https://github.com/python/cpython/commit/ba74c01ac0b6d632f7c3bd6bf24fbaf5e4e2091d
commit: ba74c01ac0b6d632f7c3bd6bf24fbaf5e4e2091d
branch: 3.10
author: William Woodruff <[email protected]>
committer: hugovk <[email protected]>
date: 2026-04-02T11:17:37+03:00
summary:
[3.10] gh-146488: hash-pin all action references (gh-146489) (#147978)
files:
M .github/workflows/build.yml
M .github/workflows/build_msi.yml
M .github/workflows/doc.yml
M .github/workflows/stale.yml
M .github/workflows/verify-ensurepip-wheels.yml
M .github/workflows/verify-expat.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 331b7ab6da4832..7cbd43da6fc94a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -30,7 +30,7 @@ jobs:
run_tests: ${{ steps.check.outputs.run_tests }}
run_ssl_tests: ${{ steps.check.outputs.run_ssl_tests }}
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
- name: Check for source changes
id: check
run: |
@@ -62,10 +62,10 @@ jobs:
needs: check_source
if: needs.check_source.outputs.run_tests == 'true'
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
- name: Install dependencies
run: |
sudo ./.github/workflows/posix-deps-apt.sh
@@ -97,16 +97,16 @@ jobs:
needs: check_source
if: needs.check_source.outputs.run_tests == 'true'
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
- name: Install dependencies
run: sudo ./.github/workflows/posix-deps-apt.sh
- name: Add ccache to PATH
run: echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV"
- name: Configure ccache action
- uses: hendrikmuhs/ccache-action@v1
+ uses:
hendrikmuhs/ccache-action@5ebbd400eff9e74630f759d94ddd7b6c26299639 # v1.2.20
- name: Check Autoconf version 2.69 and aclocal 1.16.3
run: |
grep "Generated by GNU Autoconf 2.69" configure
@@ -149,7 +149,7 @@ jobs:
env:
IncludeUwp: 'true'
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Build CPython
run: .\PCbuild\build.bat -e -p Win32
- name: Display build info
@@ -165,7 +165,7 @@ jobs:
env:
IncludeUwp: 'true'
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Register MSVC problem matcher
run: echo "::add-matcher::.github/problem-matchers/msvc.json"
- name: Build CPython
@@ -186,7 +186,7 @@ jobs:
HOMEBREW_NO_INSTALL_CLEANUP: 1
PYTHONSTRICTEXTENSIONBUILD: 1
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install Homebrew dependencies
run: |
brew install pkg-config [email protected] xz gdbm tcl-tk@8
@@ -218,7 +218,7 @@ jobs:
OPENSSL_VER: 3.0.11
PYTHONSTRICTEXTENSIONBUILD: 1
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Register gcc problem matcher
run: echo "::add-matcher::.github/problem-matchers/gcc.json"
- name: Install dependencies
@@ -230,7 +230,7 @@ jobs:
echo
"LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}/lib" >>
"$GITHUB_ENV"
- name: 'Restore OpenSSL build'
id: cache-openssl
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ./multissl/openssl/${{ env.OPENSSL_VER }}
key: ${{ runner.os }}-multissl-openssl-${{ env.OPENSSL_VER }}
@@ -241,7 +241,7 @@ jobs:
run: |
echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV"
- name: Configure ccache action
- uses: hendrikmuhs/ccache-action@v1
+ uses: hendrikmuhs/ccache-action@5ebbd400eff9e74630f759d94ddd7b6c26299639
# v1.2.20
- name: Configure CPython
run: ./configure --with-pydebug --with-openssl=$OPENSSL_DIR
- name: Build CPython
@@ -267,7 +267,7 @@ jobs:
OPENSSL_DIR: ${{ github.workspace }}/multissl/openssl/${{
matrix.openssl_ver }}
LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/openssl/${{
matrix.openssl_ver }}/lib
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Register gcc problem matcher
@@ -281,7 +281,7 @@ jobs:
echo
"LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}/lib" >>
"$GITHUB_ENV"
- name: 'Restore OpenSSL build'
id: cache-openssl
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ./multissl/openssl/${{ env.OPENSSL_VER }}
key: ${{ runner.os }}-multissl-openssl-${{ env.OPENSSL_VER }}
@@ -292,7 +292,7 @@ jobs:
run: |
echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV"
- name: Configure ccache action
- uses: hendrikmuhs/[email protected]
+ uses: hendrikmuhs/ccache-action@5ebbd400eff9e74630f759d94ddd7b6c26299639
# v1.2.20
- name: Configure CPython
run: ./configure --with-pydebug --with-openssl=$OPENSSL_DIR
- name: Build CPython
diff --git a/.github/workflows/build_msi.yml b/.github/workflows/build_msi.yml
index f8d65ad48702b9..12bda650c9bf1e 100644
--- a/.github/workflows/build_msi.yml
+++ b/.github/workflows/build_msi.yml
@@ -34,7 +34,7 @@ jobs:
name: 'Windows (x86) Installer'
runs-on: windows-2022
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Build CPython installer
run: .\Tools\msi\build.bat --doc -x86
@@ -42,6 +42,6 @@ jobs:
name: 'Windows (x64) Installer'
runs-on: windows-2022
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Build CPython installer
run: .\Tools\msi\build.bat --doc -x64
diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml
index 8a63677b7289b5..8eaf791b96fc8c 100644
--- a/.github/workflows/doc.yml
+++ b/.github/workflows/doc.yml
@@ -32,11 +32,11 @@ jobs:
name: 'Docs'
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Register Sphinx problem matcher
run: echo "::add-matcher::.github/problem-matchers/sphinx.json"
- name: 'Set up Python'
- uses: actions/setup-python@v6
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: '3.12'
cache: 'pip'
@@ -46,7 +46,7 @@ jobs:
- name: 'Build HTML documentation'
run: make -C Doc/ SPHINXOPTS="-q" SPHINXERRORHANDLING="-W --keep-going"
html
- name: 'Upload'
- uses: actions/upload-artifact@v6
+ uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #
v6.0.0
with:
name: doc-html
path: Doc/build/html
@@ -58,10 +58,10 @@ jobs:
name: 'Doctest'
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Register Sphinx problem matcher
run: echo "::add-matcher::.github/problem-matchers/sphinx.json"
- - uses: actions/cache@v5
+ - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.cache/pip
key: ubuntu-doc-${{ hashFiles('Doc/requirements.txt') }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index ab8ce3855cb404..5bbb6f0cb414ee 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -14,7 +14,7 @@ jobs:
steps:
- name: "Check PRs"
- uses: actions/stale@v9
+ uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-pr-message: 'This PR is stale because it has been open for 30
days with no activity.'
diff --git a/.github/workflows/verify-ensurepip-wheels.yml
b/.github/workflows/verify-ensurepip-wheels.yml
index 4c75252cba0972..fe27c4f09319ec 100644
--- a/.github/workflows/verify-ensurepip-wheels.yml
+++ b/.github/workflows/verify-ensurepip-wheels.yml
@@ -24,8 +24,8 @@ jobs:
verify:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
- - uses: actions/setup-python@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: '3'
- name: Compare checksums of bundled pip and setuptools to ones
published on PyPI
diff --git a/.github/workflows/verify-expat.yml
b/.github/workflows/verify-expat.yml
index 6b12b95cb11ff2..472a11db2da5fb 100644
--- a/.github/workflows/verify-expat.yml
+++ b/.github/workflows/verify-expat.yml
@@ -23,7 +23,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- name: Download and verify bundled libexpat files
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
