diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a6321adbef..6c9936701b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,11 +38,11 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@v6.0.3 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ inputs.ref }} persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dist.yml b/.github/workflows/dist.yml index 99fa5a9604..9a8b791c89 100644 --- a/.github/workflows/dist.yml +++ b/.github/workflows/dist.yml @@ -46,13 +46,13 @@ jobs: steps: - name: Checkout pymongo - uses: actions/checkout@v6.0.3 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 persist-credentials: false ref: ${{ inputs.ref }} - - uses: actions/setup-python@v6 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: cache: 'pip' python-version: 3.11 @@ -95,7 +95,7 @@ jobs: # Free-threading builds: ls wheelhouse/*cp314t*.whl - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: wheel-${{ matrix.buildplat[1] }} path: ./wheelhouse/*.whl @@ -105,13 +105,13 @@ jobs: name: Make SDist runs-on: macos-latest steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 persist-credentials: false ref: ${{ inputs.ref }} - - uses: actions/setup-python@v6 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: # Build sdist on lowest supported Python python-version: "3.9" @@ -128,7 +128,7 @@ jobs: cd .. python -c "from pymongo import has_c; assert has_c()" - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: "sdist" path: ./dist/*.tar.gz @@ -139,13 +139,13 @@ jobs: name: Download Wheels steps: - name: Download all workflow run artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 - name: Flatten directory working-directory: . run: | find . -mindepth 2 -type f -exec mv {} . \; find . -type d -empty -delete - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: all-dist-${{ github.run_id }} path: "./*" diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index fe831c14a4..a0359ee29a 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -75,7 +75,7 @@ jobs: id-token: write steps: - name: Download all the dists - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: all-dist-${{ github.run_id }} path: dist/ diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 3cb1c3d206..e282802937 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -29,12 +29,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6.0.3 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: "3.10" @@ -67,7 +67,7 @@ jobs: run: rm -rf .venv .venv-sbom sbom-requirements.txt - name: Upload SBOM artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: sbom path: sbom.json diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index ce2ba071ea..2801502c1a 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -22,7 +22,7 @@ jobs: static: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Install uv @@ -67,7 +67,7 @@ jobs: name: Python ${{ matrix.python-version }}-${{ matrix.os }} steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Install uv @@ -76,7 +76,7 @@ jobs: enable-cache: true python-version: ${{ matrix.python-version }} - id: setup-mongodb - uses: mongodb-labs/drivers-evergreen-tools@master + uses: mongodb-labs/drivers-evergreen-tools@da0f17351d74bd154b0ec15e92142ecf12e63d75 # master with: version: "${{ matrix.mongodb-version }}" - name: Run tests @@ -89,7 +89,7 @@ jobs: name: Coverage steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Install uv @@ -98,7 +98,7 @@ jobs: enable-cache: true python-version: "3.10" - id: setup-mongodb - uses: mongodb-labs/drivers-evergreen-tools@master + uses: mongodb-labs/drivers-evergreen-tools@da0f17351d74bd154b0ec15e92142ecf12e63d75 # master with: version: "8.0" - name: Install just @@ -117,7 +117,7 @@ jobs: runs-on: ubuntu-latest name: DocTest steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Install uv @@ -128,7 +128,7 @@ jobs: - name: Install just run: uv tool install rust-just - id: setup-mongodb - uses: mongodb-labs/drivers-evergreen-tools@master + uses: mongodb-labs/drivers-evergreen-tools@da0f17351d74bd154b0ec15e92142ecf12e63d75 # master with: version: "8.0" - name: Install dependencies @@ -142,7 +142,7 @@ jobs: name: Docs Checks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Install uv @@ -164,7 +164,7 @@ jobs: matrix: python: ["3.10", "3.11"] steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Install uv @@ -185,7 +185,7 @@ jobs: runs-on: ubuntu-latest name: Integration Tests steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Install uv @@ -199,12 +199,12 @@ jobs: run: | just install - id: setup-mongodb - uses: mongodb-labs/drivers-evergreen-tools@master + uses: mongodb-labs/drivers-evergreen-tools@da0f17351d74bd154b0ec15e92142ecf12e63d75 # master - name: Run tests run: | just integration-tests - id: setup-mongodb-ssl - uses: mongodb-labs/drivers-evergreen-tools@master + uses: mongodb-labs/drivers-evergreen-tools@da0f17351d74bd154b0ec15e92142ecf12e63d75 # master with: ssl: true - name: Run tests @@ -215,10 +215,10 @@ jobs: runs-on: ubuntu-latest name: "Make an sdist" steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: cache: 'pip' cache-dependency-path: 'pyproject.toml' @@ -229,7 +229,7 @@ jobs: run: | pip install build python -m build --sdist - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: "sdist" path: dist/*.tar.gz @@ -241,7 +241,7 @@ jobs: timeout-minutes: 20 steps: - name: Download sdist - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: path: sdist/ - name: Unpack SDist @@ -252,14 +252,14 @@ jobs: mkdir test tar --strip-components=1 -zxf *.tar.gz -C ./test ls test - - uses: actions/setup-python@v6 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: cache: 'pip' cache-dependency-path: 'sdist/test/pyproject.toml' # Test sdist on lowest supported Python python-version: "3.9" - id: setup-mongodb - uses: mongodb-labs/drivers-evergreen-tools@master + uses: mongodb-labs/drivers-evergreen-tools@da0f17351d74bd154b0ec15e92142ecf12e63d75 # master - name: Run connect test from sdist shell: bash run: | @@ -275,7 +275,7 @@ jobs: runs-on: ubuntu-latest name: Test minimum dependencies and Python steps: - - uses: actions/checkout@v6.0.3 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Install uv @@ -283,7 +283,7 @@ jobs: with: python-version: "3.9" - id: setup-mongodb - uses: mongodb-labs/drivers-evergreen-tools@master + uses: mongodb-labs/drivers-evergreen-tools@da0f17351d74bd154b0ec15e92142ecf12e63d75 # master with: version: "8.0" - name: Run tests diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 9e299ef1f9..8fef9a2aaa 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -14,7 +14,7 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v6.0.3 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Run zizmor 🌈