Skip to content

Commit 3617a93

Browse files
wennergraaronsteers
wennergr
and
aaronsteers
authored
feat: pin sha for github actions (#801)
Co-authored-by: Aaron ("AJ") Steers <[email protected]>
1 parent f5f0f47 commit 3617a93

16 files changed

+110
-98
lines changed

.github/workflows/actionlint.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,9 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- name: Checkout code
18-
uses: actions/checkout@v4
18+
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
1919
- name: Run actionlint
20-
uses: reviewdog/[email protected]
20+
uses: reviewdog/action-actionlint@95395aac8c053577d0bc67eb7b74936c660c6f66 # v1.67.0
2121
with:
2222
github_token: ${{ secrets.GITHUB_TOKEN }}
2323
reporter: github-pr-review

.github/workflows/auto_merge_notification.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414
steps:
1515
- name: Add Auto-Merge Notice
1616
if: github.event.action == 'auto_merge_enabled'
17-
uses: bcgov/[email protected]
17+
uses: bcgov/action-pr-description-add@14338bfe0278ead273b3c1189e5aa286ff6709c4 # v2.0.0
1818
with:
1919
add_markdown: |
2020
> [!IMPORTANT]
@@ -24,7 +24,7 @@ jobs:
2424
2525
- name: Remove Auto-Merge Notice
2626
if: github.event.action == 'auto_merge_disabled'
27-
uses: bcgov/[email protected]
27+
uses: bcgov/action-pr-description-add@14338bfe0278ead273b3c1189e5aa286ff6709c4 # v2.0.0
2828
with:
2929
add_markdown: |
3030
> [!NOTE]

.github/workflows/autofix.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,13 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- name: Checkout code
16-
uses: actions/checkout@v5
16+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
1717
- name: Set up Python
18-
uses: actions/setup-python@v5
18+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
1919
with:
2020
python-version: 3.10
2121
- name: Set up Poetry
22-
uses: Gr1N/setup-poetry@v9
22+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
2323
with:
2424
poetry-version: "2.2.0"
2525

@@ -37,6 +37,6 @@ jobs:
3737
git diff-index --quiet HEAD || git commit -m "Format code with black"
3838
3939
- name: Push changes
40-
uses: ad-m/github-push-action@master
40+
uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # v1.0.0
4141
with:
4242
github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/fix-pr-command.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -36,32 +36,32 @@ jobs:
3636

3737
# Custom steps to fetch the PR and checkout the code:
3838
- name: Authenticate as GitHub App
39-
uses: actions/create-github-app-token@v2
39+
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
4040
id: get-app-token
4141
with:
4242
owner: "airbytehq"
4343
repositories: "PyAirbyte"
4444
app-id: ${{ secrets.OCTAVIA_BOT_APP_ID }}
4545
private-key: ${{ secrets.OCTAVIA_BOT_PRIVATE_KEY }}
4646
- name: Checkout Airbyte
47-
uses: actions/checkout@v5
47+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4848
with:
4949
# Important that this is set so that CI checks are triggered again
5050
# Without this we would be forever waiting on required checks to pass
5151
token: ${{ steps.get-app-token.outputs.token }}
5252

5353
- name: Checkout PR (${{ github.event.inputs.pr }})
54-
uses: dawidd6/action-checkout-pr@v1
54+
uses: dawidd6/action-checkout-pr@a7598e18433a763b784f17d666372913d8bd4205 # v1.2.0
5555
with:
5656
pr: ${{ github.event.inputs.pr }}
5757

5858
- name: Resolve workflow variables
5959
id: vars
60-
uses: aaronsteers/resolve-ci-vars-action@v0
60+
uses: aaronsteers/resolve-ci-vars-action@2e56afab0344bbe03c047dfa39bae559d0291472 # v0.1.6
6161

6262
- name: Append comment with job run link
6363
id: first-comment-action
64-
uses: peter-evans/create-or-update-comment@v4
64+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
6565
with:
6666
comment-id: ${{ github.event.inputs.comment-id }}
6767
issue-number: ${{ github.event.inputs.pr }}
@@ -77,11 +77,11 @@ jobs:
7777
[1]: ${{ steps.vars.outputs.run-url }}
7878
7979
- name: Set up Python
80-
uses: actions/setup-python@v5
80+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
8181
with:
8282
python-version: ${{ matrix.python-version }}
8383
- name: Set up Poetry
84-
uses: Gr1N/setup-poetry@v9
84+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
8585
with:
8686
poetry-version: "2.2.0"
8787
- name: Install dependencies
@@ -150,7 +150,7 @@ jobs:
150150
git push contributor HEAD:${{ steps.vars.outputs.pr-source-git-branch }}
151151
152152
- name: Append success comment
153-
uses: peter-evans/create-or-update-comment@v4
153+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
154154
if: steps.git-diff.outputs.changes == 'true' || steps.git-diff-2.outputs.changes == 'true'
155155
with:
156156
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -159,7 +159,7 @@ jobs:
159159
> ✅ Changes applied successfully.
160160
161161
- name: Append success comment (no-op)
162-
uses: peter-evans/create-or-update-comment@v4
162+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
163163
if: steps.git-diff.outputs.changes != 'true' && steps.git-diff-2.outputs.changes != 'true'
164164
with:
165165
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -168,7 +168,7 @@ jobs:
168168
> 🟦 Job completed successfully (no changes).
169169
170170
- name: Append failure comment
171-
uses: peter-evans/create-or-update-comment@v4
171+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
172172
if: failure()
173173
with:
174174
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}

.github/workflows/poetry-lock-command.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -33,22 +33,22 @@ jobs:
3333

3434
# Custom steps to fetch the PR and checkout the code:
3535
- name: Authenticate as GitHub App
36-
uses: actions/create-github-app-token@v2
36+
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
3737
id: get-app-token
3838
with:
3939
owner: "airbytehq"
4040
repositories: "PyAirbyte"
4141
app-id: ${{ secrets.OCTAVIA_BOT_APP_ID }}
4242
private-key: ${{ secrets.OCTAVIA_BOT_PRIVATE_KEY }}
4343
- name: Checkout Airbyte
44-
uses: actions/checkout@v5
44+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4545
with:
4646
# Important that this is set so that CI checks are triggered again
4747
# Without this we would be forever waiting on required checks to pass
4848
token: ${{ steps.get-app-token.outputs.token }}
4949

5050
- name: Checkout PR (${{ github.event.inputs.pr }})
51-
uses: dawidd6/action-checkout-pr@v1
51+
uses: dawidd6/action-checkout-pr@a7598e18433a763b784f17d666372913d8bd4205 # v1.2.0
5252
with:
5353
pr: ${{ github.event.inputs.pr }}
5454

@@ -65,11 +65,11 @@ jobs:
6565
6666
- name: Resolve workflow variables
6767
id: vars
68-
uses: aaronsteers/resolve-ci-vars-action@v0
68+
uses: aaronsteers/resolve-ci-vars-action@2e56afab0344bbe03c047dfa39bae559d0291472 # v0.1.6
6969

7070
- name: Append comment with job run link
7171
id: first-comment-action
72-
uses: peter-evans/create-or-update-comment@v4
72+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
7373
with:
7474
comment-id: ${{ github.event.inputs.comment-id }}
7575
issue-number: ${{ github.event.inputs.pr }}
@@ -80,11 +80,11 @@ jobs:
8080
[1]: ${{ steps.vars.outputs.run-url }}
8181
8282
- name: Set up Python
83-
uses: actions/setup-python@v5
83+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
8484
with:
8585
python-version: ${{ matrix.python-version }}
8686
- name: Set up Poetry
87-
uses: Gr1N/setup-poetry@v9
87+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
8888
with:
8989
poetry-version: "2.2.0"
9090

@@ -118,7 +118,7 @@ jobs:
118118
git push contributor HEAD:${{ steps.vars.outputs.pr-source-git-branch }}
119119
120120
- name: Append success comment
121-
uses: peter-evans/create-or-update-comment@v4
121+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
122122
if: steps.git-diff.outputs.changes == 'true'
123123
with:
124124
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -127,16 +127,16 @@ jobs:
127127
> ✅ `poetry lock` applied successfully.
128128
129129
- name: Append success comment (no-op)
130-
uses: peter-evans/create-or-update-comment@v4
131-
if: steps.git-diff.outputs.changes != 'true' && steps.git-diff-2.outputs.changes != 'true'
130+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
131+
if: steps.git-diff.outputs.changes != 'true'
132132
with:
133133
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
134134
reactions: "+1"
135135
body: |
136136
> 🟦 Job completed successfully (no changes).
137137
138138
- name: Append failure comment
139-
uses: peter-evans/create-or-update-comment@v4
139+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
140140
if: failure()
141141
with:
142142
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}

.github/workflows/pydoc_preview.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,13 @@ jobs:
1515

1616
steps:
1717
- name: Checkout code
18-
uses: actions/checkout@v5
18+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
1919
- name: Set up Python
20-
uses: actions/setup-python@v5
20+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
2121
with:
2222
python-version: '3.10'
2323
- name: Set up Poetry
24-
uses: Gr1N/setup-poetry@v9
24+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
2525
with:
2626
poetry-version: "2.2.0"
2727

@@ -33,7 +33,7 @@ jobs:
3333
poetry run poe docs-generate
3434
3535
- name: Upload artifact
36-
uses: actions/upload-pages-artifact@v4
36+
uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
3737
with:
3838
# Upload entire repository
3939
path: 'docs/generated'

.github/workflows/pydoc_publish.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -32,17 +32,17 @@ jobs:
3232

3333
steps:
3434
- name: Checkout code
35-
uses: actions/checkout@v5
35+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
3636
- name: Set up Python
37-
uses: actions/setup-python@v5
37+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
3838
with:
3939
python-version: '3.10'
4040
- name: Set up Poetry
41-
uses: Gr1N/setup-poetry@v9
41+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
4242
with:
4343
poetry-version: "2.2.0"
4444
- name: Setup Pages
45-
uses: actions/configure-pages@v5
45+
uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
4646

4747
- name: Install dependencies
4848
run: poetry install
@@ -52,11 +52,11 @@ jobs:
5252
poetry run poe docs-generate
5353
5454
- name: Upload artifact
55-
uses: actions/upload-pages-artifact@v4
55+
uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
5656
with:
5757
# Upload entire repository
5858
path: 'docs/generated'
5959

6060
- name: Deploy to GitHub Pages
6161
id: deployment
62-
uses: actions/deploy-pages@v4
62+
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

.github/workflows/pypi_publish.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,10 +12,10 @@ jobs:
1212
build:
1313
runs-on: ubuntu-latest
1414
steps:
15-
- uses: actions/checkout@v5
15+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
1616
with:
1717
fetch-depth: 0
18-
- uses: hynek/build-and-inspect-python-package@v2
18+
- uses: hynek/build-and-inspect-python-package@c52c3a4710070b50470d903818a7b25115dcd076 # v2.13.0
1919

2020
publish:
2121
name: Publish to PyPI
@@ -29,12 +29,12 @@ jobs:
2929
url: https://pypi.org/p/airbyte
3030
if: startsWith(github.ref, 'refs/tags/')
3131
steps:
32-
- uses: actions/download-artifact@v4
32+
- uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
3333
with:
3434
name: Packages
3535
path: dist
3636
- name: Upload wheel to release
37-
uses: svenstaro/upload-release-action@v2
37+
uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # latest
3838
with:
3939
repo_token: ${{ secrets.GITHUB_TOKEN }}
4040
file: dist/*.whl
@@ -43,4 +43,4 @@ jobs:
4343
file_glob: true
4444

4545
- name: Publish
46-
uses: pypa/[email protected]
46+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0

.github/workflows/python_lint.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -16,17 +16,17 @@ jobs:
1616
steps:
1717
# Common steps:
1818
- name: Checkout code
19-
uses: actions/checkout@v5
19+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2020
- name: Set up Poetry
21-
uses: Gr1N/setup-poetry@v9
21+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
2222
with:
2323
poetry-version: "2.2.0"
2424
- name: Set up Python
25-
uses: actions/setup-python@v5
25+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
2626
with:
2727
python-version: '3.10'
2828
- name: Set up Poetry
29-
uses: Gr1N/setup-poetry@v9
29+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
3030
with:
3131
poetry-version: "2.2.0"
3232
- name: Install dependencies
@@ -42,13 +42,13 @@ jobs:
4242
steps:
4343
# Common steps:
4444
- name: Checkout code
45-
uses: actions/checkout@v5
45+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4646
- name: Set up Python
47-
uses: actions/setup-python@v5
47+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
4848
with:
4949
python-version: '3.10'
5050
- name: Set up Poetry
51-
uses: Gr1N/setup-poetry@v9
51+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
5252
with:
5353
poetry-version: "2.2.0"
5454
- name: Install dependencies
@@ -64,17 +64,17 @@ jobs:
6464
steps:
6565
# Common steps:
6666
- name: Checkout code
67-
uses: actions/checkout@v5
67+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
6868
- name: Set up Poetry
69-
uses: Gr1N/setup-poetry@v9
69+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
7070
with:
7171
poetry-version: "2.2.0"
7272
- name: Set up Python
73-
uses: actions/setup-python@v5
73+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
7474
with:
7575
python-version: '3.10'
7676
- name: Set up Poetry
77-
uses: Gr1N/setup-poetry@v9
77+
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
7878
with:
7979
poetry-version: "2.2.0"
8080
- name: Install dependencies

0 commit comments

Comments
 (0)