Ouranosinc · Zeitsperre · Dec 1, 2023 · Dec 1, 2023
diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml
@@ -38,10 +38,10 @@ jobs:
   bump_patch_version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4.1.1
         with:
           persist-credentials: false
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v4.7.1
         with:
           python-version: "3.x"
       - name: Config Commit Bot
@@ -57,7 +57,7 @@ jobs:
           bump-my-version bump --tag patch
           echo "new_version=$(grep -E '__version__'  xscen/__init__.py | cut -d ' ' -f3)"
       - name: Push Changes
-        uses: ad-m/github-push-action@master
+        uses: ad-m/github-push-action@v0.8.0
         with:
           force: false
           github_token: ${{ secrets.BUMPVERSION_TOKEN }}

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -22,13 +22,13 @@ jobs:
           - 'python'
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.1
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@codeql-bundle-20230524
         with:
           languages: ${{ matrix.language }}
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@codeql-bundle-20230524
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@codeql-bundle-20230524
diff --git a/.github/workflows/conda-build.yml b/.github/workflows/conda-build.yml
@@ -27,15 +27,15 @@ jobs:
       matrix:
         python-version: ["3.9"]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4.1.1
         if: ${{ github.event.inputs.tag == '' }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4.1.1
         if: ${{ github.event.inputs.tag != '' }}
         with:
           fetch-depth: 0
           ref: ${{ inputs.tag }}
       - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
-        uses: mamba-org/provision-with-micromamba@main
+        uses: mamba-org/provision-with-micromamba@v16
         with:
           cache-downloads: true
           channels: conda-forge,defaults
@@ -44,7 +44,7 @@ jobs:
             anaconda-client
             conda-build
       - name: Conditionally set label
-        uses: haya14busa/action-cond@v1
+        uses: haya14busa/action-cond@v1.1.1
         id: label
         with:
           cond: ${{ github.event_name == 'workflow_dispatch' }}

diff --git a/.github/workflows/first_pull_request.yml b/.github/workflows/first_pull_request.yml
@@ -10,7 +10,7 @@ jobs:
     name: Welcome
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7.0.1
         with:
           script: |
             // Get a list of all issues created by the PR opener

diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
@@ -20,6 +20,6 @@ jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@v4
+    - uses: actions/labeler@v4.3.0
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -23,11 +23,11 @@ jobs:
           - "3.x"
     steps:
       - name: Cancel previous runs
-        uses: styfle/cancel-workflow-action@0.11.0
+        uses: styfle/cancel-workflow-action@0.12.0
         with:
           access_token: ${{ github.token }}
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4.1.1
+      - uses: actions/setup-python@v4.7.1
         with:
           python-version: "3.x"
       - name: Install tox
@@ -58,9 +58,9 @@ jobs:
       run:
         shell: bash -l {0}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.1.1
       - name: Setup Conda (Micromamba) with Python ${{ matrix.python-version }}
-        uses: mamba-org/setup-micromamba@v1
+        uses: mamba-org/setup-micromamba@v1.6.0
         with:
           cache-downloads: true
           environment-name: xscen-pypi
@@ -114,9 +114,9 @@ jobs:
       run:
         shell: bash -l {0}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.1.1
       - name: Setup Conda (Micromamba) with Python ${{ matrix.python-version }}
-        uses: mamba-org/setup-micromamba@v1
+        uses: mamba-org/setup-micromamba@v1.6.0
         with:
           cache-downloads: true
           environment-file: environment-dev.yml

diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml
@@ -14,9 +14,9 @@ jobs:
       # IMPORTANT: this permission is mandatory for trusted publishing
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.1.1
       - name: Set up Python3
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v4.7.1
         with:
           python-version: "3.x"
       - name: Install packaging libraries
@@ -27,4 +27,4 @@ jobs:
           make translate
           python -m build --sdist --wheel
       - name: Publish distribution 📦 to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@v1.8.11
diff --git a/.github/workflows/remove-obsolete-cache.yml b/.github/workflows/remove-obsolete-cache.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.1
 
       - name: Cleanup
         run: |

diff --git a/.github/workflows/tag-testpypi.yml b/.github/workflows/tag-testpypi.yml
@@ -12,7 +12,7 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/v') && endsWith(github.ref, '.0')
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v4.1.1
       - name: Create Release
         uses: softprops/action-gh-release@v1
         env:
@@ -32,9 +32,9 @@ jobs:
       # IMPORTANT: this permission is mandatory for trusted publishing
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.1.1
       - name: Set up Python3
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v4.7.1
         with:
           python-version: "3.x"
       - name: Install packaging libraries
@@ -45,7 +45,7 @@ jobs:
           make translate
           python -m build --sdist --wheel
       - name: Publish distribution 📦 to Test PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@v1.8.11
         with:
           repository_url: https://test.pypi.org/legacy/
           skip_existing: true