Test pinning

.codecov.yml

@@ -0,0 +1,25 @@
+---
+coverage:
+  status:
+    project:
+      default: false
+      app:
+        informational: true
+        paths:
+          - src/
+      tests:
+        informational: true
+        paths:
+          - tests/
+    patch:
+      default: false
+      app:
+        informational: true
+        paths:
+          - src/
+      tests:
+        informational: true
+        paths:
+          - tests/
+github_checks:
+  annotations: false

.copier-answers.yml

@@ -1,6 +1,6 @@
 # Autogenerated. Do not edit this by hand, use `copier update`.
 ---
-_commit: 0.4.7
+_commit: 0.4.8-3-ge7c124f
 _src_path: https://github.com/salt-extensions/salt-extension-copier
 author: jeanluc
 author_email: [email protected]

.github/workflows/ci.yml

@@ -29,7 +29,7 @@ jobs:
 
   changed-files-debug:
     name: Changed Files Debug Output
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     if: always()
     needs:
       - get-changed-files
@@ -107,7 +107,7 @@ jobs:
     # This step is just so we can make github require this step, to pass checks
     # on a pull request instead of requiring all
     name: Set the CI Pipeline Exit Status
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     if: always()
     needs:
       - test
@@ -119,15 +119,15 @@ jobs:
     steps:
       - name: Download Exit Status Files
         if: always()
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16  # v4.1.8
         with:
           path: exitstatus
           pattern: exitstatus-*
           merge-multiple: true
 
       - name: Delete Exit Status Artifacts
         if: always()
-        uses: geekyeggo/delete-artifact@v5
+        uses: geekyeggo/delete-artifact@7ee91e82b4a7f3339cd8b14beace3d826a2aac39  # v5.1.0
         with:
           name: exitstatus-*
           useGlob: true

.github/workflows/deploy-docs-action.yml

@@ -35,29 +35,30 @@ jobs:
       pages: write
       id-token: write
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
+
     steps:
       - name: Download built docs
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16  # v4.1.8
         with:
           name: ${{ inputs.artifact-name }}
           path: html-docs
 
       - name: Upload GitHub Pages artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa  # v3.0.1
         with:
           name: html-docs-pages
           path: html-docs
 
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e  # v4.0.5
         with:
           artifact_name: html-docs-pages
 
       - name: Delete GitHub Pages artifact
         if: always()
-        uses: geekyeggo/delete-artifact@v5
+        uses: geekyeggo/delete-artifact@7ee91e82b4a7f3339cd8b14beace3d826a2aac39  # v5.1.0
         with:
           name: html-docs-pages
           failOnError: false
@@ -70,7 +71,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
         with:
           name: exitstatus-${{ github.job }}
           path: exitstatus

.github/workflows/deploy-package-action.yml

@@ -20,16 +20,17 @@ on:
 jobs:
   build:
     name: Publish Python Package to ${{ fromJSON('["PyPI", "Test PyPI"]')[inputs.test] }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
+
     steps:
       - name: Download Python Package Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16  # v4.1.8
         with:
           name: salt-extension-${{ inputs.version }}-packages
           path: dist
 
       - name: Publish distribution to Test PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@c44d2f0e52f028349e3ecafbf7f32561da677277  # v1.10.3
         if: ${{ inputs.test }}
         with:
           password: ${{ secrets.TEST_PYPI_API_TOKEN }}
@@ -47,7 +48,7 @@ jobs:
               dist/*
 
       - name: Publish distribution to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@c44d2f0e52f028349e3ecafbf7f32561da677277  # v1.10.3
         if: ${{ !inputs.test }}
         with:
           password: ${{ secrets.PYPI_API_TOKEN }}

.github/workflows/docs-action.yml

@@ -6,16 +6,16 @@ on:
 
 jobs:
   Docs:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     timeout-minutes: 10
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
         with:
           fetch-depth: 0
 
       - name: Set up Python 3.10 For Nox
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3  # v5.2.0
         with:
           python-version: "3.10"
 
@@ -35,7 +35,7 @@ jobs:
           nox --force-color -e docs
 
       - name: Upload built docs as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
         with:
           name: html-docs
           path: docs/_build/html
@@ -48,7 +48,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
         with:
           name: exitstatus-${{ github.job }}
           path: exitstatus

.github/workflows/get-changed-files.yml

@@ -9,18 +9,19 @@ on:
 jobs:
   get-changed-files:
     name: Get Changed Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       contents: read  # for dorny/paths-filter to fetch a list of changed files
       pull-requests: read  # for dorny/paths-filter to read pull requests
     outputs:
       changed-files: ${{ toJSON(steps.changed-files.outputs) }}
+
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
 
       - name: Get Changed Files
         id: changed-files
-        uses: dorny/paths-filter@v3
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # v3.0.2
         with:
           token: ${{ github.token }}
           list-files: escape

.github/workflows/package-action.yml

@@ -11,14 +11,15 @@ on:
 jobs:
   build:
     name: Build Python Packages (wheel and sdist)
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
+
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
         with:
           fetch-depth: 0
 
       - name: Set up Python 3.10
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3  # v5.2.0
         with:
           python-version: "3.10"
 
@@ -37,7 +38,7 @@ jobs:
         run: python -m build --outdir dist/
 
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
         if: always()
         with:
           name: salt-extension-${{ inputs.version }}-packages
@@ -52,7 +53,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
         with:
           name: exitstatus-${{ github.job }}
           path: exitstatus

.github/workflows/pre-commit-action.yml

@@ -12,9 +12,9 @@ on:
 jobs:
   Pre-Commit:
     name: Pre-Commit
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     container:
-      image: python:3.10.14-slim-bookworm
+      image: docker.io/library/python:3.10.14-slim-bookworm@sha256:2407c61b1a18067393fecd8a22cf6fceede893b6aaca817bf9fbfe65e33614a3
 
     steps:
       - name: Install System Deps
@@ -23,7 +23,7 @@ jobs:
           apt-get install -y enchant-2 git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev
           git config --global --add safe.directory "$(pwd)"
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
 
       - name: Install Pre-Commit
         run: |
@@ -49,7 +49,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
         with:
           name: exitstatus-${{ github.job }}
           path: exitstatus

.github/workflows/tag.yml

@@ -8,12 +8,12 @@ on:
 
 jobs:
   get_tag_version:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       version: ${{ steps.get_version.outputs.version }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
 
       - name: Extract tag name
         id: get_version

.github/workflows/test-action.yml

@@ -7,7 +7,7 @@ on:
 jobs:
 
   Linux:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     timeout-minutes: 30
 
     strategy:
@@ -21,12 +21,12 @@ jobs:
           - {salt-version: "3007.1", python-version: "3.10"}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
         with:
           fetch-depth: 2  # coverage: Issue detecting commit SHA
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3  # v5.2.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -55,7 +55,7 @@ jobs:
           echo "flags=$(python -c "import sys; print('{},{},salt_{}'.format('${{ runner.os }}'.replace('-latest', ''), 'py{}{}'.format(*sys.version_info), '_'.join(str(v) for v in '${{ matrix.salt-version }}'.replace('==', '_').split('.'))))")" >> "$GITHUB_OUTPUT"
 
       - name: Upload Project Code Coverage
-        uses: codecov/codecov-action@v4.5.0  # https://github.com/codecov/codecov-action/issues/1594
+        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673  # v4.5.0
         with:
           file: artifacts/coverage-project.xml
           disable_search: true
@@ -66,7 +66,7 @@ jobs:
           version: v0.7.5
 
       - name: Upload Tests Code Coverage
-        uses: codecov/[email protected]
+        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673  # v4.5.0
         with:
           file: artifacts/coverage-tests.xml
           disable_search: true
@@ -78,7 +78,7 @@ jobs:
 
       - name: Upload Logs
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
         with:
           name: runtests-${{ runner.os }}-py${{ matrix.python-version }}-Salt${{ matrix.salt-version }}.log
           path: artifacts/runtests-*.log
@@ -91,7 +91,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
         with:
           name: exitstatus-${{ github.job }}-Py${{ matrix.python-version }}-Salt${{ matrix.salt-version }}
           path: exitstatus