From c9afd1f2a5880c5e4c19cf0ead7609b84ee8f5d2 Mon Sep 17 00:00:00 2001 From: Tin Tvrtkovic Date: Sun, 18 Jan 2026 23:05:10 +0100 Subject: [PATCH 1/2] Pin CI references --- .github/workflows/codspeed.yml | 6 +----- .github/workflows/main.yml | 14 +++++++------- .github/workflows/pypi-package.yml | 12 ++++++------ .github/workflows/zizmor.yml | 4 ++-- 4 files changed, 16 insertions(+), 20 deletions(-) diff --git a/.github/workflows/codspeed.yml b/.github/workflows/codspeed.yml index dbb65f34..c1fce50f 100644 --- a/.github/workflows/codspeed.yml +++ b/.github/workflows/codspeed.yml @@ -25,14 +25,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - uses: actions/setup-python@v6.1.0 - with: - python-version: "3.14" - - uses: hynek/setup-cached-uv@757bedc3f972eb7227a1aa657651f15a8527c817 # v2.3.0 - name: Run CodSpeed benchmarks diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3b86e7fd..8b460e7d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,7 +20,7 @@ jobs: fail-fast: false steps: - - uses: "actions/checkout@v4" + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -34,7 +34,7 @@ jobs: just python=${{ startsWith(matrix.python-version, 'pypy') && matrix.python-version || format('python{0}', matrix.python-version) }} covcleanup="false" cov - name: Upload coverage data - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: coverage-data-${{ matrix.python-version }} path: .coverage.* @@ -47,12 +47,12 @@ jobs: runs-on: "ubuntu-latest" steps: - - uses: "actions/checkout@v4" + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Download coverage data - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: coverage-data-* merge-multiple: true @@ -75,7 +75,7 @@ jobs: uv run --group test coverage report --fail-under=100 - name: "Upload HTML report." - uses: "actions/upload-artifact@v4" + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: "html-report" path: "htmlcov" @@ -85,7 +85,7 @@ jobs: name: "Run linters" runs-on: "ubuntu-latest" steps: - - uses: "actions/checkout@v4" + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -101,7 +101,7 @@ jobs: runs-on: "ubuntu-latest" steps: - - uses: "actions/checkout@v4" + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/pypi-package.yml b/.github/workflows/pypi-package.yml index edb07060..da1b113e 100644 --- a/.github/workflows/pypi-package.yml +++ b/.github/workflows/pypi-package.yml @@ -18,12 +18,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 persist-credentials: false - - uses: hynek/build-and-inspect-python-package@v2 + - uses: hynek/build-and-inspect-python-package@efb823f52190ad02594531168b7a2d5790e66516 # v2.14.0 # Upload to Test PyPI on every commit on main. release-test-pypi: @@ -37,13 +37,13 @@ jobs: steps: - name: Download packages built by build-and-inspect-python-package - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: Packages path: dist - name: Upload package to Test PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: repository-url: https://test.pypi.org/legacy/ @@ -59,10 +59,10 @@ jobs: steps: - name: Download packages built by build-and-inspect-python-package - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: Packages path: dist - name: Upload package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 45d22137..8b78cd6d 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - uses: hynek/setup-cached-uv@757bedc3f972eb7227a1aa657651f15a8527c817 # v2.3.0 @@ -27,7 +27,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@f6a16bef8e5c39e398e4da16862d381f76824ac6 with: # Path to SARIF file relative to the root of the repository sarif_file: results.sarif From 6273a792bff808691843529f5f33eb1b52b393b6 Mon Sep 17 00:00:00 2001 From: Tin Tvrtkovic Date: Sun, 18 Jan 2026 23:07:08 +0100 Subject: [PATCH 2/2] Fix codspeed python version --- .github/workflows/codspeed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codspeed.yml b/.github/workflows/codspeed.yml index c1fce50f..20f019bd 100644 --- a/.github/workflows/codspeed.yml +++ b/.github/workflows/codspeed.yml @@ -35,4 +35,4 @@ jobs: uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1 with: mode: simulation - run: uv run --with pytest-codspeed --with pytest-benchmark --group test --extra msgspec --extra orjson pytest --codspeed bench/ + run: uv run --python 3.14 --with pytest-codspeed --with pytest-benchmark --group test --extra msgspec --extra orjson pytest --codspeed bench/