diff --git a/.github/workflows/cffconvert-test.yml b/.github/workflows/cffconvert-test.yml index 16b9b10..1b4f9b7 100644 --- a/.github/workflows/cffconvert-test.yml +++ b/.github/workflows/cffconvert-test.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out a copy of the repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/check_changelog.yml b/.github/workflows/check_changelog.yml index 5762687..57b2992 100644 --- a/.github/workflows/check_changelog.yml +++ b/.github/workflows/check_changelog.yml @@ -15,7 +15,7 @@ jobs: name: A reviewer will let you know if it is required or can be bypassed runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: '0' - name: Check if tests have changed @@ -31,7 +31,7 @@ jobs: - name: Check changelog entry if: steps.tests_changed.outputs.check_changelog == 'true' - uses: scientific-python/action-towncrier-changelog@v1 + uses: scientific-python/action-towncrier-changelog@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} BOT_USERNAME: changelog-bot diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ce79757..8eb6f84 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -67,7 +67,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false fetch-depth: 0 @@ -125,7 +125,7 @@ jobs: # exit 1 - name: Set up Python - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 if: matrix.language == 'c-cpp' with: python-version: '3.11' diff --git a/.github/workflows/labeler-title-regex.yml b/.github/workflows/labeler-title-regex.yml index 03de57d..3bcb420 100644 --- a/.github/workflows/labeler-title-regex.yml +++ b/.github/workflows/labeler-title-regex.yml @@ -15,8 +15,8 @@ jobs: labeler: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@v5 + - uses: actions/setup-python@v6 with: python-version: '3.9' - name: Install PyGithub diff --git a/.github/workflows/open_actions.yml b/.github/workflows/open_actions.yml index 4234e24..26cef2b 100644 --- a/.github/workflows/open_actions.yml +++ b/.github/workflows/open_actions.yml @@ -17,12 +17,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Label PR - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 + uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 if: github.event_name == 'pull_request_target' && github.event.pull_request.user.login != 'meeseeksmachine' with: repo-token: "${{ secrets.GITHUB_TOKEN }}" - name: 'Reviewer Checklist' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 if: github.event_name == 'pull_request_target' with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -44,7 +44,7 @@ jobs: - [ ] At the time of adding the milestone, if the milestone set requires a backport to release branch(es), apply the appropriate "backport-X.Y.x" label(s) *before* merge.` }) - name: Greet new contributors - uses: actions/first-interaction@34f15e814fe48ac9312ccf29db4e74fa767cbab7 # v1.3.0 + uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" issue-message: > @@ -91,7 +91,7 @@ jobs: please send an e-mail directly to the private e-mail feedback@astropy.org. - name: 'Comment Draft PR' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 if: github.event.pull_request.draft == true with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish-to-test-pypi.yml b/.github/workflows/publish-to-test-pypi.yml index db3914e..2a3d11c 100644 --- a/.github/workflows/publish-to-test-pypi.yml +++ b/.github/workflows/publish-to-test-pypi.yml @@ -42,11 +42,11 @@ jobs: steps: # Step 1: Check out the code from the repository - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Step 2: Set up the Python environment - name: Python Setup - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: '3.8' # Specify the Python version @@ -72,7 +72,7 @@ jobs: # Step 5a: Publish the package to TestPyPI (if selected) - name: Publish package distributions to TestPyPI if: ${{ github.event.inputs.pypi_repo == 'testpypi' }} - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: print-hash: true repository-url: https://test.pypi.org/legacy/ @@ -82,7 +82,7 @@ jobs: # Step 5b: Publish the package to PyPI (if selected) - name: Publish package distributions to PyPI if: ${{ github.event.inputs.pypi_repo == 'pypi' }} - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: print-hash: true user: __token__ diff --git a/.github/workflows/update-lock-files.yml b/.github/workflows/update-lock-files.yml index 2040475..bb4da66 100644 --- a/.github/workflows/update-lock-files.yml +++ b/.github/workflows/update-lock-files.yml @@ -35,7 +35,7 @@ jobs: update_script_args: "--select-tag cuda" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Generate lock files run: | source build_tools/shared.sh diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index aa9bf1d..50d873c 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -71,7 +71,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout lightnumpy - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Gets the correct commit message for pull request with: ref: ${{ github.event.pull_request.head.sha }} @@ -171,14 +171,14 @@ jobs: steps: - name: Checkout Repository with all submodules recursively - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # Fetches all nested submodules or submodules: true submodules: recursive fetch-tags: true - name: Python Setup # Used to push the built wheels - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.x" @@ -331,7 +331,7 @@ jobs: echo "CIBW_BUILD_FRONTEND=$CIBW" >> "$GITHUB_ENV" - name: Build Wheels Packages - uses: pypa/cibuildwheel@42728e866bbc80d544a70825bd9990b9a26f1a50 # v2.23.1 + uses: pypa/cibuildwheel@9c00cb4f6b517705a3794b22395aedc36257242c # v3.2.1 env: # Step level enviroment NAME: '', $NAME, ${{ env.NAME }} # Set CIBW_PRERELEASE_PYTHONS to True to build for pre-release versions of Python CIBW_PRERELEASE_PYTHONS: True @@ -351,7 +351,7 @@ jobs: fi - name: Upload Wheelhouse Wheels Packages - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: >- ${{ matrix.python[0] }}-${{ join(matrix.buildplat, '-') }} @@ -361,7 +361,7 @@ jobs: path: ./wheelhouse/*.whl - name: Conda environment creation and activation anaconda-client - uses: conda-incubator/setup-miniconda@505e6394dae86d6a5c7fbb6e3fb8938e3e863830 # v3.1.1 + uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f # v3.2.0 with: # for installation of anaconda-client, required for upload to # anaconda.org @@ -442,11 +442,11 @@ jobs: steps: - name: Checkout lightnumpy - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: submodules: true # Used to push the built wheels - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: # Build sdist on lowest supported Python python-version: "3.10" @@ -470,13 +470,13 @@ jobs: twine check dist/* - name: Upload Wheelhouse Wheels Packages - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: sdist path: ./dist/* - name: Conda environment creation and activation anaconda-client - uses: conda-incubator/setup-miniconda@505e6394dae86d6a5c7fbb6e3fb8938e3e863830 # v3.1.1 + uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f # v3.2.0 with: # for installation of anaconda-client, required for upload to # anaconda.org