diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0b9e31bfc7e..5f5a81135d4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -29,16 +29,16 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 diff --git a/.github/workflows/darker.yaml b/.github/workflows/darker.yaml index 201d16283fb..cb614a91937 100644 --- a/.github/workflows/darker.yaml +++ b/.github/workflows/darker.yaml @@ -19,13 +19,13 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: "3.11" - - uses: akaihola/darker@1.7.2 + - uses: akaihola/darker@ddcd430663c3a980ceb408ee05b7c90ba875d71b # 1.7.2 with: options: "--check --diff" src: "./src/qcodes" diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 039242993e6..cd72d030f16 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -52,8 +52,7 @@ jobs: uses: step-security/harden-runner@v2 with: egress-policy: audit - - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: # we need full history with tags for the version number fetch-depth: '0' @@ -67,7 +66,7 @@ jobs: sudo apt install pandoc if: runner.os == 'Linux' - name: Install pandoc on windows - uses: Wandalen/wretry.action@v1.3.0 + uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0 with: action: crazy-max/ghaction-chocolatey@v1.6.0 with: | @@ -76,7 +75,7 @@ jobs: attempt_delay: 1000 if: runner.os == 'Windows' - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: ${{ matrix.python-version }} cache: 'pip' @@ -102,12 +101,12 @@ jobs: ./make.bat html if: runner.os == 'Windows' - name: Upload build docs - uses: actions/upload-artifact@v4.2.0 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 with: name: docs_${{ matrix.python-version }}_${{ matrix.os }} path: ${{ github.workspace }}/docs/_build/html - name: Deploy to gh pages - uses: JamesIves/github-pages-deploy-action@v4.5.0 + uses: JamesIves/github-pages-deploy-action@65b5dfd4f5bcd3a7403bbc2959c144256167464e # v4.5.0 with: branch: gh-pages folder: ${{ github.workspace }}/docs/_build/html diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 71c53136428..d8a6af3dfd1 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -14,11 +14,12 @@ jobs: pre-commit: runs-on: ubuntu-latest steps: + - name: Harden Runner uses: step-security/harden-runner@v2 with: egress-policy: audit - - uses: actions/checkout@v4.1.1 - - uses: actions/setup-python@v5 - - uses: pre-commit/action@v3.0.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # v3.0.0 diff --git a/.github/workflows/pytest.yaml b/.github/workflows/pytest.yaml index 7f5bcea52cf..3f85f2f26cc 100644 --- a/.github/workflows/pytest.yaml +++ b/.github/workflows/pytest.yaml @@ -48,18 +48,19 @@ jobs: PYTHON: ${{ matrix.python-version }} steps: + - name: Harden Runner uses: step-security/harden-runner@v2 with: egress-policy: audit - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: true # we need full history with tags for the version number fetch-depth: '0' - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: ${{ matrix.python-version }} cache: 'pip' @@ -83,7 +84,7 @@ jobs: run: | pip install .[test] -c requirements.txt if: ${{ !matrix.min-version }} - - uses: jakebailey/pyright-action@v2.0.1 + - uses: jakebailey/pyright-action@03ab3c98073356eb56161009632b39fc2666321b # v2.0.1 with: version: 1.1.339 if: ${{ !matrix.min-version }} @@ -98,7 +99,7 @@ jobs: run: | pytest -m "serial" -n 0 --dist no --cov=qcodes --cov-report xml --cov-append --hypothesis-profile ci tests - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3.1.4 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: file: ./coverage.xml env_vars: OS,PYTHON diff --git a/.github/workflows/upload_to_pypi.yaml b/.github/workflows/upload_to_pypi.yaml index 6731c34154f..40bd2ca437e 100644 --- a/.github/workflows/upload_to_pypi.yaml +++ b/.github/workflows/upload_to_pypi.yaml @@ -21,9 +21,9 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: '3.10' - name: Install build deps @@ -34,4 +34,4 @@ jobs: - name: Install Twine run: pip install twine - name: Publish to pypi - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # release/v1