diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index e0e07c92..69129c4d 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -71,7 +71,7 @@ jobs: # Only smoke-tested images ever reach the registry. - name: Login to ghcr.io if: github.event_name == 'push' && github.ref == 'refs/heads/main' - uses: docker/login-action@v3 # Renovate pins to digest + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 # Renovate pins to digest with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 4e747069..66e1070b 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -38,7 +38,7 @@ jobs: steps: - uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6 - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.x - run: pip install zensical diff --git a/.github/workflows/e2e-hub.yml b/.github/workflows/e2e-hub.yml index 5c0ef867..0e2c9afd 100644 --- a/.github/workflows/e2e-hub.yml +++ b/.github/workflows/e2e-hub.yml @@ -42,11 +42,11 @@ jobs: enable-cache: true cache-dependency-glob: tests/uv.lock - name: Install flux CLI - uses: fluxcd/flux2/action@b1b4438ae9ce7ade20a3d6e5aae25cef60be9c94 # main + uses: fluxcd/flux2/action@65d975b490d1284cd1f341d0980e38c84d3aa6a9 # main with: version: 2.5.1 - name: Create kind cluster - uses: helm/kind-action@v1.12.0 # Renovate pins to digest + uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0 # Renovate pins to digest with: cluster_name: af-e2e - name: Deploy hub stack diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d6908be3..08f71d9e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: "3.14" - name: Cache pre-commit environments diff --git a/.github/workflows/pixi-check.yml b/.github/workflows/pixi-check.yml index e62ae038..fabe2943 100644 --- a/.github/workflows/pixi-check.yml +++ b/.github/workflows/pixi-check.yml @@ -30,7 +30,7 @@ jobs: timeout-minutes: 45 steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - - uses: prefix-dev/setup-pixi@v0.9.0 # Renovate pins to digest + - uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6 # Renovate pins to digest with: pixi-version: v0.62.2 manifest-path: pixi/base/pixi.toml @@ -47,7 +47,7 @@ jobs: - name: Skip without lock file if: hashFiles('pixi/global/pixi.lock') == '' run: echo "pixi/global/pixi.lock not present — skipping" - - uses: prefix-dev/setup-pixi@v0.9.0 # Renovate pins to digest + - uses: prefix-dev/setup-pixi@5185adfbffb4bd703da3010310260805d89ebb11 # v0.9.6 # Renovate pins to digest if: hashFiles('pixi/global/pixi.lock') != '' with: pixi-version: v0.62.2 diff --git a/.github/workflows/validate-manifests.yml b/.github/workflows/validate-manifests.yml index c6865c11..0f1374aa 100644 --- a/.github/workflows/validate-manifests.yml +++ b/.github/workflows/validate-manifests.yml @@ -26,7 +26,7 @@ jobs: steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Install flux CLI - uses: fluxcd/flux2/action@b1b4438ae9ce7ade20a3d6e5aae25cef60be9c94 # main + uses: fluxcd/flux2/action@65d975b490d1284cd1f341d0980e38c84d3aa6a9 # main with: version: ${{ env.FLUX_VERSION }} - name: Install kubeconform