Merge pull request #2614 from theupdateframework/dependabot/github_actions/action-dependencies-fbc4b1338b

build(deps): bump the action-dependencies group with 3 updates
This commit is contained in:
Jussi Kukkonen 2024-04-23 10:59:17 +03:00 committed by GitHub
commit ffc1c3f41f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 11 additions and 11 deletions

View file

@ -11,7 +11,7 @@ jobs:
steps:
- name: Checkout TUF
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Set up Python (oldest supported version)
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
@ -43,7 +43,7 @@ jobs:
steps:
- name: Checkout TUF
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0

View file

@ -11,7 +11,7 @@ jobs:
steps:
- name: Checkout TUF
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Set up Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0

View file

@ -18,7 +18,7 @@ jobs:
needs: test
steps:
- name: Checkout release tag
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
ref: ${{ github.event.workflow_run.head_branch }}
@ -34,7 +34,7 @@ jobs:
run: PIP_CONSTRAINT=requirements/build.txt python3 -m build --sdist --wheel --outdir dist/ .
- name: Store build artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
# NOTE: The GitHub release page contains the release artifacts too, but using
# GitHub upload/download actions seems robuster: there is no need to compute
# download URLs and tampering with artifacts between jobs is more limited.
@ -52,7 +52,7 @@ jobs:
release_id: ${{ steps.gh-release.outputs.result }}
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
with:
name: build-artifacts
path: dist
@ -92,7 +92,7 @@ jobs:
id-token: write # to authenticate as Trusted Publisher to pypi.org
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
with:
name: build-artifacts
path: dist

View file

@ -23,7 +23,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Initialize CodeQL
uses: github/codeql-action/init@v3 # unpinned since this is not security critical

View file

@ -16,6 +16,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v4 # unpinned since this is not security critical

View file

@ -22,7 +22,7 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: "Run analysis"
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1

View file

@ -14,7 +14,7 @@ jobs:
outputs:
version: ${{ steps.get-version.outputs.version }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.x"