Skip to content

Commit 0dee8e8

Browse files
annzhang-dbannzhang-db
authored
Pin all GitHub Actions to full commit SHAs (#400)
1 parent b7ea399 commit 0dee8e8

12 files changed

Lines changed: 96 additions & 96 deletions

.github/workflows/ai-sdk-provider.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,10 @@ jobs:
3232
timeout-minutes: 10
3333
steps:
3434
- name: Checkout code
35-
uses: actions/checkout@v4
35+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
3636

3737
- name: Setup Node.js
38-
uses: actions/setup-node@v4
38+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
3939
with:
4040
node-version: ${{ matrix.node-version }}
4141

@@ -51,10 +51,10 @@ jobs:
5151
timeout-minutes: 10
5252
steps:
5353
- name: Checkout code
54-
uses: actions/checkout@v4
54+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
5555

5656
- name: Setup Node.js
57-
uses: actions/setup-node@v4
57+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
5858
with:
5959
node-version: "20"
6060

@@ -70,10 +70,10 @@ jobs:
7070
timeout-minutes: 10
7171
steps:
7272
- name: Checkout code
73-
uses: actions/checkout@v4
73+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
7474

7575
- name: Setup Node.js
76-
uses: actions/setup-node@v4
76+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
7777
with:
7878
node-version: "20"
7979

@@ -89,10 +89,10 @@ jobs:
8989
timeout-minutes: 10
9090
steps:
9191
- name: Checkout code
92-
uses: actions/checkout@v4
92+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
9393

9494
- name: Setup Node.js
95-
uses: actions/setup-node@v4
95+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
9696
with:
9797
node-version: "20"
9898

@@ -108,10 +108,10 @@ jobs:
108108
timeout-minutes: 10
109109
steps:
110110
- name: Checkout code
111-
uses: actions/checkout@v4
111+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
112112

113113
- name: Setup Node.js
114-
uses: actions/setup-node@v4
114+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
115115
with:
116116
node-version: "20"
117117

.github/workflows/databricks-dspy-release.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,10 @@ jobs:
2727
working-directory: integrations/dspy
2828
steps:
2929
- name: Checkout code
30-
uses: actions/checkout@v4
30+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
3131

3232
- name: Set up Python
33-
uses: actions/setup-python@v5
33+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
3434
with:
3535
python-version: "3.12"
3636

@@ -85,13 +85,13 @@ jobs:
8585
twine check dist-pypi/*
8686
8787
- name: Upload TestPyPI artifacts
88-
uses: actions/upload-artifact@v4
88+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
8989
with:
9090
name: dist-test-files
9191
path: integrations/dspy/dist/
9292

9393
- name: Upload PyPI artifacts
94-
uses: actions/upload-artifact@v4
94+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
9595
with:
9696
name: dist-pypi-files
9797
path: integrations/dspy/dist-pypi/
@@ -109,15 +109,15 @@ jobs:
109109
id-token: write
110110
steps:
111111
- name: Checkout code
112-
uses: actions/checkout@v4
112+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
113113

114114
- name: Set up Python
115-
uses: actions/setup-python@v5
115+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
116116
with:
117117
python-version: "3.12"
118118

119119
- name: Download TestPyPI artifacts
120-
uses: actions/download-artifact@v4
120+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
121121
with:
122122
name: dist-test-files
123123
path: integrations/dspy/dist/
@@ -127,7 +127,7 @@ jobs:
127127
python -m pip install --upgrade pip twine
128128
129129
- name: Publish to TestPyPI
130-
uses: pypa/gh-action-pypi-publish@release/v1
130+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
131131
with:
132132
repository-url: https://test.pypi.org/legacy/
133133
packages-dir: integrations/dspy/dist/
@@ -155,15 +155,15 @@ jobs:
155155
id-token: write
156156
steps:
157157
- name: Checkout code
158-
uses: actions/checkout@v4
158+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
159159

160160
- name: Set up Python
161-
uses: actions/setup-python@v5
161+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
162162
with:
163163
python-version: "3.12"
164164

165165
- name: Download PyPI artifacts
166-
uses: actions/download-artifact@v4
166+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
167167
with:
168168
name: dist-pypi-files
169169
path: integrations/dspy/dist/
@@ -173,7 +173,7 @@ jobs:
173173
python -m pip install --upgrade pip twine
174174
175175
- name: Publish to PyPI
176-
uses: pypa/gh-action-pypi-publish@release/v1
176+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
177177
with:
178178
packages-dir: integrations/dspy/dist/
179179

.github/workflows/generate_release_workflows.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -72,9 +72,9 @@ def generate_workflow(pkg: Package) -> str:
7272
name: ${{{{ inputs.production && 'pypi' || 'testpypi' }}}}
7373
url: ${{{{ inputs.production && 'https://pypi.org/p/{pkg.name}' || 'https://test.pypi.org/p/{pkg.name}' }}}}
7474
{defaults_section} steps:
75-
- uses: actions/checkout@v4
75+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
7676
77-
- uses: actions/setup-python@v5
77+
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
7878
with:
7979
python-version: "3.12"
8080
@@ -111,12 +111,12 @@ def generate_workflow(pkg: Package) -> str:
111111
run: python -m build
112112
113113
- name: Store the distribution packages
114-
uses: actions/upload-artifact@v5
114+
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
115115
with:
116116
name: dist-{pkg.name}
117117
path: {dist_path}
118118
119-
- uses: ncipollo/release-action@v1
119+
- uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd
120120
if: inputs.production
121121
with:
122122
artifacts: "{dist_path}*.whl,{dist_path}*.tar.gz"
@@ -125,11 +125,11 @@ def generate_workflow(pkg: Package) -> str:
125125
126126
- name: Publish to PyPI
127127
if: inputs.production
128-
uses: pypa/gh-action-pypi-publish@release/v1{packages_dir_pypi}
128+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e{packages_dir_pypi}
129129
130130
- name: Publish to Test PyPI
131131
if: github.event_name == 'push' || !inputs.production
132-
uses: pypa/gh-action-pypi-publish@release/v1
132+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
133133
with:
134134
repository-url: https://test.pypi.org/legacy/{packages_dir_testpypi}
135135

.github/workflows/langchainjs.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,10 @@ jobs:
3232
timeout-minutes: 10
3333
steps:
3434
- name: Checkout code
35-
uses: actions/checkout@v4
35+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
3636

3737
- name: Setup Node.js
38-
uses: actions/setup-node@v4
38+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
3939
with:
4040
node-version: ${{ matrix.node-version }}
4141

@@ -51,10 +51,10 @@ jobs:
5151
timeout-minutes: 10
5252
steps:
5353
- name: Checkout code
54-
uses: actions/checkout@v4
54+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
5555

5656
- name: Setup Node.js
57-
uses: actions/setup-node@v4
57+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
5858
with:
5959
node-version: "20"
6060

@@ -70,10 +70,10 @@ jobs:
7070
timeout-minutes: 10
7171
steps:
7272
- name: Checkout code
73-
uses: actions/checkout@v4
73+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
7474

7575
- name: Setup Node.js
76-
uses: actions/setup-node@v4
76+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
7777
with:
7878
node-version: "20"
7979

@@ -89,10 +89,10 @@ jobs:
8989
timeout-minutes: 10
9090
steps:
9191
- name: Checkout code
92-
uses: actions/checkout@v4
92+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
9393

9494
- name: Setup Node.js
95-
uses: actions/setup-node@v4
95+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
9696
with:
9797
node-version: "20"
9898

@@ -108,10 +108,10 @@ jobs:
108108
timeout-minutes: 10
109109
steps:
110110
- name: Checkout code
111-
uses: actions/checkout@v4
111+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
112112

113113
- name: Setup Node.js
114-
uses: actions/setup-node@v4
114+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
115115
with:
116116
node-version: "20"
117117

0 commit comments

Comments
 (0)