diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index 720033bfe..df146e77b 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -17,11 +17,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: - python-version: "3.11" + python-version: "3.12" - name: Install dependencies run: | # We must explicitly install the requirements so that we can force @@ -44,7 +44,7 @@ jobs: run: python -m pytest -v tests/ - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: release path: dist/ @@ -54,18 +54,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Download artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: release path: dist/ - name: Publish package to TestPyPI if: ${{ inputs.upload_to_test }} - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1 with: repository_url: https://test.pypi.org/legacy/ password: ${{ secrets.TEST_PYPI_API_TOKEN }} - name: Publish package to PyPI if: ${{ !inputs.upload_to_test }} - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1 with: password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.github/workflows/run-pytest.yml b/.github/workflows/run-pytest.yml index 6f7247c1d..72a72f1e4 100644 --- a/.github/workflows/run-pytest.yml +++ b/.github/workflows/run-pytest.yml @@ -59,9 +59,9 @@ jobs: python: '3.12' dependencies: 'minimal' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python ${{ matrix.python }} - uses: actions/setup-python@v5 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: ${{ matrix.python }} - name: Install newest dependencies @@ -87,6 +87,6 @@ jobs: - name: Test with pytest run: | pytest --cov=signac --cov-config=pyproject.toml --cov-report=xml tests/ -v - - uses: codecov/codecov-action@v4 + - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: token: ${{ secrets.CODECOV_TOKEN }}