github: avoid using tags in action version specifiers

The security scanner doesn't like depending on a tag version (because tags can be moved).
2024-01-15 20:10:50 -08:00 · 2024-01-15 20:10:50 -08:00 · 23a2e70625
commit 23a2e70625
parent 34956f17e5
4 changed files with 11 additions and 11 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -67,11 +67,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
        with:
          python-version: 3.11
      - name: Install poetry
-        uses: abatilo/actions-poetry@v3
+        uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439
        with:
          poetry-version: latest
      - name: Install dependencies
@ -84,11 +84,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
        with:
          python-version: 3.11
      - name: Install poetry
-        uses: abatilo/actions-poetry@v3
+        uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439
        with:
          # Test with the version of Poetry in Debian stable. If this starts
          # failing, we should increase this version and document the minimum
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@ -18,11 +18,11 @@ jobs:
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
      - run:  "git fetch origin gh-pages --depth=1"
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
        with:
          python-version: 3.11
      - name: Install poetry
-        uses: abatilo/actions-poetry@v3
+        uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439
        with:
          poetry-version: latest
      - name: Install dependencies, compile and deploy docs
--- a/.github/workflows/nix-update-flake.yml
+++ b/.github/workflows/nix-update-flake.yml
@ -9,7 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@cd46bde16ab981b0a7b2dce0574509104543276e
      - name: Update flake.lock
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -82,11 +82,11 @@ jobs:
          sudo apt-get update
          sudo apt-get install -y --no-install-recommends xz-utils liblz4-tool musl-tools
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
        with:
          python-version: 3.11
      - name: Install poetry
-        uses: abatilo/actions-poetry@v3
+        uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439
        with:
          poetry-version: latest
      - name: Compile docs and zip them up
@ -114,11 +114,11 @@ jobs:
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
      - run:  "git fetch origin gh-pages --depth=1"
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
        with:
          python-version: 3.11
      - name: Install poetry
-        uses: abatilo/actions-poetry@v3
+        uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439
        with:
          poetry-version: latest
      - name: Install dependencies, compile and deploy docs to the "latest release" section of the website