diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index 64815418f..8550ea002 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -45,8 +45,8 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} @@ -54,7 +54,7 @@ jobs: - name: "Prep README.md" run: python scripts/transform_readme.py --target pypi - name: "Build sdist" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: command: sdist args: --out dist @@ -74,7 +74,7 @@ jobs: # uv-build - name: "Build sdist uv-build" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: command: sdist args: --out crates/uv-build/dist -m crates/uv-build/Cargo.toml @@ -93,8 +93,8 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }} runs-on: macos-14 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: x64 @@ -103,7 +103,7 @@ jobs: # uv - name: "Build wheels - x86_64" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: x86_64 args: --release --locked --out dist --features self-update @@ -133,7 +133,7 @@ jobs: # uv-build - name: "Build wheels uv-build - x86_64" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: x86_64 args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml @@ -147,8 +147,8 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }} runs-on: macos-14 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: arm64 @@ -157,7 +157,7 @@ jobs: # uv - name: "Build wheels - aarch64" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: aarch64 args: --release --locked --out dist --features self-update @@ -193,7 +193,7 @@ jobs: # uv-build - name: "Build wheels uv-build - aarch64" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: aarch64 args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml @@ -221,8 +221,8 @@ jobs: - target: aarch64-pc-windows-msvc arch: x64 # not relevant here steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: ${{ matrix.platform.arch }} @@ -231,7 +231,7 @@ jobs: # uv - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} args: --release --locked --out dist --features self-update @@ -265,7 +265,7 @@ jobs: # uv-build - name: "Build wheels uv-build" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml @@ -291,8 +291,8 @@ jobs: - x86_64-unknown-linux-gnu - i686-unknown-linux-gnu steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: x64 @@ -356,7 +356,7 @@ jobs: # uv-build - name: "Build wheels uv-build" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.target }} manylinux: auto @@ -391,8 +391,8 @@ jobs: arch: arm steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: "Prep README.md" @@ -400,14 +400,14 @@ jobs: # uv - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} # On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`. manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }} docker-options: ${{ matrix.platform.maturin_docker_options }} args: --release --locked --out dist --features self-update - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 name: "Test wheel" with: arch: ${{ matrix.platform.arch == 'arm' && 'armv6' || matrix.platform.arch }} @@ -450,14 +450,14 @@ jobs: # uv-build - name: "Build wheels uv-build" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} # On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`. manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }} docker-options: ${{ matrix.platform.maturin_docker_options }} args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 name: "Test wheel uv-build" with: arch: ${{ matrix.platform.arch == 'arm' && 'armv6' || matrix.platform.arch }} @@ -490,8 +490,8 @@ jobs: arch: s390x steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: "Prep README.md" @@ -499,13 +499,13 @@ jobs: # uv - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} manylinux: auto docker-options: ${{ matrix.platform.maturin_docker_options }} args: --release --locked --out dist --features self-update - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 if: matrix.platform.arch != 'ppc64' name: "Test wheel" with: @@ -549,13 +549,13 @@ jobs: # uv-build - name: "Build wheels uv-build" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} manylinux: auto docker-options: ${{ matrix.platform.maturin_docker_options }} args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 if: matrix.platform.arch != 'ppc64' name: "Test wheel uv-build" with: @@ -594,8 +594,8 @@ jobs: maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: "Prep README.md" @@ -603,7 +603,7 @@ jobs: # uv - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} manylinux: auto @@ -661,7 +661,7 @@ jobs: # uv-build - name: "Build wheels uv-build" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} manylinux: auto @@ -690,8 +690,8 @@ jobs: - x86_64-unknown-linux-musl - i686-unknown-linux-musl steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} architecture: x64 @@ -700,7 +700,7 @@ jobs: # uv - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.target }} manylinux: musllinux_1_1 @@ -747,7 +747,7 @@ jobs: # uv-build - name: "Build wheels uv-build" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.target }} manylinux: musllinux_1_1 @@ -785,8 +785,8 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: "Prep README.md" @@ -794,14 +794,14 @@ jobs: # uv - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} manylinux: musllinux_1_1 args: --release --locked --out dist --features self-update ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} docker-options: ${{ matrix.platform.maturin_docker_options }} rust-toolchain: ${{ matrix.platform.toolchain || null }} - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 name: "Test wheel" with: arch: ${{ matrix.platform.arch }} @@ -816,7 +816,7 @@ jobs: # TODO(konsti): Enable this test on all platforms, currently `find_uv_bin` is failing to discover uv here. # .venv/bin/python -m ${{ env.MODULE_NAME }} --help .venv/bin/uvx --help - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 name: "Test wheel (manylinux)" if: matrix.platform.arch == 'aarch64' with: @@ -861,14 +861,14 @@ jobs: # uv-build - name: "Build wheels" - uses: PyO3/maturin-action@v1 + uses: PyO3/maturin-action@36db84001d74475ad1b8e6613557ae4ee2dc3598 # v1 with: target: ${{ matrix.platform.target }} manylinux: musllinux_1_1 args: --profile minimal-size --locked ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} --out crates/uv-build/dist -m crates/uv-build/Cargo.toml docker-options: ${{ matrix.platform.maturin_docker_options }} rust-toolchain: ${{ matrix.platform.toolchain || null }} - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 name: "Test wheel" with: arch: ${{ matrix.platform.arch }} @@ -882,7 +882,7 @@ jobs: .venv/bin/${{ env.MODULE_NAME }}-build --help # TODO(konsti): Enable this test on all platforms, currently `find_uv_bin` is failing to discover uv here. # .venv/bin/python -m ${{ env.MODULE_NAME }}_build --help - - uses: uraimo/run-on-arch-action@v2 + - uses: uraimo/run-on-arch-action@ac33288c3728ca72563c97b8b88dda5a65a84448 # v2 name: "Test wheel (manylinux)" if: matrix.platform.arch == 'aarch64' with: diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 12e92e34a..d5c4cd25f 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -45,21 +45,21 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive # Login to DockerHub first, to avoid rate-limiting - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 # PRs from forks don't have access to secrets, disable this step in that case. if: ${{ github.event.pull_request.head.repo.full_name == 'astral-sh/uv' }} with: username: astralshbot password: ${{ secrets.DOCKERHUB_TOKEN_RO }} - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -80,7 +80,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: images: ${{ env.UV_BASE_IMG }} # Defining this makes sure the org.opencontainers.image.version OCI label becomes the actual release version and not the branch name @@ -96,7 +96,7 @@ jobs: # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/ - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 with: context: . platforms: ${{ matrix.platform }} @@ -129,7 +129,7 @@ jobs: if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} steps: # Login to DockerHub first, to avoid rate-limiting - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: username: astralshbot password: ${{ secrets.DOCKERHUB_TOKEN_RO }} @@ -141,11 +141,11 @@ jobs: pattern: digests-* merge-multiple: true - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: images: ${{ env.UV_BASE_IMG }} # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version @@ -153,7 +153,7 @@ jobs: type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }} type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }} - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -211,14 +211,14 @@ jobs: - python:3.8-slim-bookworm,python3.8-bookworm-slim steps: # Login to DockerHub first, to avoid rate-limiting - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: username: astralshbot password: ${{ secrets.DOCKERHUB_TOKEN_RO }} - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -266,7 +266,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 # ghcr.io prefers index level annotations env: DOCKER_METADATA_ANNOTATIONS_LEVELS: index @@ -279,7 +279,7 @@ jobs: - name: Build and push id: build-and-push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 with: context: . platforms: linux/amd64,linux/arm64 @@ -292,7 +292,7 @@ jobs: annotations: ${{ steps.meta.outputs.annotations }} - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2 with: subject-name: ${{ env.UV_BASE_IMG }} subject-digest: ${{ steps.build-and-push.outputs.digest }} @@ -315,7 +315,7 @@ jobs: id-token: write # needed for signing the images with GitHub OIDC Token steps: # Login to DockerHub first, to avoid rate-limiting - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: username: astralshbot password: ${{ secrets.DOCKERHUB_TOKEN_RO }} @@ -327,11 +327,11 @@ jobs: pattern: digests-* merge-multiple: true - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 env: DOCKER_METADATA_ANNOTATIONS_LEVELS: index with: @@ -341,7 +341,7 @@ jobs: type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }} type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }} - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -381,7 +381,7 @@ jobs: echo "digest=${digest}" >> "$GITHUB_OUTPUT" - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2 with: subject-name: ${{ env.UV_BASE_IMG }} subject-digest: ${{ steps.manifest-digest.outputs.digest }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 68321fb68..f9a11388f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: # Flag that is raised when any code is changed code: ${{ steps.changed.outputs.code_any_changed }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 @@ -71,9 +71,9 @@ jobs: name: "lint" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: 3.12 @@ -81,7 +81,7 @@ jobs: run: rustup component add rustfmt - name: "Install uv" - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - name: "rustfmt" run: cargo fmt --all --check @@ -107,7 +107,7 @@ jobs: run: uvx --from 'validate-pyproject[all,store]' validate-pyproject pyproject.toml - name: "Lint shell scripts" - uses: ludeeus/action-shellcheck@2.0.0 + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 env: # renovate: datasource=github-tags depName=koalaman/shellcheck SHELLCHECK_VERSION: "v0.10.0" @@ -124,12 +124,12 @@ jobs: runs-on: ubuntu-latest name: "cargo clippy | ubuntu" steps: - - uses: actions/checkout@v4 - - uses: Swatinem/rust-cache@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: save-if: ${{ github.ref == 'refs/heads/main' }} - name: "Check uv_build dependencies" - uses: EmbarkStudios/cargo-deny-action@v1 + uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1 with: command: check bans manifest-path: crates/uv-build/Cargo.toml @@ -145,7 +145,7 @@ jobs: runs-on: windows-latest name: "cargo clippy | windows" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Dev Drive run: ${{ github.workspace }}/.github/workflows/setup-dev-drive.ps1 @@ -155,7 +155,7 @@ jobs: run: | Copy-Item -Path "${{ github.workspace }}" -Destination "${{ env.UV_WORKSPACE }}" -Recurse - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: ${{ env.UV_WORKSPACE }} @@ -173,8 +173,8 @@ jobs: runs-on: ubuntu-latest name: "cargo dev generate-all" steps: - - uses: actions/checkout@v4 - - uses: Swatinem/rust-cache@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: save-if: ${{ github.ref == 'refs/heads/main' }} - name: "Generate all" @@ -185,9 +185,9 @@ jobs: name: "cargo shear" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install cargo shear" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2153a01222995861497cc6c0c3b5a402b1461724 # v2 with: tool: cargo-shear - run: cargo shear @@ -203,21 +203,21 @@ jobs: runs-on: depot-ubuntu-22.04-16 name: "cargo test | ubuntu" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: rui314/setup-mold@v1 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - - uses: astral-sh/setup-uv@v5 + - uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - name: "Install required Python versions" run: uv python install - name: "Install cargo nextest" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2153a01222995861497cc6c0c3b5a402b1461724 # v2 with: tool: cargo-nextest @@ -235,21 +235,21 @@ jobs: runs-on: macos-latest-xlarge # github-macos-14-aarch64-6 name: "cargo test | macos" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: rui314/setup-mold@v1 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - - uses: astral-sh/setup-uv@v5 + - uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - name: "Install required Python versions" run: uv python install - name: "Install cargo nextest" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2153a01222995861497cc6c0c3b5a402b1461724 # v2 with: tool: cargo-nextest @@ -268,7 +268,7 @@ jobs: runs-on: github-windows-2025-x86_64-16 name: "cargo test | windows" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Dev Drive run: ${{ github.workspace }}/.github/workflows/setup-dev-drive.ps1 @@ -278,11 +278,11 @@ jobs: run: | Copy-Item -Path "${{ github.workspace }}" -Destination "${{ env.UV_WORKSPACE }}" -Recurse - - uses: astral-sh/setup-uv@v5 + - uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - name: "Install required Python versions" run: uv python install - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: ${{ env.UV_WORKSPACE }} @@ -291,7 +291,7 @@ jobs: run: rustup show - name: "Install cargo nextest" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2153a01222995861497cc6c0c3b5a402b1461724 # v2 with: tool: cargo-nextest @@ -321,7 +321,7 @@ jobs: matrix: target-arch: ["x86_64", "i686", "aarch64"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Dev Drive run: ${{ github.workspace }}/.github/workflows/setup-dev-drive.ps1 @@ -331,7 +331,7 @@ jobs: run: | Copy-Item -Path "${{ github.workspace }}" -Destination "${{ env.UV_WORKSPACE }}" -Recurse - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: ${{ env.UV_WORKSPACE }}/crates/uv-trampoline @@ -342,7 +342,7 @@ jobs: rustup component add rust-src --target ${{ matrix.target-arch }}-pc-windows-msvc - name: "Install cargo-bloat" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2153a01222995861497cc6c0c3b5a402b1461724 # v2 with: tool: cargo-bloat @@ -376,14 +376,14 @@ jobs: # Note, we exclude `aarch64` because it's not supported by the GitHub runner target-arch: ["x86_64", "i686"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Dev Drive run: ${{ github.workspace }}/.github/workflows/setup-dev-drive.ps1 # actions/checkout does not let us clone into anywhere outside ${{ github.workspace }}, so we have to copy the clone... - name: Copy Git Repo to Dev Drive run: | Copy-Item -Path "${{ github.workspace }}" -Destination "${{ env.UV_WORKSPACE }}" -Recurse - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: ${{ env.UV_WORKSPACE }}/crates/uv-trampoline - name: "Install Rust toolchain" @@ -412,7 +412,7 @@ jobs: typos: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: crate-ci/typos@master docs: @@ -422,14 +422,14 @@ jobs: env: MKDOCS_INSIDERS_SSH_KEY_EXISTS: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY != '' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - - uses: astral-sh/setup-uv@v5 - - uses: actions/setup-python@v5 + - uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 - name: "Add SSH key" if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }} - uses: webfactory/ssh-agent@v0.9.0 + uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 with: ssh-private-key: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY }} @@ -447,11 +447,11 @@ jobs: runs-on: github-ubuntu-24.04-x86_64-8 name: "build binary | linux libc" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: rui314/setup-mold@v1 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Build" run: cargo build @@ -472,7 +472,7 @@ jobs: runs-on: github-ubuntu-24.04-x86_64-8 name: "build binary | linux musl" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: rui314/setup-mold@v1 @@ -481,7 +481,7 @@ jobs: sudo apt-get install musl-tools rustup target add x86_64-unknown-linux-musl - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Build" run: cargo build --target x86_64-unknown-linux-musl --bin uv --bin uvx @@ -502,11 +502,11 @@ jobs: runs-on: macos-14 # github-macos-14-aarch64-3 name: "build binary | macos aarch64" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: rui314/setup-mold@v1 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Build" run: cargo build --bin uv --bin uvx @@ -526,11 +526,11 @@ jobs: runs-on: macos-latest-large # github-macos-14-x86_64-12 name: "build binary | macos x86_64" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: rui314/setup-mold@v1 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Build" run: cargo build --bin uv --bin uvx @@ -550,7 +550,7 @@ jobs: runs-on: windows-latest name: "build binary | windows x86_64" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Dev Drive run: ${{ github.workspace }}/.github/workflows/setup-dev-drive.ps1 @@ -560,7 +560,7 @@ jobs: run: | Copy-Item -Path "${{ github.workspace }}" -Destination "${{ env.UV_WORKSPACE }}" -Recurse - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: ${{ env.UV_WORKSPACE }} @@ -585,7 +585,7 @@ jobs: labels: windows-latest name: "build binary | windows aarch64" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Create Dev Drive using ReFS run: ${{ github.workspace }}/.github/workflows/setup-dev-drive.ps1 @@ -595,7 +595,7 @@ jobs: run: | Copy-Item -Path "${{ github.workspace }}" -Destination "${{ env.UV_WORKSPACE }}" -Recurse - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: ${{ env.UV_WORKSPACE }} @@ -622,8 +622,8 @@ jobs: runs-on: github-ubuntu-24.04-x86_64-8 timeout-minutes: 10 steps: - - uses: actions/checkout@v4 - - uses: SebRollen/toml-action@v1.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: SebRollen/toml-action@b1b3628f55fc3a28208d4203ada8b737e9687876 # v1.2.0 id: msrv with: file: "Cargo.toml" @@ -632,7 +632,7 @@ jobs: run: rustup default ${{ steps.msrv.outputs.value }} - name: "Install mold" uses: rui314/setup-mold@v1 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - run: cargo +${{ steps.msrv.outputs.value }} build - run: ./target/debug/uv --version @@ -644,8 +644,8 @@ jobs: name: "build binary | freebsd" steps: - - uses: actions/checkout@v4 - - uses: Swatinem/rust-cache@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Cross build" run: | # Install cross from `freebsd-firecracker` @@ -656,7 +656,7 @@ jobs: cross build --target x86_64-unknown-freebsd - name: Test in Firecracker VM - uses: acj/freebsd-firecracker-action@v0.3.0 + uses: acj/freebsd-firecracker-action@4d93174d9eea32cd2b2650f964af69f8c72eaff2 # v0.3.0 with: verbose: false checkout: false @@ -707,11 +707,11 @@ jobs: python: "3.12" fail-fast: false steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: ${{ matrix.repo }} - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: ${{ matrix.python }} @@ -765,7 +765,7 @@ jobs: runs-on: ubuntu-latest container: alpine:latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Download binary" uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 @@ -861,8 +861,8 @@ jobs: name: "integration test | conda on ubuntu" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: conda-incubator/setup-miniconda@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: conda-incubator/setup-miniconda@505e6394dae86d6a5c7fbb6e3fb8938e3e863830 # v3 with: miniconda-version: latest activate-environment: uv @@ -1032,7 +1032,7 @@ jobs: name: "integration test | pypy on ubuntu" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Download binary" uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 @@ -1156,9 +1156,9 @@ jobs: name: "integration test | graalpy on ubuntu" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "graalpy24.1" @@ -1285,7 +1285,7 @@ jobs: name: "integration test | github actions" runs-on: ubuntu-latest steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "3.12.7" @@ -1348,7 +1348,7 @@ jobs: # Only the main repository is a trusted publisher if: github.repository == 'astral-sh/uv' && !contains(github.event.pull_request.labels.*.name, 'no-test') steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 @@ -1389,11 +1389,11 @@ jobs: # For trusted publishing id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "${{ env.PYTHON_VERSION }}" @@ -1431,9 +1431,9 @@ jobs: name: "integration test | uv_build" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "${{ env.PYTHON_VERSION }}" @@ -1479,9 +1479,9 @@ jobs: name: "check cache | ubuntu" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "3.12" @@ -1505,7 +1505,7 @@ jobs: name: "check cache | macos aarch64" runs-on: macos-14 # github-macos-14-aarch64-3 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Download binary" uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 @@ -1528,7 +1528,7 @@ jobs: runs-on: ubuntu-latest container: debian:bookworm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install Python" run: apt-get update && apt-get install -y python3.11 python3-pip python3.11-venv @@ -1554,7 +1554,7 @@ jobs: runs-on: ubuntu-latest container: fedora:42 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install Python" run: dnf install python3 which -y && python3 -m ensurepip @@ -1579,9 +1579,9 @@ jobs: name: "check system | python on ubuntu" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "3.12" @@ -1606,7 +1606,7 @@ jobs: runs-on: ubuntu-latest container: opensuse/tumbleweed steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install Python" run: > @@ -1646,7 +1646,7 @@ jobs: matrix: rocky-version: ["8", "9"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install Python" if: matrix.rocky-version == '8' @@ -1678,9 +1678,9 @@ jobs: name: "check system | pypy on ubuntu" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "pypy3.9" @@ -1705,7 +1705,7 @@ jobs: runs-on: ubuntu-latest container: pyston/pyston:2.3.5 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Download binary" uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 @@ -1728,7 +1728,7 @@ jobs: runs-on: ubuntu-latest container: alpine:latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install Python" run: apk add --update --no-cache python3 py3-pip @@ -1753,7 +1753,7 @@ jobs: name: "check system | python on macos aarch64" runs-on: macos-14 # github-macos-14-aarch64-3 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Download binary" uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 @@ -1777,7 +1777,7 @@ jobs: name: "check system | homebrew python on macos aarch64" runs-on: macos-14 # github-macos-14-aarch64-3 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install Python" run: brew install python3 @@ -1802,11 +1802,11 @@ jobs: name: "check system | python on macos x86-64" runs-on: macos-13 # github-macos-13-x86_64-4 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 # We test with GitHub's Python as a regression test for # https://github.com/astral-sh/uv/issues/2450 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 - name: "Download binary" uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 @@ -1828,9 +1828,9 @@ jobs: name: "check system | python3.10 on windows x86-64" runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "3.10" @@ -1851,9 +1851,9 @@ jobs: name: "check system | python3.10 on windows x86" runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "3.10" architecture: "x86" @@ -1875,9 +1875,9 @@ jobs: name: "check system | python3.13 on windows x86-64" runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "3.13" allow-prereleases: true @@ -1899,9 +1899,9 @@ jobs: name: "check system | x86-64 python3.13 on windows aarch64" runs-on: github-windows-11-aarch64-4 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: "3.13" architecture: "x64" @@ -1922,7 +1922,7 @@ jobs: name: "check system | windows registry" runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Download binary" uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 @@ -1939,7 +1939,7 @@ jobs: name: "check system | python3.12 via chocolatey" runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install Python" run: choco install python3 --verbose --version=3.9.13 @@ -1961,7 +1961,7 @@ jobs: name: "check system | python3.9 via pyenv" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install pyenv" run: | @@ -2002,9 +2002,9 @@ jobs: name: "check system | python3.13" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: 3.13 allow-prereleases: true @@ -2058,9 +2058,9 @@ jobs: arch: "aarch64", } steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: conda-incubator/setup-miniconda@v3 + - uses: conda-incubator/setup-miniconda@505e6394dae86d6a5c7fbb6e3fb8938e3e863830 # v3 with: miniconda-version: "latest" activate-environment: uv @@ -2102,7 +2102,7 @@ jobs: run: | # Needed for `actions/checkout` yum install tar gzip which -y - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Install Python" run: yum install python3 python3-pip -y @@ -2126,7 +2126,7 @@ jobs: name: "check system | embedded python3.10 on windows x86-64" runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Download binary" uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 @@ -2159,15 +2159,15 @@ jobs: timeout-minutes: 20 steps: - name: "Checkout Branch" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 - name: "Install Rust toolchain" run: rustup show - name: "Install codspeed" - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@2153a01222995861497cc6c0c3b5a402b1461724 # v2 with: tool: cargo-codspeed @@ -2183,7 +2183,7 @@ jobs: run: cargo codspeed build --profile profiling --features "codspeed,performance" -p uv-bench - name: "Run benchmarks" - uses: CodSpeedHQ/action@v3 + uses: CodSpeedHQ/action@0010eb0ca6e89b80c88e8edaaa07cfe5f3e6664d # v3 with: run: cargo codspeed run token: ${{ secrets.CODSPEED_TOKEN }} diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 5a8993a7a..2229aca70 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -23,12 +23,12 @@ jobs: env: MKDOCS_INSIDERS_SSH_KEY_EXISTS: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY != '' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ inputs.ref }} fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: 3.12 @@ -62,7 +62,7 @@ jobs: - name: "Add SSH key" if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }} - uses: webfactory/ssh-agent@v0.9.0 + uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 with: ssh-private-key: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY }} diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 43b14a98d..a2fd68cf6 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -22,7 +22,7 @@ jobs: id-token: write steps: - name: "Install uv" - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 with: pattern: wheels_uv-* @@ -41,7 +41,7 @@ jobs: id-token: write steps: - name: "Install uv" - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 with: pattern: wheels_uv_build-* diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 77bd33e48..16a9a9766 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -59,7 +59,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive - name: Install dist @@ -123,7 +123,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive - name: Install cached dist @@ -173,7 +173,7 @@ jobs: outputs: val: ${{ steps.host.outputs.manifest }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive - name: Install cached dist @@ -232,7 +232,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: submodules: recursive # Create a GitHub Release while uploading all files to it diff --git a/.github/workflows/sync-python-releases.yml b/.github/workflows/sync-python-releases.yml index aa9202764..67beff624 100644 --- a/.github/workflows/sync-python-releases.yml +++ b/.github/workflows/sync-python-releases.yml @@ -16,8 +16,8 @@ jobs: if: github.repository == 'astral-sh/uv' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5 with: version: "latest" enable-cache: true @@ -30,7 +30,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Create Pull Request" - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 with: commit-message: "Sync latest Python releases" add-paths: |