+
Skip to content

Added commit SHAs instead of versions #2384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 28, 2025
Merged

Added commit SHAs instead of versions #2384

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4b1e2f2
Added commit SHAs instead of versions
samyak003 Mar 28, 2025
9f47b0b
Fixed contributing.md
samyak003 Mar 28, 2025
27914e5
Update .github/workflows/ci-cd.yml
arkid15r Mar 28, 2025
d3313e3
Update .github/workflows/ci-cd.yml
arkid15r Mar 28, 2025
60844b0
Update code
arkid15r Mar 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 25 additions & 25 deletions .github/workflows/ci-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,16 +35,16 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Check out repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55
with:
check-latest: true
python-version: '3.13'

- name: Run pre-commit
uses: pre-commit/action@v3.0.1
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd

code-ql:
name: CodeQL
Expand All @@ -55,15 +55,15 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Check out repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841
with:
languages: python

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841
with:
category: '/language:python'

Expand All @@ -86,10 +86,10 @@ jobs:
- '3.13'
steps:
- name: Check out repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55
with:
allow-prereleases: true
cache: pip
Expand All @@ -110,7 +110,7 @@ jobs:
make test

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574
with:
token: ${{ secrets.CODECOV_TOKEN }}

Expand All @@ -120,10 +120,10 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Check out repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55
with:
cache: pip
cache-dependency-path: |
Expand All @@ -142,7 +142,7 @@ jobs:
make package

- name: Upload package artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: dist
path: dist
Expand All @@ -158,7 +158,7 @@ jobs:

- name: Upload SBOM
if: startsWith(github.event.ref, 'refs/tags/v')
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: sbom
path: holidays-${{ env.VERSION }}-sbom.json
Expand All @@ -175,10 +175,10 @@ jobs:
- windows-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55
with:
cache: pip
cache-dependency-path: |
Expand All @@ -188,7 +188,7 @@ jobs:
python-version: '3.13'

- name: Get package artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
with:
name: dist
path: dist
Expand All @@ -210,10 +210,10 @@ jobs:
needs: test
steps:
- name: Check out repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Set Up Python
uses: actions/setup-python@v5
uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55
with:
cache: pip
cache-dependency-path: requirements/docs.txt
Expand Down Expand Up @@ -244,13 +244,13 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Download package artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
with:
name: dist
path: dist

- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc

sign-artifacts:
name: Create SHA1 checksums and Sigstore signatures
Expand All @@ -261,7 +261,7 @@ jobs:
id-token: write
steps:
- name: Download package artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
with:
name: dist
path: dist
Expand All @@ -274,14 +274,14 @@ jobs:
done

- name: Sign the files using Sigstore
uses: sigstore/gh-action-sigstore-python@v3.0.0
uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46
with:
inputs: |
./dist/*.tar.gz
./dist/*.whl

- name: Upload package dist and signatures
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: signed-artifacts
path: dist
Expand All @@ -295,12 +295,12 @@ jobs:
contents: write
steps:
- name: Download SBOM
uses: actions/download-artifact@v4
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
with:
name: sbom

- name: Download package dist and signatures
uses: actions/download-artifact@v4
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
with:
name: signed-artifacts
path: dist
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/pre-commit-autoupdate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ jobs:
pull-requests: write
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- uses: actions/setup-python@v5
- uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55
with:
cache: pip
python-version: '3.12'
Expand All @@ -29,7 +29,7 @@ jobs:
python -m pip install pre-commit

- name: Use pre-commit environment cache
uses: actions/cache@v4
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684
with:
key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
path: ~/.cache/pre-commit
Expand All @@ -40,7 +40,7 @@ jobs:
pre-commit autoupdate
pre-commit run --all-files

- uses: peter-evans/create-pull-request@v7.0.8
- uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
with:
base: dev
body: Update pre-commit hooks to their latest versions.
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/prl-labeler.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ jobs:
pull-requests: write
runs-on: ubuntu-24.04
steps:
- uses: actions/labeler@v5
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9
6 changes: 3 additions & 3 deletions .github/workflows/update-snapshots.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Check out repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55
with:
cache: pip
cache-dependency-path: |
Expand All @@ -38,7 +38,7 @@ jobs:
run: |
make snapshot

- uses: peter-evans/create-pull-request@v7.0.8
- uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
with:
base: dev
body: Automatically generated snapshots update.
Expand Down
18 changes: 18 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,24 @@ The project provides MkDocs documentation under `./docs`, published online on
Great documentation is absolutely key in any project. If you are not familiar with Markdown for
MkDocs, you can read a primer [here](https://www.mkdocs.org/user-guide/writing-your-docs/).

## GitHub Actions

All new GitHub actions must use commit SHAs instead of version tags. When updating an action, contributors should explicitly use the commit SHA from the latest release.

### Example

Allowed:

```yaml
uses: actions/checkout@8fdb40e56baf9c5dc24e3ab5bc2a91db65f39f21
```

Not allowed:

```yaml
uses: actions/checkout@v4
```

## Contributors

In order to keep the list of contributors up to date, we encourage you add your name (in
Expand Down
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载