Skip to content

Commit ab52bb7

Browse files
improve: pin GitHub Actions in publish.yml to SHA commit hashes for supply-chain security (#42)
1 parent 1bfa5b7 commit ab52bb7

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

.github/workflows/publish.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,12 +23,12 @@ jobs:
2323
environment: pypi
2424

2525
steps:
26-
- uses: actions/checkout@v4
26+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
2727
with:
2828
persist-credentials: false
2929

3030
- name: Set up Python 3.12
31-
uses: actions/setup-python@v5
31+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
3232
with:
3333
python-version: "3.12"
3434

@@ -48,10 +48,10 @@ jobs:
4848

4949
- name: Publish to TestPyPI
5050
if: ${{ inputs.pypi_target == 'testpypi' }}
51-
uses: pypa/gh-action-pypi-publish@release/v1
51+
uses: pypa/gh-action-pypi-publish@ecb4c3dfd4790f14e30aaeac04855c7413ee9368
5252
with:
5353
repository-url: https://test.pypi.org/legacy/
5454

5555
- name: Publish to PyPI
5656
if: ${{ inputs.pypi_target == 'pypi' || github.event_name == 'release' }}
57-
uses: pypa/gh-action-pypi-publish@release/v1
57+
uses: pypa/gh-action-pypi-publish@ecb4c3dfd4790f14e30aaeac04855c7413ee9368

0 commit comments

Comments
 (0)