Skip to content

Commit 8901278

Browse files
stainless-app[bot]stainless-app[bot]
committed
ci: pin GitHub Actions to commit SHAs
Pin all GitHub Actions referenced in generated workflows (both first-party `actions/*` and third-party) to immutable commit SHAs. Updating pinned actions is now a deliberate codegen-side bump rather than implicit on every workflow run.
1 parent e336f57 commit 8901278

2 files changed

Lines changed: 9 additions & 9 deletions

File tree

.github/workflows/ci.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,10 @@ jobs:
2121
runs-on: ${{ github.repository == 'stainless-sdks/neptune-api-v2-python' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
2222
if: (github.event_name == 'push' || github.event.pull_request.head.repo.fork) && (github.event_name != 'push' || github.event.head_commit.message != 'codegen metadata')
2323
steps:
24-
- uses: actions/checkout@v6
24+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2525

2626
- name: Install uv
27-
uses: astral-sh/setup-uv@v5
27+
uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
2828
with:
2929
version: '0.10.2'
3030

@@ -43,10 +43,10 @@ jobs:
4343
id-token: write
4444
runs-on: ${{ github.repository == 'stainless-sdks/neptune-api-v2-python' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
4545
steps:
46-
- uses: actions/checkout@v6
46+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4747

4848
- name: Install uv
49-
uses: astral-sh/setup-uv@v5
49+
uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
5050
with:
5151
version: '0.10.2'
5252

@@ -61,7 +61,7 @@ jobs:
6161
github.repository == 'stainless-sdks/neptune-api-v2-python' &&
6262
!startsWith(github.ref, 'refs/heads/stl/')
6363
id: github-oidc
64-
uses: actions/github-script@v8
64+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
6565
with:
6666
script: core.setOutput('github_token', await core.getIDToken());
6767

@@ -81,10 +81,10 @@ jobs:
8181
runs-on: ${{ github.repository == 'stainless-sdks/neptune-api-v2-python' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
8282
if: github.event_name == 'push' || github.event.pull_request.head.repo.fork
8383
steps:
84-
- uses: actions/checkout@v6
84+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8585

8686
- name: Install uv
87-
uses: astral-sh/setup-uv@v5
87+
uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
8888
with:
8989
version: '0.10.2'
9090

.github/workflows/publish-pypi.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,10 @@ jobs:
1818
id-token: write
1919

2020
steps:
21-
- uses: actions/checkout@v6
21+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222

2323
- name: Install uv
24-
uses: astral-sh/setup-uv@v5
24+
uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
2525
with:
2626
version: '0.9.13'
2727

0 commit comments

Comments
 (0)