From f1252340b70b2649b623eda84ce84127e37f93d3 Mon Sep 17 00:00:00 2001 From: bhimrazy Date: Fri, 5 Jun 2026 00:03:37 +0545 Subject: [PATCH 1/2] chore: pin GitHub Actions to commit SHAs --- .github/workflows/ci-checks.yml | 10 +++++----- .github/workflows/ci-cloud.yml | 6 +++--- .github/workflows/ci-testing.yml | 6 +++--- .github/workflows/cleanup-caches.yml | 2 +- .github/workflows/docs-build.yml | 12 ++++++------ .github/workflows/greetings.yml | 2 +- .github/workflows/release-pypi.yml | 8 ++++---- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index 4cba57a..0f48a9b 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -15,20 +15,20 @@ jobs: # uses: Lightning-AI/utilities/.github/workflows/check-precommit.yml@main check-typing: - uses: Lightning-AI/utilities/.github/workflows/check-typing.yml@main + uses: Lightning-AI/utilities/.github/workflows/check-typing.yml@86fe1b20b4609835ba9e8c8739cd39707ba76868 # v0.15.3 with: - actions-ref: main + actions-ref: 86fe1b20b4609835ba9e8c8739cd39707ba76868 extra-typing: "typing" check-schema: - uses: Lightning-AI/utilities/.github/workflows/check-schema.yml@main + uses: Lightning-AI/utilities/.github/workflows/check-schema.yml@86fe1b20b4609835ba9e8c8739cd39707ba76868 # v0.15.3 with: azure-dir: "" check-package: - uses: Lightning-AI/utilities/.github/workflows/check-package.yml@main + uses: Lightning-AI/utilities/.github/workflows/check-package.yml@86fe1b20b4609835ba9e8c8739cd39707ba76868 # v0.15.3 with: - actions-ref: main + actions-ref: 86fe1b20b4609835ba9e8c8739cd39707ba76868 import-name: "litmodels" artifact-name: dist-packages-${{ github.sha }} testing-matrix: | diff --git a/.github/workflows/ci-cloud.yml b/.github/workflows/ci-cloud.yml index b42b3c1..51be694 100644 --- a/.github/workflows/ci-cloud.yml +++ b/.github/workflows/ci-cloud.yml @@ -32,10 +32,10 @@ jobs: LIGHTNING_CLOUD_URL: https://staging.gridai.dev steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv and set Python ${{ matrix.python-version }} - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 with: python-version: ${{ matrix.python-version }} activate-environment: true @@ -67,7 +67,7 @@ jobs: coverage xml - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.xml diff --git a/.github/workflows/ci-testing.yml b/.github/workflows/ci-testing.yml index 5b65f41..e5d7b67 100644 --- a/.github/workflows/ci-testing.yml +++ b/.github/workflows/ci-testing.yml @@ -65,10 +65,10 @@ jobs: UV_TORCH_BACKEND: "cpu" steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv and set Python ${{ matrix.python-version }} - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 with: python-version: ${{ matrix.python-version }} activate-environment: true @@ -107,7 +107,7 @@ jobs: coverage xml - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 continue-on-error: true with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/cleanup-caches.yml b/.github/workflows/cleanup-caches.yml index 2336633..555065c 100644 --- a/.github/workflows/cleanup-caches.yml +++ b/.github/workflows/cleanup-caches.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Cleanup run: | diff --git a/.github/workflows/docs-build.yml b/.github/workflows/docs-build.yml index e03ce25..9c4a02b 100644 --- a/.github/workflows/docs-build.yml +++ b/.github/workflows/docs-build.yml @@ -8,10 +8,10 @@ jobs: build-docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv and set Python 3.10 - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 with: python-version: "3.10" activate-environment: true @@ -26,7 +26,7 @@ jobs: run: python -m sphinx -b html -W --keep-going docs/source docs/build/html - name: Upload prepared docs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: docs-html-${{ github.sha }} path: docs/build/html @@ -36,15 +36,15 @@ jobs: needs: build-docs runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 # deploy needs git credentials + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, deploy needs git credentials - name: Download prepared docs - uses: actions/download-artifact@v5 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: docs-html-${{ github.sha }} path: docs/build/html - name: Deploy 🚀 - uses: JamesIves/github-pages-deploy-action@v4.7.3 + uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3 if: ${{ github.event_name == 'push' }} with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index b383828..ab39dd8 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -7,7 +7,7 @@ jobs: greeting: runs-on: ubuntu-latest steps: - - uses: actions/first-interaction@v3 + - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3 with: repo-token: ${{ secrets.GITHUB_TOKEN }} issue-message: "Hi! thanks for your contribution!, great first issue!" diff --git a/.github/workflows/release-pypi.yml b/.github/workflows/release-pypi.yml index d7e6d5f..9bcbc55 100644 --- a/.github/workflows/release-pypi.yml +++ b/.github/workflows/release-pypi.yml @@ -18,10 +18,10 @@ jobs: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv and set Python 3.10 - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 with: python-version: "3.10" activate-environment: true @@ -41,7 +41,7 @@ jobs: # We do this, since failures on test.pypi aren't that bad - name: Publish to Test PyPI if: startsWith(github.event.ref, 'refs/tags') || github.event_name == 'release' - uses: pypa/gh-action-pypi-publish@v1.13.0 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: user: __token__ password: ${{ secrets.TEST_PYPI_PASSWORD }} @@ -49,7 +49,7 @@ jobs: - name: Publish distribution 📦 to PyPI if: startsWith(github.event.ref, 'refs/tags') || github.event_name == 'release' - uses: pypa/gh-action-pypi-publish@v1.13.0 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: user: __token__ password: ${{ secrets.pypi_password }} From 828d36222f713f44e36e7973f103b5dbf3e413ec Mon Sep 17 00:00:00 2001 From: bhimrazy Date: Fri, 5 Jun 2026 00:09:35 +0545 Subject: [PATCH 2/2] docs: clarify first-interaction pinned version --- .github/workflows/greetings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index ab39dd8..0db244f 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -7,7 +7,7 @@ jobs: greeting: runs-on: ubuntu-latest steps: - - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3 + - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} issue-message: "Hi! thanks for your contribution!, great first issue!"