diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 0ea96a6..dbca882 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -23,7 +23,7 @@ jobs: name: Upload Coverage # Only run on successful CI completion if: ${{ github.event.workflow_run.conclusion == 'success' }} - uses: ByronWilliamsCPA/.github/.github/workflows/python-codecov.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-codecov.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: artifact-name: 'coverage-reports' coverage-files: '*.xml' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a34cc09..80593c6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Harden the runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -57,13 +57,13 @@ jobs: run: uv sync --no-dev - name: Initialize CodeQL - uses: github/codeql-action/init@0daab03d71ff584ef619d027a3fd9146679c5d84 # v3.35.3 + uses: github/codeql-action/init@03e4368ac7daa2bd82b3e85262f3bf87ee112f57 # v3.36.0 with: languages: python build-mode: none queries: security-extended,security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0daab03d71ff584ef619d027a3fd9146679c5d84 # v3.35.3 + uses: github/codeql-action/analyze@03e4368ac7daa2bd82b3e85262f3bf87ee112f57 # v3.36.0 with: category: "/language:python" diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2ab1b88..49abdda 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -23,7 +23,7 @@ jobs: upload-coverage: name: Upload Coverage to Qlty if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }} - uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-coverage.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-coverage.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: coverage-artifact-name: coverage-reports coverage-file-path: coverage.xml diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 737072b..8a9c7fc 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Dependency Review uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index bce78d9..705f5c9 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -29,7 +29,7 @@ permissions: jobs: docs: - uses: ByronWilliamsCPA/.github/.github/workflows/python-docs.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-docs.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: python-version: '3.12' docs-directory: 'docs' diff --git a/.github/workflows/fips-compatibility.yml b/.github/workflows/fips-compatibility.yml index a7a6b2a..ccceed2 100644 --- a/.github/workflows/fips-compatibility.yml +++ b/.github/workflows/fips-compatibility.yml @@ -52,7 +52,7 @@ permissions: jobs: fips-check: - uses: ByronWilliamsCPA/.github/.github/workflows/python-fips-compatibility.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-fips-compatibility.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: strict-mode: ${{ github.event.inputs.strict_mode == 'true' }} include-tests: true diff --git a/.github/workflows/mutation-testing.yml b/.github/workflows/mutation-testing.yml index 505a733..197350e 100644 --- a/.github/workflows/mutation-testing.yml +++ b/.github/workflows/mutation-testing.yml @@ -40,7 +40,7 @@ jobs: name: Mutation Testing # Skip on forks (no PR comment permissions) if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository - uses: ByronWilliamsCPA/.github/.github/workflows/python-mutation.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-mutation.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: python-version: '3.12' source-directory: 'src' diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index 5210cde..fee1ffe 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -29,7 +29,7 @@ jobs: # Supplemental PR Checks (Changelog, Link Validation) # ========================================================================== supplemental-checks: - uses: ByronWilliamsCPA/.github/.github/workflows/python-supplemental-checks.yml@e8fc83c98c2971ad1ece71573d28171463e30c16 # main + uses: ByronWilliamsCPA/.github/.github/workflows/python-supplemental-checks.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: # Changelog enforcement enable-changelog-check: true @@ -56,7 +56,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit diff --git a/.github/workflows/python-compatibility.yml b/.github/workflows/python-compatibility.yml index a8a3845..8372951 100644 --- a/.github/workflows/python-compatibility.yml +++ b/.github/workflows/python-compatibility.yml @@ -34,7 +34,7 @@ permissions: jobs: compatibility: - uses: ByronWilliamsCPA/.github/.github/workflows/python-compatibility.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-compatibility.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: python-versions: '["3.10", "3.11", "3.12", "3.13"]' operating-systems: '["ubuntu-latest"]' diff --git a/.github/workflows/qlty.yml b/.github/workflows/qlty.yml index 9efc974..7dc472d 100644 --- a/.github/workflows/qlty.yml +++ b/.github/workflows/qlty.yml @@ -15,7 +15,7 @@ concurrency: jobs: qlty: if: ${{ github.event.workflow_run.conclusion == 'success' }} - uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-coverage.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-coverage.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main permissions: contents: read actions: read diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 8cfe33a..537aef5 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -24,7 +24,7 @@ permissions: read-all jobs: reuse: - uses: ByronWilliamsCPA/.github/.github/workflows/python-reuse.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-reuse.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: generate-spdx: true fail-on-missing: true diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index bd48ad6..2467de4 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -35,7 +35,7 @@ permissions: jobs: sbom: name: SBOM & Security - uses: ByronWilliamsCPA/.github/.github/workflows/python-sbom.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-sbom.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: python-version: '3.12' fail-on-vulnerabilities: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 869ef28..90f1b7b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -26,7 +26,7 @@ permissions: jobs: scorecard: - uses: ByronWilliamsCPA/.github/.github/workflows/python-scorecard.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-scorecard.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: publish-results: true upload-sarif: true diff --git a/.github/workflows/security-analysis.yml b/.github/workflows/security-analysis.yml index e57facf..fc9a141 100644 --- a/.github/workflows/security-analysis.yml +++ b/.github/workflows/security-analysis.yml @@ -34,7 +34,7 @@ permissions: jobs: security: - uses: ByronWilliamsCPA/.github/.github/workflows/python-security-analysis.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-security-analysis.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: source-directory: 'src' python-version: '3.12' diff --git a/.github/workflows/slsa-provenance.yml b/.github/workflows/slsa-provenance.yml index 59c1422..cf24e9d 100644 --- a/.github/workflows/slsa-provenance.yml +++ b/.github/workflows/slsa-provenance.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden the runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -98,7 +98,7 @@ jobs: slsa: name: SLSA Level 3 needs: [build] - uses: ByronWilliamsCPA/.github/.github/workflows/python-slsa.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-slsa.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: base64-subjects: ${{ needs.build.outputs.hashes }} upload-assets: true diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 1146ca5..7c7ab60 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -32,7 +32,7 @@ permissions: jobs: sonarcloud: - uses: ByronWilliamsCPA/.github/.github/workflows/python-sonarcloud.yml@e8fc83c98c2971ad1ece71573d28171463e30c16 # main + uses: ByronWilliamsCPA/.github/.github/workflows/python-sonarcloud.yml@40ff5b5615e786ee0867e1b9e8f21a4735036e63 # main with: sonar-organization: byronwilliamscpa sonar-project-key: ByronWilliamsCPA_python-libs