diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7afdeb76..37fc47f5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -107,7 +107,7 @@ jobs: matrix: ${{ steps.set-outputs.outputs.matrix }} upload_to_pypi: ${{ steps.set-upload.outputs.upload_to_pypi }} steps: - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.12' - run: python -m pip install PyYAML click @@ -151,7 +151,7 @@ jobs: echo "uname_m=$(uname -m)" >> "$GITHUB_OUTPUT" - name: Set up QEMU if: ${{ runner.os == 'Linux' && (matrix.CIBW_ARCHS != 'auto' && matrix.CIBW_ARCHS != steps.uname_m.outputs.uname_m) }} - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 with: platforms: all - name: Configure cibuildwheel @@ -173,7 +173,7 @@ jobs: echo "EOF" >> $GITHUB_ENV fi cat $GITHUB_ENV - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: ${{ inputs.env != '' }} with: python-version: '3.12' @@ -194,7 +194,7 @@ jobs: env: CIBW_BUILD: ${{ matrix.CIBW_BUILD }} CIBW_ARCHS: ${{ matrix.CIBW_ARCHS }} - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 if: | needs.targets.outputs.upload_to_pypi == 'true' || inputs.upload_to_anaconda with: @@ -208,7 +208,7 @@ jobs: runs-on: ${{ inputs.sdist-runs-on }} timeout-minutes: ${{ inputs.timeout-minutes }} steps: - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: ${{ inputs.env != '' }} with: python-version: '3.12' @@ -239,7 +239,7 @@ jobs: test_command: ${{ inputs.test_command }} pure_python_wheel: false python-version: '3.12' - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5 + - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.5 if: | needs.targets.outputs.upload_to_pypi == 'true' || inputs.upload_to_anaconda with: @@ -258,12 +258,12 @@ jobs: needs.build_wheels.result != 'failure' && needs.build_sdist.result != 'failure' steps: - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 with: pattern: dist-* path: dist merge-multiple: true - - uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 + - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 name: Upload to PyPI if: ${{ needs.targets.outputs.upload_to_pypi == 'true' }} with: diff --git a/.github/workflows/publish_pure_python.yml b/.github/workflows/publish_pure_python.yml index 4262985a..735044e5 100644 --- a/.github/workflows/publish_pure_python.yml +++ b/.github/workflows/publish_pure_python.yml @@ -91,7 +91,7 @@ jobs: runs-on: ${{ inputs.runs-on }} timeout-minutes: ${{ inputs.timeout-minutes }} steps: - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: ${{ inputs.env != '' }} with: python-version: '3.12' @@ -135,7 +135,7 @@ jobs: env: UPLOAD_TO_PYPI: ${{ inputs.upload_to_pypi }} UPLOAD_TAG: ${{ startsWith(inputs.upload_to_pypi, 'refs/tags/') && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || github.event_name == 'create') && startsWith(github.ref, inputs.upload_to_pypi) }} - - uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 + - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 name: Upload to PyPI if: ${{ steps.set-upload.outputs.upload_to_pypi == 'true' }} with: diff --git a/.github/workflows/test_tox.yml b/.github/workflows/test_tox.yml index 868baad6..73955eac 100644 --- a/.github/workflows/test_tox.yml +++ b/.github/workflows/test_tox.yml @@ -166,7 +166,7 @@ jobs: needs: [test_artifact_upload] runs-on: ubuntu-latest steps: - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 with: name: artifact-upload-(ubuntu-latest) path: . diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml index b44863ea..dc35cc6a 100644 --- a/.github/workflows/tox.yml +++ b/.github/workflows/tox.yml @@ -120,7 +120,7 @@ jobs: outputs: matrix: ${{ steps.set-outputs.outputs.matrix }} steps: - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.12' - run: python -m pip install PyYAML click packaging @@ -165,7 +165,7 @@ jobs: - name: Cache ${{ matrix.cache_key }} if: ${{ matrix.cache-path != '' && matrix.cache-key != '' }} - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 with: path: ${{ matrix.cache-path }} key: ${{ matrix.cache-key }} @@ -181,14 +181,14 @@ jobs: - name: Setup Python ${{ matrix.python_version }} if: ${{ matrix.conda != 'true' }} - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: ${{ matrix.python_version }} allow-prereleases: true - name: Setup conda if: ${{ matrix.conda == 'true' }} - uses: mamba-org/setup-micromamba@068f1ab4b37ed9b3d9f73da7db90a0cda0a48d29 # v2.0.3 + uses: mamba-org/setup-micromamba@0dea6379afdaffa5d528b3d1dabc45da37f443fc # v2.0.4 with: environment-name: test condarc: | @@ -214,7 +214,7 @@ jobs: - name: Setup headless display if: ${{ matrix.display == 'true' }} - uses: pyvista/setup-headless-display-action@83c78fd314fbe1ee77ec7d463ba61ddee6b16475 # v3 + uses: pyvista/setup-headless-display-action@52bda06d59c0fc422fc2512c9c670bf6b66616f8 # v3 - name: Install tox run: python -m pip install --upgrade tox ${{ matrix.toxdeps }} @@ -222,7 +222,7 @@ jobs: - run: python -m tox -e ${{ matrix.toxenv }} ${{ matrix.toxargs }} -- ${{ matrix.pytest_flag }} ${{ matrix.posargs }} - if: ${{ (success() || failure()) && matrix.artifact-path != '' }} - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: ${{ matrix.artifact-name }} path: ${{ matrix.artifact-path }} @@ -235,6 +235,6 @@ jobs: - name: Upload to Codecov # Even if tox fails, upload coverage if: ${{ (success() || failure()) && contains(matrix.coverage, 'codecov') && matrix.pytest == 'true' }} - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 with: token: ${{ secrets.CODECOV_TOKEN }}