Mercurial > p > roundup > code
diff .github/workflows/ci-test.yml @ 7148:cc49ac11850f
Pin actions by using hashes removing tags like @v2. or @master
Now that actions are being scanned by dependabot, this is easier to
keep up with.
This also clears multiple security issues flagged by ossf-scorecard.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 16 Feb 2023 20:12:55 -0500 |
| parents | 890b55c374a3 |
| children | 5cbe5f2a636b |
line wrap: on
line diff
--- a/.github/workflows/ci-test.yml Wed Feb 15 18:50:53 2023 -0500 +++ b/.github/workflows/ci-test.yml Thu Feb 16 20:12:55 2023 -0500 @@ -90,11 +90,11 @@ # if: {{ false }} # continue running if step fails # continue-on-error: true - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 # Setup version of Python to use - name: Set Up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 with: python-version: ${{ matrix.python-version }} cache: 'pip' @@ -223,7 +223,7 @@ - name: Upload coverage to Codecov # see: https://github.com/codecov/codecov-action#usage - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1 with: verbose: true token: ${{ secrets.CODECOV_TOKEN }} @@ -231,7 +231,7 @@ - name: Upload coverage to Coveralls # python 2.7 and 3.6 versions of coverage can't produce lcov files. if: matrix.python-version != '2.7' && matrix.python-version != '3.6' - uses: coverallsapp/github-action@master + uses: coverallsapp/github-action@3284643be2c47fb6432518ecec17f1255e8a06a6 # master with: github-token: ${{ secrets.GITHUB_TOKEN }} path-to-lcov: coverage.lcov @@ -264,7 +264,7 @@ runs-on: ubuntu-latest steps: - name: Coveralls Finished - uses: coverallsapp/github-action@master + uses: coverallsapp/github-action@3284643be2c47fb6432518ecec17f1255e8a06a6 # master with: github-token: ${{ secrets.github_token }} parallel-finished: true