Skip to content

Commit 4051afc

Browse files
renovate[bot]renovate[bot]
authored
chore(deps): pin dependencies (#107)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent c13470b commit 4051afc

File tree

3 files changed

+19
-19
lines changed

3 files changed

+19
-19
lines changed

.github/workflows/ci.yml

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
runs-on: ${{ matrix.os }}
2323
steps:
2424
- name: Dump GitHub script context
25-
uses: actions/github-script@v7
25+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
2626
with:
2727
script: console.log(context)
2828

@@ -71,14 +71,14 @@ jobs:
7171
ENVIRONMENT: ci
7272
steps:
7373
- name: Checkout
74-
uses: actions/checkout@v4
74+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
7575

7676
- name: Set up UV
77-
uses: astral-sh/setup-uv@v5
77+
uses: astral-sh/setup-uv@4db96194c378173c656ce18a155ffc14a9fc4355 # v5
7878

7979
- name: Set up Python
8080
id: setup-python
81-
uses: actions/setup-python@v5
81+
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5
8282
with:
8383
python-version: ${{ matrix.python }}
8484

@@ -111,14 +111,14 @@ jobs:
111111

112112
steps:
113113
- name: Checkout
114-
uses: actions/checkout@v4
114+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
115115
with:
116116
sparse-checkout: |
117117
Dockerfile
118118
uv.lock
119119
120120
- name: Cache buildkit mounts
121-
uses: actions/cache@v4
121+
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
122122
with:
123123
path: |
124124
var-cache-apt
@@ -130,31 +130,31 @@ jobs:
130130
buildkit-mounts-${{ runner.os }}
131131
132132
- name: Inject var-cache-apt into docker
133-
uses: reproducible-containers/buildkit-cache-dance@v3
133+
uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de # v3
134134
with:
135135
cache-source: var-cache-apt
136136
cache-target: /var/cache/apt
137137

138138
- name: Inject root-cache-pip into docker
139-
uses: reproducible-containers/buildkit-cache-dance@v3
139+
uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de # v3
140140
with:
141141
cache-source: root-cache-pip
142142
cache-target: /root/.cache/pip
143143

144144
- name: Inject root-cache-uv into docker
145-
uses: reproducible-containers/buildkit-cache-dance@v3
145+
uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de # v3
146146
with:
147147
cache-source: root-cache-uv
148148
cache-target: /root/.cache/uv
149149

150150
- name: Set up Docker Buildx
151-
uses: docker/setup-buildx-action@v3
151+
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3
152152

153153
- name: Build CI image
154154
id: build-ci
155155
env:
156156
ENVIRONMENT: ci
157-
uses: docker/build-push-action@v6
157+
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6
158158
with:
159159
target: ${{ env.ENVIRONMENT }}
160160
cache-from: |
@@ -167,13 +167,13 @@ jobs:
167167

168168
- name: Docker metadata
169169
id: docker_metadata
170-
uses: docker/metadata-action@v5
170+
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
171171
with:
172172
images: ${{ env.GHCR_IMAGE_NAME }}
173173

174174
- name: Login to GHCR
175175
if: ${{ github.event_name != 'pull_request' }}
176-
uses: docker/login-action@v3
176+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
177177
with:
178178
registry: ghcr.io
179179
username: ${{ github.repository_owner }}
@@ -183,7 +183,7 @@ jobs:
183183
if: ${{ github.event_name != 'pull_request' }}
184184
env:
185185
ENVIRONMENT: dev
186-
uses: docker/build-push-action@v6
186+
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6
187187
with:
188188
target: ${{ env.ENVIRONMENT }}
189189
cache-from: |
@@ -197,7 +197,7 @@ jobs:
197197
if: ${{ github.event_name != 'pull_request' }}
198198
env:
199199
ENVIRONMENT: prod
200-
uses: docker/build-push-action@v6
200+
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6
201201
with:
202202
cache-from: |
203203
${{ env.GHCR_IMAGE_NAME }}:dev

.github/workflows/pr.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
runs-on: ubuntu-latest
1818
steps:
1919
- name: semantic-pull-request
20-
uses: amannn/action-semantic-pull-request@v5
20+
uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5
2121
env:
2222
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2323

@@ -29,7 +29,7 @@ jobs:
2929
runs-on: ubuntu-latest
3030
steps:
3131
- name: labeler
32-
uses: actions/labeler@v5
32+
uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
3333

3434
size-labeler:
3535
name: label size
@@ -39,7 +39,7 @@ jobs:
3939
runs-on: ubuntu-latest
4040
steps:
4141
- name: size-label
42-
uses: pascalgn/[email protected]
42+
uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5
4343
env:
4444
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4545
IGNORED: |

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ ARG PIP_DISABLE_PIP_VERSION_CHECK=1 \
4141
UV_NO_CACHE=1
4242

4343
# set up python
44-
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
44+
COPY --from=ghcr.io/astral-sh/uv:latest@sha256:88d7b48fc9f17462c82b5482e497af250d337f3f14e1ac97c16e68eba49b651e /uv /uvx /bin/
4545
COPY --chown=${USER}:${USER} pyproject.toml uv.lock ./
4646
RUN --mount=type=cache,target=/root/.cache/uv \
4747
uv venv --seed ${VIRTUAL_ENV} && \

0 commit comments

Comments
 (0)