Merge pull request #13 from pallets-eco/dependabot/github_actions/git…

…hub-actions-c6386c74ed Bump the github-actions group across 1 directory with 7 updates
pallets-eco · May 1, 2024 · 924e178 · 924e178
2 parents e33ea37 + ed76aa6
commit 924e178
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -9,8 +9,8 @@ jobs:
  outputs:
  hash: ${{ steps.hash.outputs.hash }}
  steps:
- - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
+ - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+ - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
  with:
  python-version: '3.x'
  cache: pip
@@ -23,7 +23,7 @@ jobs:
  - name: generate hash
  id: hash
  run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
- - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
+ - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
  with:
  name: dist
  path: ./dist
@@ -34,7 +34,7 @@ jobs:
  id-token: write
  contents: write
  # Can't pin with hash due to how this workflow works.
- uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
+ uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
  with:
  base64-subjects: ${{ needs.build.outputs.hash }}
  create-release:
@@ -45,7 +45,7 @@ jobs:
  permissions:
  contents: write
  steps:
- - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+ - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
  - name: create release
  run: >
  gh release create --draft --repo ${{ github.repository }}
@@ -64,5 +64,5 @@ jobs:
  permissions:
  id-token: write
  steps:
- - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
- - uses: pypa/gh-action-pypi-publish@e53eb8b103ffcb59469888563dc324e3c8ba6f06
+ - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
+ - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -14,8 +14,8 @@ jobs:
  matrix:
  python: ['3.12', '3.11', '3.10', '3.9', '3.8']
  steps:
- - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
+ - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+ - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
  with:
  python-version: ${{ matrix.python }}
  allow-prereleases: true
@@ -26,14 +26,14 @@ jobs:
  typing:
  runs-on: ubuntu-latest
  steps:
- - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
+ - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+ - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
  with:
  python-version: '3.x'
  cache: pip
  cache-dependency-path: requirements/*.txt
  - name: cache mypy
- uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319
+ uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
  with:
  path: ./.mypy_cache
  key: mypy|${{ hashFiles('pyproject.toml') }}