Skip to content

Commit 702a15e

Browse files
paulinebmpaulinebm
authored
πŸ”’ Pin GitHub Actions to commit SHAs (#336)
1 parent b263af4 commit 702a15e

File tree

4 files changed

+11
-11
lines changed

4 files changed

+11
-11
lines changed

β€Ž.github/workflows/images.yamlβ€Ž

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -52,28 +52,28 @@ jobs:
5252

5353
steps:
5454
- name: Free Disk Space
55-
uses: jlumbroso/free-disk-space@main
55+
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # main
5656
with:
5757
tool-cache: true
5858

5959
- name: Checkout code
60-
uses: actions/checkout@v4
60+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6161

6262
- name: Set up Docker Buildx
63-
uses: docker/setup-buildx-action@v3
63+
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
6464
with:
6565
buildkitd-flags: --debug
6666

6767
- name: Login to GitHub Container Registry
68-
uses: docker/login-action@v3
68+
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
6969
with:
7070
registry: ghcr.io
7171
username: ${{ github.actor }}
7272
password: ${{ secrets.GITHUB_TOKEN }}
7373

7474
- name: Extract metadata (tags, labels) for Docker images
7575
id: meta
76-
uses: docker/metadata-action@v5
76+
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
7777
with:
7878
flavor: |
7979
latest=false
@@ -84,7 +84,7 @@ jobs:
8484
type=raw,value=sha-${{ github.sha }}-${{ matrix.image_flavor }}
8585
8686
- name: Build and push Docker images
87-
uses: docker/build-push-action@v5
87+
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
8888
id: push
8989
with:
9090
context: .

β€Ž.github/workflows/quality.yamlβ€Ž

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,10 @@ jobs:
2121

2222
steps:
2323
- name: Checkout
24-
uses: actions/checkout@v4
24+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2525

2626
- name: Install uv
27-
uses: astral-sh/setup-uv@v6
27+
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
2828
with:
2929
enable-cache: true
3030

β€Ž.github/workflows/security.ymlβ€Ž

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,10 @@ jobs:
2828
PR_COMMITS: ${{ github.event.pull_request.commits }}
2929

3030
- name: Checkout code
31-
uses: actions/checkout@v4
31+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3232
with:
3333
ref: ${{env.branch}}
3434
fetch-depth: ${{env.depth}}
3535

3636
- name: Scan for secrets
37-
uses: trufflesecurity/trufflehog@main
37+
uses: trufflesecurity/trufflehog@6bd2d14f7a4bc1e569fa3550efa7ec632a4fa67b # main

β€Ž.github/workflows/test_api_rocm.yamlβ€Ž

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ jobs:
2929
contains( github.event.pull_request.labels.*.name, 'api_rocm')
3030
}}
3131

32-
uses: huggingface/hf-workflows/.github/workflows/optimum_benchmark_instinct_ci.yaml@testing
32+
uses: huggingface/hf-workflows/.github/workflows/optimum_benchmark_instinct_ci.yaml@4c2159877665785d8581195f590c98afc98966fd # testing
3333
with:
3434
test_file: test_api.py
3535
machine_type: single-gpu

0 commit comments

Comments
Β (0)