Skip to content

Commit c140191

Browse files
ocefpafocefpaf
authored
Merge pull request #148 from ocefpaf/use_hashes
Use secure hashes
2 parents 0589c05 + a33ee9f commit c140191

File tree

4 files changed

+12
-9
lines changed

4 files changed

+12
-9
lines changed

.github/dependabot.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,3 +9,7 @@ updates:
99
interval: "daily"
1010
labels:
1111
- "Bot"
12+
groups:
13+
github-actions:
14+
patterns:
15+
- '*'

.github/workflows/deploy-docs.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,12 @@ jobs:
1515
runs-on: ubuntu-latest
1616

1717
steps:
18-
- name: checkout
19-
uses: actions/checkout@v4
18+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2019
with:
2120
fetch-depth: 0
2221

2322
- name: Setup Micromamba ${{ matrix.python-version }}
24-
uses: mamba-org/setup-micromamba@v2
23+
uses: mamba-org/setup-micromamba@0dea6379afdaffa5d528b3d1dabc45da37f443fc # v2.0.4
2524
with:
2625
environment-name: TEST
2726
init-shell: bash
@@ -47,7 +46,7 @@ jobs:
4746
4847
- name: Deploy
4948
if: success() && github.event_name == 'release'
50-
uses: peaceiris/actions-gh-pages@v4
49+
uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
5150
with:
5251
github_token: ${{ secrets.GITHUB_TOKEN }}
5352
publish_dir: docs/build/html

.github/workflows/pypi.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@ jobs:
1717
packages:
1818
runs-on: ubuntu-latest
1919
steps:
20-
- uses: actions/checkout@v4
20+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2121

2222
- name: Set up Python
23-
uses: actions/setup-python@v5
23+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
2424
with:
2525
python-version: "3.x"
2626

@@ -48,7 +48,7 @@ jobs:
4848
4949
- name: Publish a Python distribution to PyPI
5050
if: success() && github.event_name == 'release'
51-
uses: pypa/gh-action-pypi-publish@release/v1
51+
uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
5252
with:
5353
user: __token__
5454
password: ${{ secrets.PYPI_API_TOKEN }}

.github/workflows/tests.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,10 @@ jobs:
1818
shell: bash -l {0}
1919

2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2222

2323
- name: Set up Python
24-
uses: actions/setup-python@v5
24+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
2525
with:
2626
python-version: ${{ matrix.python-version }}
2727

0 commit comments

Comments
 (0)