Skip to content

Commit 2f73235

Browse files
shihTianlu Shi
shih
and
Tianlu Shi
authored
Pin 3rd party actions to commit sha (#15)
Co-authored-by: Tianlu Shi <[email protected]>
1 parent 528b7aa commit 2f73235

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

.github/workflows/leaked-secrets-scan.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ jobs:
99
with:
1010
fetch-depth: 0
1111
- name: TruffleHog OSS
12-
uses: trufflesecurity/trufflehog@main
12+
uses: trufflesecurity/trufflehog@1594fddf051a1a0e7e59d25c27bc20d39a27d349 # v3.44.0
1313
with:
1414
path: ./
1515
base: ${{ github.event.repository.default_branch }}

.github/workflows/release.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ jobs:
3434
- name: Detect and tag new version
3535
id: check-version
3636
if: steps.check-parent-commit.outputs.sha
37-
uses: salsify/action-detect-and-tag-new-version@v2
37+
uses: salsify/action-detect-and-tag-new-version@b1778166f13188a9d478e2d1198f993011ba9864 # v2.0.3
3838
with:
3939
version-command: |
4040
bash -o pipefail -c "poetry version | awk '{ print \$2 }'"
@@ -54,7 +54,7 @@ jobs:
5454
run: |
5555
poetry run pytest --cov=sns_extended_client test --cov-report term-missing
5656
- name: configure aws credentials
57-
uses: aws-actions/configure-aws-credentials@v2
57+
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
5858
with:
5959
role-to-assume: ${{ vars.OIDC_ROLE_NAME }}
6060
role-session-name: publishrolesession
@@ -71,14 +71,14 @@ jobs:
7171
echo "token=$(aws secretsmanager get-secret-value --secret-id ${{ vars.PYPI_TOKEN_NAME }} | jq -r '.SecretString')" >> $GITHUB_OUTPUT
7272
- name: Publish package on TestPyPI
7373
if: "! steps.check-version.outputs.tag"
74-
uses: pypa/gh-action-pypi-publish@release/v1
74+
uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # release/v1
7575
with:
7676
user: __token__
7777
password: ${{ steps.get-test-pypi-token.outputs.token }}
7878
repository_url: https://test.pypi.org/legacy/
7979
- name: Publish package on PyPI
8080
if: steps.check-version.outputs.tag
81-
uses: pypa/gh-action-pypi-publish@release/v1
81+
uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # release/v1
8282
with:
8383
user: __token__
8484
password: ${{ steps.get-pypi-token.outputs.token }}

0 commit comments

Comments
 (0)