diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 61f214b7b1..4d12b542c3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,13 +27,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: # Fetch all tags fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: ${{ env.STABLE_PYTHON_VERSION }} @@ -45,7 +45,7 @@ jobs: hatch build --target sdist - name: Upload sdist - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 with: name: wheels path: ./dist/*.tar.* @@ -68,18 +68,18 @@ jobs: archs: AMD64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: # Fetch all tags fetch-depth: 0 - name: Create wheels - uses: pypa/cibuildwheel@v2.16.2 + uses: pypa/cibuildwheel@fff9ec32ed25a9c576750c91e06b410ed0c15db7 # v2.16.2 env: CIBW_ARCHS: ${{ matrix.archs }} - name: Upload wheels - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 with: name: wheels path: ./wheelhouse/*.whl @@ -103,24 +103,24 @@ jobs: archs: arm64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: # Fetch all tags fetch-depth: 0 - name: Set up QEMU if: matrix.os == 'ubuntu-latest' - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3 with: platforms: arm64 - name: Create wheels - uses: pypa/cibuildwheel@v2.16.2 + uses: pypa/cibuildwheel@fff9ec32ed25a9c576750c91e06b410ed0c15db7 # v2.16.2 env: CIBW_ARCHS: ${{ matrix.archs }} - name: Upload wheels - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 with: name: wheels path: ./wheelhouse/*.whl @@ -136,13 +136,13 @@ jobs: - build-arm64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: ${{ env.STABLE_PYTHON_VERSION }} - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: wheels path: wheelhouse @@ -164,13 +164,13 @@ jobs: id-token: write steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: wheels path: wheels - name: Push build artifacts to PyPI - uses: pypa/gh-action-pypi-publish@v1.8.11 + uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # v1.8.11 with: skip-existing: true password: ${{ secrets.PYPI_TOKEN }} diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 80034ca4aa..48d8876b18 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -20,10 +20,10 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Synchronize labels - uses: EndBug/label-sync@v2 + uses: EndBug/label-sync@da00f2c11fdb78e4fae44adac2fdd713778ea3e8 # v2 with: config-file: | https://raw.githubusercontent.com/pact-foundation/.github/master/.github/labels.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 838cde4a74..6a266d61b9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,12 +38,12 @@ jobs: experimental: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: submodules: true - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: ${{ matrix.python-version }} @@ -56,7 +56,7 @@ jobs: - name: Upload coverage # TODO: Configure code coverage monitoring if: false && matrix.python-version == env.STABLE_PYTHON_VERSION && matrix.os == 'ubuntu-latest' - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3 with: token: ${{ secrets.CODECOV_TOKEN }} @@ -78,7 +78,7 @@ jobs: services: broker: - image: pactfoundation/pact-broker:latest + image: pactfoundation/pact-broker:latest@sha256:186205f0596fd4f4ce553876f6e846ae614db2b9d582f0391ec418d71e5e4473 ports: - "9292:9292" env: @@ -90,10 +90,10 @@ jobs: PACT_BROKER_DATABASE_URL: sqlite:////tmp/pact_broker.sqlite steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up Python 3 - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: ${{ env.STABLE_PYTHON_VERSION }} @@ -122,10 +122,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: ${{ env.STABLE_PYTHON_VERSION }} diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index c841bc1ccb..b3673a749a 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -1,4 +1,4 @@ -FROM ubuntu:22.04 +FROM ubuntu:22.04@sha256:8eab65df33a6de2844c9aefd19efe8ddb87b7df5e9185a4ab73af936225685bb ENV DEBIAN_FRONTEND=noninteractive ARG PYTHON_VERSION 3.9