Skip to content

ci: pin action SHAs, add permissions, and add Python 3.14 to matrix#6

Merged
eddietejeda merged 1 commit into
mainfrom
ci/pin-actions-and-add-py314
May 20, 2026
Merged

ci: pin action SHAs, add permissions, and add Python 3.14 to matrix#6
eddietejeda merged 1 commit into
mainfrom
ci/pin-actions-and-add-py314

Conversation

@eddietejeda
Copy link
Copy Markdown
Contributor

@eddietejeda eddietejeda commented May 20, 2026
edited
Loading

Summary

Addresses review nits from #5:

  • SHA-pin actionsactions/checkout and astral-sh/setup-uv now use commit SHAs with version comments, matching the convention in publish.yml and eliminating mutable-tag supply-chain risk
  • permissions: contents: read — least-privilege token scope at the workflow level, matching publish.yml
  • Python 3.14 in matrixpyproject.toml lists the 3.14 classifier; the test matrix now covers it

Test plan

  • Verify all 5 Python version jobs pass (3.10–3.14)

🤖 Generated with Claude Code

@eddietejeda @claude
ci: pin action SHAs, add permissions, and add Python 3.14 to matrix
5a614ee 
Address review nits from #5:
- Pin actions/checkout and astral-sh/setup-uv to commit SHAs (consistent
  with publish.yml, eliminates mutable-tag supply-chain risk)
- Add top-level permissions: contents: read (least privilege, matches
  publish.yml)
- Add Python 3.14 to test matrix (matches pyproject.toml classifiers)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@eddietejeda eddietejeda merged commit fcc3270 into main May 20, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eddietejeda