diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index da883df..3369668 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -12,9 +12,11 @@ jobs: Lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: wistia/parse-tool-versions@v1.0 - - uses: actions/setup-python@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: wistia/parse-tool-versions@32f568a4ffd4bfa7720ebf93f171597d1ebc979a # v2.1.1 + with: + postfix: _TOOL_VERSION + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ env.PYTHON_TOOL_VERSION }} - name: Linting @@ -29,13 +31,16 @@ jobs: matrix: python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"] steps: - - uses: actions/checkout@v4 - - uses: wistia/parse-tool-versions@v1.0 - - uses: extractions/setup-just@v1 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: wistia/parse-tool-versions@32f568a4ffd4bfa7720ebf93f171597d1ebc979a # v2.1.1 + with: + postfix: _TOOL_VERSION + - uses: extractions/setup-crate@4993624604c307fbca528d28a3c8b60fa5ecc859 # v1.4.0 with: - just-version: ${{ env.JUST_TOOL_VERSION }} + repo: casey/just + version: ${{ env.JUST_TOOL_VERSION }} - name: Install uv - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3 with: version: ${{ env.UV_TOOL_VERSION }} activate-environment: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 14d74ac..0ff49b2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,13 +7,16 @@ jobs: name: Build distribution runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: wistia/parse-tool-versions@v1.0 - - uses: extractions/setup-just@v1 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: wistia/parse-tool-versions@32f568a4ffd4bfa7720ebf93f171597d1ebc979a # v2.1.1 with: - just-version: ${{ env.JUST_TOOL_VERSION }} + postfix: _TOOL_VERSION + - uses: extractions/setup-crate@4993624604c307fbca528d28a3c8b60fa5ecc859 # v1.4.0 + with: + repo: casey/just + version: ${{ env.JUST_TOOL_VERSION }} - name: Install uv - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3 with: version: ${{ env.UV_TOOL_VERSION }} activate-environment: true @@ -26,7 +29,7 @@ jobs: run: uv build - name: Store the distribution packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: python-package-distributions path: dist/ @@ -45,7 +48,7 @@ jobs: id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download all the dists - uses: actions/download-artifact@v4 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: python-package-distributions path: dist/ @@ -68,12 +71,12 @@ jobs: id-token: write # IMPORTANT: mandatory for sigstore steps: - name: Download all the dists - uses: actions/download-artifact@v4 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: python-package-distributions path: dist/ - name: Sign the dists with Sigstore - uses: sigstore/gh-action-sigstore-python@v3.0.0 + uses: sigstore/gh-action-sigstore-python@f832326173235dcb00dd5d92cd3f353de3188e6c # v3.1.0 with: inputs: >- ./dist/*.tar.gz diff --git a/uv.lock b/uv.lock index 9b82f41..7d4617a 100644 --- a/uv.lock +++ b/uv.lock @@ -1562,7 +1562,7 @@ wheels = [ [[package]] name = "stacklet-client-platform" -version = "0.1.6" +version = "2025.11.0" source = { editable = "." } dependencies = [ { name = "boto3" },