Skip to content

Commit a32e368

Browse files
committed
ci: pin GitHub Actions to full commit SHAs to prevent supply-chain attacks
1 parent d2956ff commit a32e368

2 files changed

Lines changed: 4 additions & 4 deletions

File tree

.github/workflows/ci.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,8 @@ jobs:
2828
shell: bash
2929

3030
steps:
31-
- uses: actions/checkout@v4
32-
- uses: astral-sh/setup-uv@v5
31+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
32+
- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
3333
with:
3434
enable-cache: true
3535

.github/workflows/release.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ jobs:
1111
name: "Publish to PyPI"
1212

1313
steps:
14-
- uses: actions/checkout@v3
15-
- uses: actions/setup-python@v3
14+
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
15+
- uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3
1616
with:
1717
python-version: "3.10"
1818
- name: Install pypa/build

0 commit comments

Comments
 (0)