From e9c888761597a334fa17485aadda75744c5373fe Mon Sep 17 00:00:00 2001 From: Alex Wang Date: Wed, 1 Apr 2026 16:03:56 -0700 Subject: [PATCH] chore: pin 3rd action commit SHA --- .github/workflows/ci.yml | 6 ++++-- .github/workflows/deploy-examples.yml | 2 +- .github/workflows/notify_slack.yml | 4 ++-- .github/workflows/pypi-publish.yml | 2 +- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3801774..e099009f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,13 +29,15 @@ jobs: - name: Install Hatch run: | python -m pip install hatch==1.16.5 - - uses: webfactory/ssh-agent@v0.9.1 + - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 with: ssh-private-key: ${{ secrets.SDK_KEY }} - name: Check for Python Language SDK branch override in PR if: github.event_name == 'pull_request' + env: + PR_BODY: ${{ github.event.pull_request.body }} run: | - OVERRIDE=$(echo "${{ github.event.pull_request.body }}" | grep -o 'PYTHON_LANGUAGE_SDK_BRANCH: [^[:space:]]*' | cut -d' ' -f2 || true) + OVERRIDE=$(echo "$PR_BODY" | grep -o 'PYTHON_LANGUAGE_SDK_BRANCH: [^[:space:]]*' | cut -d' ' -f2 || true) if [ ! -z "$OVERRIDE" ]; then echo "AWS_DURABLE_SDK_URL=git+ssh://git@github.com/aws/aws-durable-execution-sdk-python.git@$OVERRIDE" >> $GITHUB_ENV echo "Using Python Language SDK branch override: $OVERRIDE" diff --git a/.github/workflows/deploy-examples.yml b/.github/workflows/deploy-examples.yml index 754fb01c..1b2f021c 100644 --- a/.github/workflows/deploy-examples.yml +++ b/.github/workflows/deploy-examples.yml @@ -43,7 +43,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup SSH Agent - uses: webfactory/ssh-agent@v0.9.0 + uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 with: ssh-private-key: ${{ secrets.SDK_KEY }} diff --git a/.github/workflows/notify_slack.yml b/.github/workflows/notify_slack.yml index 2a8078ee..d19427b2 100644 --- a/.github/workflows/notify_slack.yml +++ b/.github/workflows/notify_slack.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Send issue notification to Slack if: github.event_name == 'issues' - uses: slackapi/slack-github-action@v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: webhook: ${{ secrets.SLACK_WEBHOOK_URL_ISSUE }} webhook-type: incoming-webhook @@ -27,7 +27,7 @@ jobs: - name: Send pull request notification to Slack if: github.event_name == 'pull_request_target' - uses: slackapi/slack-github-action@v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: webhook: ${{ secrets.SLACK_WEBHOOK_URL_PR }} webhook-type: incoming-webhook diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index e71c51d8..78d3616b 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -66,6 +66,6 @@ jobs: path: dist/ - name: Publish release distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: packages-dir: dist/