diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1705518..135ac91 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,11 +36,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -54,7 +54,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -67,6 +67,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/jira-issue-create.yml b/.github/workflows/jira-issue-create.yml index b691a7b..526998e 100644 --- a/.github/workflows/jira-issue-create.yml +++ b/.github/workflows/jira-issue-create.yml @@ -11,7 +11,7 @@ on: jobs: call-workflow-passing-data: - uses: amplitude/Amplitude-TypeScript/.github/workflows/jira-issue-create-template.yml@main + uses: amplitude/Amplitude-TypeScript/.github/workflows/jira-issue-create-template.yml@c832303a64c05b9911b6b1ad3dd8f69099f71179 # @amplitude/analytics-browser@2.36.9 with: label: "Python" subcomponent: "dx_python_sdk" diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index f190d83..992b3ca 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -29,12 +29,12 @@ jobs: id-token: write steps: - name: Checkout for release to PyPI - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Set up Python 3.9 - uses: actions/setup-python@v3 + uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3 with: python-version: 3.9 diff --git a/.github/workflows/publish-to-test-pypi.yml b/.github/workflows/publish-to-test-pypi.yml index 8894357..d7419eb 100644 --- a/.github/workflows/publish-to-test-pypi.yml +++ b/.github/workflows/publish-to-test-pypi.yml @@ -29,12 +29,12 @@ jobs: id-token: write steps: - name: Checkout for release to Test PyPI - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Set up Python 3.9 - uses: actions/setup-python@v3 + uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3 with: python-version: 3.9 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 818e564..5861533 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,10 +10,10 @@ jobs: python-version: [ "3.8", "3.9", "3.10", "3.11", "3.12", "3.13" ] steps: - name: Checkout source code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3 with: python-version: ${{ matrix.python-version }}