diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2e8824a73..939bbd04a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,11 +13,11 @@ jobs: dist: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: hynek/build-and-inspect-python-package@v2 + - uses: hynek/build-and-inspect-python-package@efb823f52190ad02594531168b7a2d5790e66516 # v2.14.0 publish: needs: [dist] @@ -31,7 +31,7 @@ jobs: attestations: write steps: - - uses: actions/download-artifact@v8 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: Packages path: dist @@ -41,6 +41,6 @@ jobs: with: subject-path: "dist/cibuildwheel-*" - - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: attestations: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1dd620344..52c7a8db2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -39,35 +39,37 @@ jobs: name: Linters (mypy, ruff, etc.) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 id: python with: python-version: "3.x" - - uses: j178/prek-action@v1 + - uses: j178/prek-action@0bb87d7f00b0c99306c8bcb8b8beba1eb581c037 # v1.1.1 - name: PyLint checks - run: pipx run --python "${{ steps.python.outputs.python-path }}" nox -s pylint -- --output-format=github + run: pipx run --python "${STEPS_PYTHON_OUTPUTS_PYTHON_PATH}" nox -s pylint -- --output-format=github + env: + STEPS_PYTHON_OUTPUTS_PYTHON_PATH: ${{ steps.python.outputs.python-path }} sample: name: Generate a sample project needs: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 name: Install Python with: python-version: "3.x" - - uses: astral-sh/setup-uv@v7 + - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Install dependencies run: uv sync --no-dev --group test - name: Generate a sample project run: uv run --no-sync -m test.test_projects test.test_0_basic.basic_project sample_proj - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: sample_proj path: sample_proj @@ -117,16 +119,16 @@ jobs: test_select: android timeout-minutes: 180 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 name: Install Python ${{ matrix.python_version }} with: python-version: ${{ matrix.python_version }} allow-prereleases: true - - uses: astral-sh/setup-uv@v7 + - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Free up disk space if: runner.os == 'Linux' && matrix.test_select != 'android' @@ -139,7 +141,7 @@ jobs: # for oci_container unit tests - name: Set up QEMU if: runner.os == 'Linux' - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Xcode if: ${{ startsWith(matrix.os, 'macos-15') }} @@ -150,12 +152,12 @@ jobs: - name: Install dependencies run: uv sync --no-dev --group test - - uses: joerick/pr-labels-action@v1.0.9 + - uses: joerick/pr-labels-action@0543b277721e852d821c6738d449f2f4dea03d5f # v1.0.9 - name: Set CIBW_ENABLE shell: bash run: | - if [[ "${{ github.ref_name }}" == "main" ]]; then + if [[ "${GITHUB_REF_NAME}" == "main" ]]; then CIBW_ENABLE=all else # get the default CIBW_ENABLE value from the test module @@ -172,7 +174,7 @@ jobs: echo "CIBW_ENABLE=${CIBW_ENABLE}" >> $GITHUB_ENV - name: Download a sample project - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: sample_proj path: sample_proj @@ -230,7 +232,7 @@ jobs: run: | test $(find wheelhouse_only -name '*.whl' | wc -l) -eq 1 - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: cibw-wheels-${{ matrix.os }}-${{ strategy.job-index }} path: wheelhouse/*.whl @@ -247,13 +249,13 @@ jobs: outputs: archs: ${{ steps.archs.outputs.archs }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.x" - - uses: astral-sh/setup-uv@v7 + - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Install dependencies run: uv sync --no-dev --group test - name: Get qemu emulated architectures @@ -272,21 +274,23 @@ jobs: matrix: arch: ${{ fromJSON(needs.emulated-archs.outputs.archs) }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.x" - - uses: astral-sh/setup-uv@v7 + - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Install dependencies run: uv sync --no-dev --group test - name: Set up QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Run the emulation tests - run: uv run --no-sync pytest --run-emulation ${{ matrix.arch }} test/test_emulation.py + run: uv run --no-sync pytest --run-emulation ${MATRIX_ARCH} test/test_emulation.py + env: + MATRIX_ARCH: ${{ matrix.arch }} test-pyodide: name: Test pyodide @@ -294,20 +298,20 @@ jobs: runs-on: ubuntu-24.04 timeout-minutes: 180 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 name: Install Python 3.12 with: python-version: '3.12' - - uses: astral-sh/setup-uv@v7 + - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Install dependencies run: uv sync --no-dev --group test - name: Download a sample project - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: sample_proj path: sample_proj @@ -344,11 +348,11 @@ jobs: - os: macos-15 test_select: android steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Download a sample project - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: sample_proj path: sample_proj diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 1403cd734..9323261b2 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -28,18 +28,18 @@ jobs: # we use this step to grab a Github App auth token, so that PRs generated by this workflow # run the GHA tests. - - uses: actions/create-github-app-token@v2 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: generate-token if: github.ref == 'refs/heads/main' && github.repository == 'pypa/cibuildwheel' with: app-id: ${{ secrets.CIBUILDWHEEL_BOT_APP_ID }} private-key: ${{ secrets.CIBUILDWHEEL_BOT_APP_PRIVATE_KEY }} - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: wntrblm/nox@2026.02.09 + - uses: wntrblm/nox@5a277b752f6094150e25237d47c34168e2b7526e # 2026.02.09 - name: "Run update: dependencies" run: nox --force-color -s update_constraints @@ -50,7 +50,7 @@ jobs: - name: Create Pull Request if: github.ref == 'refs/heads/main' && github.repository == 'pypa/cibuildwheel' - uses: peter-evans/create-pull-request@v8 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: commit-message: Update dependencies title: '[Bot] Update dependencies' diff --git a/.github/workflows/update-major-minor-tag.yml b/.github/workflows/update-major-minor-tag.yml index d08a3d7d7..b3e844876 100644 --- a/.github/workflows/update-major-minor-tag.yml +++ b/.github/workflows/update-major-minor-tag.yml @@ -21,12 +21,12 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Update the ${{ env.TAG_NAME }} tag id: update-major-minor-tag - uses: joerick/update-vX.Y-tag-action@v1.0 + uses: joerick/update-vX.Y-tag-action@c4cefb60c33b82e4aa73a469e4acf30ee48d5812 # v1.0.2 with: source-tag: ${{ env.TAG_NAME }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3880e7397..c23cc7e6b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,7 +3,7 @@ ci: repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v6.0.0 + rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # frozen: v6.0.0 hooks: - id: check-case-conflict - id: check-merge-conflict @@ -16,14 +16,14 @@ repos: - id: trailing-whitespace - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.15.5 + rev: 4924b0e01e032fea073ad04a1c5cfa7e4add0afb # frozen: v0.15.6 hooks: - id: ruff-check args: ["--fix", "--show-fixes"] - id: ruff-format - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.19.1 + rev: a66e98df7b4aeeb3724184b332785976d062b92e # frozen: v1.19.1 hooks: - id: mypy name: mypy 3.11 on cibuildwheel/ @@ -56,7 +56,7 @@ repos: additional_dependencies: *mypy-dependencies - repo: https://github.com/shellcheck-py/shellcheck-py - rev: v0.11.0.1 + rev: 745eface02aef23e168a8afb6b5737818efbea95 # frozen: v0.11.0.1 hooks: - id: shellcheck @@ -77,7 +77,7 @@ repos: additional_dependencies: [cogapp>=3.5] - repo: https://github.com/codespell-project/codespell - rev: v2.4.2 + rev: 2ccb47ff45ad361a21071a7eedda4c37e6ae8c5a # frozen: v2.4.2 hooks: - id: codespell args: ["-w"] @@ -85,7 +85,7 @@ repos: - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.37.0 + rev: 9f48a48aa91a6040d749ad68ec70907d907a5a7f # frozen: 0.37.0 hooks: - id: check-dependabot - id: check-github-actions