From e3772c7082898fbb34dc1ce69ec88f876101c8be Mon Sep 17 00:00:00 2001 From: sumanth8495 Date: Sat, 2 Sep 2023 18:44:15 +0530 Subject: [PATCH] workflows: Includes version comments in GH action uses-lines Signed-off-by: sumanth8495 --- .github/workflows/_test.yml | 10 +++++----- .github/workflows/cd.yml | 16 ++++++++-------- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/dependency-review.yml | 4 ++-- .../maintainer-permissions-reminder.yml | 2 +- .github/workflows/scorecards.yml | 6 +++--- .../workflows/specification-version-check.yml | 6 +++--- 7 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/_test.yml b/.github/workflows/_test.yml index 8ccf79d1..2ae8d7d2 100644 --- a/.github/workflows/_test.yml +++ b/.github/workflows/_test.yml @@ -12,10 +12,10 @@ jobs: steps: - name: Checkout TUF - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.3.4 - name: Set up Python 3.x - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v2.3.4 with: python-version: 3.x cache: 'pip' @@ -56,10 +56,10 @@ jobs: steps: - name: Checkout TUF - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.3.4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v2.3.4 with: python-version: ${{ matrix.python-version }} cache: 'pip' @@ -101,7 +101,7 @@ jobs: run: touch requirements.txt - name: Set up Python - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 #v2.3.4 with: python-version: '3.x' cache: 'pip' diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 2637c09e..4821acf8 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -18,12 +18,12 @@ jobs: needs: test steps: - name: Checkout release tag - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.3.4 with: ref: ${{ github.event.workflow_run.head_branch }} - name: Set up Python - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v2.3.4 with: python-version: '3.x' @@ -34,7 +34,7 @@ jobs: run: python3 -m build --sdist --wheel --outdir dist/ . - name: Store build artifacts - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v2.3.4 # NOTE: The GitHub release page contains the release artifacts too, but using # GitHub upload/download actions seems robuster: there is no need to compute # download URLs and tampering with artifacts between jobs is more limited. @@ -52,14 +52,14 @@ jobs: release_id: ${{ steps.gh-release.outputs.result }} steps: - name: Fetch build artifacts - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v2.3.4 with: name: build-artifacts path: dist - id: gh-release name: Publish GitHub release draft - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v2.3.4 with: script: | fs = require('fs') @@ -92,7 +92,7 @@ jobs: id-token: write # to authenticate as Trusted Publisher to pypi.org steps: - name: Fetch build artifacts - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v2.3.4 with: name: build-artifacts path: dist @@ -100,10 +100,10 @@ jobs: - name: Publish binary wheel and source tarball on PyPI # Only attempt pypi upload in upstream repository if: github.repository == 'theupdateframework/python-tuf' - uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e + uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # v2.3.4 - name: Finalize GitHub release - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v2.3.4 with: script: | github.rest.repos.updateRelease({ diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2d8fb975..68b81d79 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -22,12 +22,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.3.4 - name: Initialize CodeQL - uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 + uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.3.4 with: languages: 'python' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 + uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.3.4 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 2753a097..82cdeefd 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,6 +15,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.3.4 - name: 'Dependency Review' - uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 + uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 # v2.3.4 diff --git a/.github/workflows/maintainer-permissions-reminder.yml b/.github/workflows/maintainer-permissions-reminder.yml index d1d09094..272767d2 100644 --- a/.github/workflows/maintainer-permissions-reminder.yml +++ b/.github/workflows/maintainer-permissions-reminder.yml @@ -13,7 +13,7 @@ jobs: name: File issue to review maintainer permissions runs-on: ubuntu-latest steps: - - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 + - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v2.3.4 with: script: | await github.rest.issues.create({ diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index fc4d12e5..9c69cb7f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -21,10 +21,10 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.3.4 - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.3.4 with: results_file: results.sarif # sarif format required by upload-sarif action @@ -34,6 +34,6 @@ jobs: publish_results: true - name: "Upload to code-scanning dashboard" - uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 + uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.3.4 with: sarif_file: results.sarif diff --git a/.github/workflows/specification-version-check.yml b/.github/workflows/specification-version-check.yml index 87fd2e69..a60f2f58 100644 --- a/.github/workflows/specification-version-check.yml +++ b/.github/workflows/specification-version-check.yml @@ -14,8 +14,8 @@ jobs: outputs: version: ${{ steps.get-version.outputs.version }} steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.3.4 + - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v2.3.4 with: python-version: "3.x" - id: get-version @@ -31,6 +31,6 @@ jobs: contents: read issues: write needs: get-supported-tuf-version - uses: theupdateframework/specification/.github/workflows/check-latest-spec-version.yml@master + uses: theupdateframework/specification/.github/workflows/check-latest-spec-version.yml@master # v2.3.4 with: tuf-version: ${{needs.get-supported-tuf-version.outputs.version}}