◐ Shell
clean mode source ↗

chore: Pin GitHub Actions to commit SHAs by pgoslatara · Pull Request #1196 · python-mode/python-mode

pgoslatara

This PR pins GitHub Actions to exact commit SHAs for more reproducible builds.

Why pin to commit SHAs?

Pinning GitHub Actions to specific commit SHAs ensures your workflow uses the exact same version every time, preventing unexpected changes when an action publisher releases a new version. This improves security and reliability.

Learn more: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Changes

  • Pinned codecov/codecov-action from v3 to ab904c4 in .github/workflows/test.yml
  • Pinned actions/download-artifact from v4 to d3f86a1 in .github/workflows/test.yml
  • Pinned actions/upload-artifact from v4 to ea165f8 in .github/workflows/test.yml
  • Pinned actions/checkout from v4 to 34e1148 in .github/workflows/test.yml
  • Pinned actions/setup-python from v5 to a26af69 in .github/workflows/test.yml