a2590 # v2 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: '3.11' cache: 'pip' @@ -46,14 +46,14 @@ jobs: sphinx-build source _build/html - name: Upload built documentation - uses: actions/upload-artifact@main + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # main with: name: docs path: docs/_build/html - name: Clone gh-pages branch if: success() && github.repository == 'geoarrow/geoarrow-python' && github.ref == 'refs/heads/main' - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: ref: gh-pages path: pages-clone diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 51e8052..83134b7 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -16,13 +16,13 @@ jobs: name: "pre-commit" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 persist-credentials: false - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 - name: pre-commit (cache) - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3 with: path: ~/.cache/pre-commit key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 75ed9c9..c52420e 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -20,12 +20,12 @@ jobs: python-version: ['3.8', '3.9', '3.10', '3.11', '3.12', '3.13'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: ${{ matrix.python-version }} cache: 'pip' @@ -85,7 +85,7 @@ jobs: image: python:3.7 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 fetch-tags: true @@ -121,12 +121,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: '3.13' cache: 'pip' @@ -174,7 +174,7 @@ jobs: popd - name: Upload coverage to codecov - uses: codecov/codecov-action@v2 + uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2 with: files: 'geoarrow-pyarrow/coverage.xml,geoarrow-types/coverage.xml,geoarrow-pandas/coverage.xml' token: ${{ secrets.CODECOV_TOKEN }}