diff options
| author | Roberto Bertó <463349+robertoberto@users.noreply.github.com> | 2026-05-19 06:14:08 +0000 |
|---|---|---|
| committer | Roberto Bertó <463349+robertoberto@users.noreply.github.com> | 2026-05-19 06:14:08 +0000 |
| commit | 6071528289e4a8b11a772433c33851136d30f133 (patch) | |
| tree | 25e03a160fb1dc05a27a9118a7a6f573f0ffd123 /.github/workflows/python-publish.yml | |
| parent | 4080faf81dcfe248394643cfce14112f3346b62f (diff) | |
| download | pyvyos-release/v0.4.0-cleanup.tar.gz pyvyos-release/v0.4.0-cleanup.zip | |
ci: pin actions by full commit SHArelease/v0.4.0-cleanup
Per OpenSSF Scorecard 'Pinned-Dependencies' guidance, third-party
GitHub Actions should be referenced by full commit SHA, not by tag.
Tags are mutable; a SHA is not.
Each pin keeps a '# vX.Y.Z' trailing comment so Dependabot can read
the current version and propose updates while still pinning by SHA.
- actions/checkout de0fac2 # v6.0.2
- actions/setup-python a309ff8 # v6.2.0
- astral-sh/setup-uv 0880764 # v8.1.0
- pypa/gh-action-pypi-publish cef2210 # v1.14.0
This commit does not change pyvyos HTTP payloads, request handling, or
response parsing.
Diffstat (limited to '.github/workflows/python-publish.yml')
| -rw-r--r-- | .github/workflows/python-publish.yml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 2ebf94e..9ab4867 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -19,10 +19,10 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python 3.13 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.13" @@ -35,7 +35,7 @@ jobs: run: uv build - name: Publish package - uses: pypa/gh-action-pypi-publish@v1.14.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} |
