Skip to content

Commit

Permalink
Merge pull request #2614 from theupdateframework/dependabot/github_ac…
Browse files Browse the repository at this point in the history 
…tions/action-dependencies-fbc4b1338b

build(deps): bump the action-dependencies group with 3 updates
  • Loading branch information
@jku
jku committed Apr 23, 2024
2 parents 8cfb484 + 0e5833a commit ffc1c3f
Show file tree
Hide file tree
Showing 7 changed files with 11 additions and 11 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/_test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:

steps:
- name: Checkout TUF
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

- name: Set up Python (oldest supported version)
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
Expand Down Expand Up @@ -43,7 +43,7 @@ jobs:

steps:
- name: Checkout TUF
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/_test_sslib_main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:

steps:
- name: Checkout TUF
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

- name: Set up Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
needs: test
steps:
- name: Checkout release tag
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
ref: ${{ github.event.workflow_run.head_branch }}

Expand All @@ -34,7 +34,7 @@ jobs:
run: PIP_CONSTRAINT=requirements/build.txt python3 -m build --sdist --wheel --outdir dist/ .

- name: Store build artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
# NOTE: The GitHub release page contains the release artifacts too, but using
# GitHub upload/download actions seems robuster: there is no need to compute
# download URLs and tampering with artifacts between jobs is more limited.
Expand All @@ -52,7 +52,7 @@ jobs:
release_id: ${{ steps.gh-release.outputs.result }}
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
with:
name: build-artifacts
path: dist
Expand Down Expand Up @@ -92,7 +92,7 @@ jobs:
id-token: write # to authenticate as Trusted Publisher to pypi.org
steps:
- name: Fetch build artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
with:
name: build-artifacts
path: dist
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

- name: Initialize CodeQL
uses: github/codeql-action/init@v3 # unpinned since this is not security critical
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dependency-review.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v4 # unpinned since this is not security critical
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

- name: "Run analysis"
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/specification-version-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
outputs:
version: ${{ steps.get-version.outputs.version }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.x"
Expand Down

0 comments on commit ffc1c3f

Please sign in to comment.