From 5488865834069ba4ce89035b75fe44977673cb45 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 12:16:57 +0200 Subject: [PATCH 01/10] Switch all actions/checkout to jinja variable --- .../github/workflows/build-and-publish.yml | 2 +- .../github/workflows/check-release-tag.yml | 2 +- .../templates/github/workflows/checks.yml | 16 ++++++++-------- .../templates/github/workflows/gh-pages.yml | 2 +- .../templates/github/workflows/matrix-all.yml | 2 +- .../templates/github/workflows/matrix-exasol.yml | 2 +- .../templates/github/workflows/matrix-python.yml | 2 +- .../templates/github/workflows/report.yml | 2 +- .../templates/github/workflows/slow-checks.yml | 2 +- 9 files changed, 16 insertions(+), 16 deletions(-) diff --git a/exasol/toolbox/templates/github/workflows/build-and-publish.yml b/exasol/toolbox/templates/github/workflows/build-and-publish.yml index 83877e39d..a0f88b74c 100644 --- a/exasol/toolbox/templates/github/workflows/build-and-publish.yml +++ b/exasol/toolbox/templates/github/workflows/build-and-publish.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment diff --git a/exasol/toolbox/templates/github/workflows/check-release-tag.yml b/exasol/toolbox/templates/github/workflows/check-release-tag.yml index f9fb6f697..0d0bf6659 100644 --- a/exasol/toolbox/templates/github/workflows/check-release-tag.yml +++ b/exasol/toolbox/templates/github/workflows/check-release-tag.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment diff --git a/exasol/toolbox/templates/github/workflows/checks.yml b/exasol/toolbox/templates/github/workflows/checks.yml index ee09b0e9f..5503813ca 100644 --- a/exasol/toolbox/templates/github/workflows/checks.yml +++ b/exasol/toolbox/templates/github/workflows/checks.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment @@ -38,7 +38,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment @@ -63,7 +63,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment @@ -98,7 +98,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment @@ -124,7 +124,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment @@ -153,7 +153,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment @@ -175,7 +175,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment @@ -201,7 +201,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment diff --git a/exasol/toolbox/templates/github/workflows/gh-pages.yml b/exasol/toolbox/templates/github/workflows/gh-pages.yml index 4341e2316..47d094e3e 100644 --- a/exasol/toolbox/templates/github/workflows/gh-pages.yml +++ b/exasol/toolbox/templates/github/workflows/gh-pages.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" with: fetch-depth: 0 diff --git a/exasol/toolbox/templates/github/workflows/matrix-all.yml b/exasol/toolbox/templates/github/workflows/matrix-all.yml index d78b3e6bb..30cd65c7f 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-all.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-all.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment diff --git a/exasol/toolbox/templates/github/workflows/matrix-exasol.yml b/exasol/toolbox/templates/github/workflows/matrix-exasol.yml index f63000906..6c78571c8 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-exasol.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-exasol.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment diff --git a/exasol/toolbox/templates/github/workflows/matrix-python.yml b/exasol/toolbox/templates/github/workflows/matrix-python.yml index 7d091a078..aab413ba6 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-python.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-python.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment diff --git a/exasol/toolbox/templates/github/workflows/report.yml b/exasol/toolbox/templates/github/workflows/report.yml index 54114c0f0..e258cecdc 100644 --- a/exasol/toolbox/templates/github/workflows/report.yml +++ b/exasol/toolbox/templates/github/workflows/report.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" with: fetch-depth: 0 diff --git a/exasol/toolbox/templates/github/workflows/slow-checks.yml b/exasol/toolbox/templates/github/workflows/slow-checks.yml index d94cf01ad..b7e50cb45 100644 --- a/exasol/toolbox/templates/github/workflows/slow-checks.yml +++ b/exasol/toolbox/templates/github/workflows/slow-checks.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@(( action_shas.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment From 0ab3fcd5eaf17bd0384ceb3ada745b83079ca780 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 12:19:28 +0200 Subject: [PATCH 02/10] Switch all PTB environment to jinja variable --- .../github/workflows/build-and-publish.yml | 2 +- .../github/workflows/check-release-tag.yml | 2 +- .../templates/github/workflows/checks.yml | 16 ++++++++-------- .../templates/github/workflows/gh-pages.yml | 2 +- .../templates/github/workflows/matrix-all.yml | 2 +- .../templates/github/workflows/matrix-exasol.yml | 2 +- .../templates/github/workflows/matrix-python.yml | 2 +- .../templates/github/workflows/report.yml | 2 +- .../templates/github/workflows/slow-checks.yml | 2 +- 9 files changed, 16 insertions(+), 16 deletions(-) diff --git a/exasol/toolbox/templates/github/workflows/build-and-publish.yml b/exasol/toolbox/templates/github/workflows/build-and-publish.yml index a0f88b74c..29f19658e 100644 --- a/exasol/toolbox/templates/github/workflows/build-and-publish.yml +++ b/exasol/toolbox/templates/github/workflows/build-and-publish.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/check-release-tag.yml b/exasol/toolbox/templates/github/workflows/check-release-tag.yml index 0d0bf6659..2e0900016 100644 --- a/exasol/toolbox/templates/github/workflows/check-release-tag.yml +++ b/exasol/toolbox/templates/github/workflows/check-release-tag.yml @@ -17,7 +17,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/checks.yml b/exasol/toolbox/templates/github/workflows/checks.yml index 5503813ca..ce289b770 100644 --- a/exasol/toolbox/templates/github/workflows/checks.yml +++ b/exasol/toolbox/templates/github/workflows/checks.yml @@ -16,7 +16,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -42,7 +42,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -67,7 +67,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: ${{ matrix.python-versions }} poetry-version: "(( dependency_manager_version ))" @@ -102,7 +102,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: ${{ matrix.python-versions }} poetry-version: "(( dependency_manager_version ))" @@ -128,7 +128,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: ${{ matrix.python-versions }} poetry-version: "(( dependency_manager_version ))" @@ -157,7 +157,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -179,7 +179,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -205,7 +205,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: ${{ matrix.python-versions }} poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/gh-pages.yml b/exasol/toolbox/templates/github/workflows/gh-pages.yml index 47d094e3e..d2c01066d 100644 --- a/exasol/toolbox/templates/github/workflows/gh-pages.yml +++ b/exasol/toolbox/templates/github/workflows/gh-pages.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/matrix-all.yml b/exasol/toolbox/templates/github/workflows/matrix-all.yml index 30cd65c7f..ef021ca67 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-all.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-all.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/matrix-exasol.yml b/exasol/toolbox/templates/github/workflows/matrix-exasol.yml index 6c78571c8..3e0fe039f 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-exasol.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-exasol.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/matrix-python.yml b/exasol/toolbox/templates/github/workflows/matrix-python.yml index aab413ba6..6604c543a 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-python.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-python.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/report.yml b/exasol/toolbox/templates/github/workflows/report.yml index e258cecdc..5845061a5 100644 --- a/exasol/toolbox/templates/github/workflows/report.yml +++ b/exasol/toolbox/templates/github/workflows/report.yml @@ -20,7 +20,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/slow-checks.yml b/exasol/toolbox/templates/github/workflows/slow-checks.yml index b7e50cb45..f885ace82 100644 --- a/exasol/toolbox/templates/github/workflows/slow-checks.yml +++ b/exasol/toolbox/templates/github/workflows/slow-checks.yml @@ -29,7 +29,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v7 + uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" with: python-version: ${{ matrix.python-version }} poetry-version: "(( dependency_manager_version ))" From 788510d4dcca6ae28ef164f98b7f3c8da6f02056 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 12:24:16 +0200 Subject: [PATCH 03/10] Switch all upload artifact to jinja variable --- exasol/toolbox/templates/github/workflows/checks.yml | 6 +++--- exasol/toolbox/templates/github/workflows/slow-checks.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/exasol/toolbox/templates/github/workflows/checks.yml b/exasol/toolbox/templates/github/workflows/checks.yml index ce289b770..156804811 100644 --- a/exasol/toolbox/templates/github/workflows/checks.yml +++ b/exasol/toolbox/templates/github/workflows/checks.yml @@ -78,7 +78,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: actions/upload-artifact@v7 + uses: "actions/upload-artifact@(( action_shas.upload_artifact ))" with: name: lint-python${{ matrix.python-versions }} path: | @@ -139,7 +139,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: actions/upload-artifact@v7 + uses: "actions/upload-artifact@(( action_shas.upload_artifact ))" with: name: security-python${{ matrix.python-versions }} path: .security.json @@ -216,7 +216,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: actions/upload-artifact@v7 + uses: "actions/upload-artifact@(( action_shas.upload_artifact ))" with: name: coverage-python${{ matrix.python-versions }}-fast path: .coverage diff --git a/exasol/toolbox/templates/github/workflows/slow-checks.yml b/exasol/toolbox/templates/github/workflows/slow-checks.yml index f885ace82..652726458 100644 --- a/exasol/toolbox/templates/github/workflows/slow-checks.yml +++ b/exasol/toolbox/templates/github/workflows/slow-checks.yml @@ -40,7 +40,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: actions/upload-artifact@v7 + uses: "actions/upload-artifact@(( action_shas.upload_artifact ))" with: name: coverage-python${{ matrix.python-version }}-exasol${{ matrix.exasol-version }}-slow path: .coverage From 530c0c62fb5e2324d140694b8813dd066a0ce0c2 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 12:25:29 +0200 Subject: [PATCH 04/10] Switch all download artifact to jinja variable --- exasol/toolbox/templates/github/workflows/report.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exasol/toolbox/templates/github/workflows/report.yml b/exasol/toolbox/templates/github/workflows/report.yml index 5845061a5..a30d5373e 100644 --- a/exasol/toolbox/templates/github/workflows/report.yml +++ b/exasol/toolbox/templates/github/workflows/report.yml @@ -27,7 +27,7 @@ jobs: - name: Download Artifacts id: download-artifacts - uses: actions/download-artifact@v8 + uses: "actions/download-artifact@(( action_shas.download_artifact ))" with: path: ./artifacts From 8ceba4496fcef53c0be7fbb32d623103e9af3b09 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 12:26:33 +0200 Subject: [PATCH 05/10] Switch all update pages artifact to jinja variable --- exasol/toolbox/templates/github/workflows/gh-pages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exasol/toolbox/templates/github/workflows/gh-pages.yml b/exasol/toolbox/templates/github/workflows/gh-pages.yml index d2c01066d..96db3adc7 100644 --- a/exasol/toolbox/templates/github/workflows/gh-pages.yml +++ b/exasol/toolbox/templates/github/workflows/gh-pages.yml @@ -32,7 +32,7 @@ jobs: - name: Upload Artifact id: upload-artifact - uses: actions/upload-pages-artifact@v5.0.0 + uses: "actions/upload-pages-artifact@(( action_shas.upload_pages_artifact ))" with: path: html-documentation From 3dc0866c482396bad14491e9adb4328abb87abfd Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 12:27:17 +0200 Subject: [PATCH 06/10] Switch all deploy pages artifact to jinja variable --- exasol/toolbox/templates/github/workflows/gh-pages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exasol/toolbox/templates/github/workflows/gh-pages.yml b/exasol/toolbox/templates/github/workflows/gh-pages.yml index 96db3adc7..0e4cee21c 100644 --- a/exasol/toolbox/templates/github/workflows/gh-pages.yml +++ b/exasol/toolbox/templates/github/workflows/gh-pages.yml @@ -50,4 +50,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deploy-to-github-pages - uses: actions/deploy-pages@v5 + uses: "actions/deploy-pages@(( action_shas.deploy_pages ))" From 6a98430e188df02a16154bd5ebd6fd3ab605e5ef Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 13:52:04 +0200 Subject: [PATCH 07/10] Switch to github_action_pins. --- .../github/workflows/build-and-publish.yml | 4 +- .../github/workflows/check-release-tag.yml | 4 +- .../templates/github/workflows/checks.yml | 38 +++++++++---------- .../templates/github/workflows/gh-pages.yml | 8 ++-- .../templates/github/workflows/matrix-all.yml | 4 +- .../github/workflows/matrix-exasol.yml | 4 +- .../github/workflows/matrix-python.yml | 4 +- .../templates/github/workflows/report.yml | 6 +-- .../github/workflows/slow-checks.yml | 6 +-- 9 files changed, 39 insertions(+), 39 deletions(-) diff --git a/exasol/toolbox/templates/github/workflows/build-and-publish.yml b/exasol/toolbox/templates/github/workflows/build-and-publish.yml index 29f19658e..632a2d413 100644 --- a/exasol/toolbox/templates/github/workflows/build-and-publish.yml +++ b/exasol/toolbox/templates/github/workflows/build-and-publish.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/check-release-tag.yml b/exasol/toolbox/templates/github/workflows/check-release-tag.yml index 2e0900016..a955094d3 100644 --- a/exasol/toolbox/templates/github/workflows/check-release-tag.yml +++ b/exasol/toolbox/templates/github/workflows/check-release-tag.yml @@ -13,11 +13,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/checks.yml b/exasol/toolbox/templates/github/workflows/checks.yml index 156804811..2da37045f 100644 --- a/exasol/toolbox/templates/github/workflows/checks.yml +++ b/exasol/toolbox/templates/github/workflows/checks.yml @@ -12,11 +12,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -38,11 +38,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -63,11 +63,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: ${{ matrix.python-versions }} poetry-version: "(( dependency_manager_version ))" @@ -78,7 +78,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: "actions/upload-artifact@(( action_shas.upload_artifact ))" + uses: "actions/upload-artifact@(( github_action_pins.upload_artifact ))" with: name: lint-python${{ matrix.python-versions }} path: | @@ -98,11 +98,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: ${{ matrix.python-versions }} poetry-version: "(( dependency_manager_version ))" @@ -124,11 +124,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: ${{ matrix.python-versions }} poetry-version: "(( dependency_manager_version ))" @@ -139,7 +139,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: "actions/upload-artifact@(( action_shas.upload_artifact ))" + uses: "actions/upload-artifact@(( github_action_pins.upload_artifact ))" with: name: security-python${{ matrix.python-versions }} path: .security.json @@ -153,11 +153,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -175,11 +175,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -201,11 +201,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: ${{ matrix.python-versions }} poetry-version: "(( dependency_manager_version ))" @@ -216,7 +216,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: "actions/upload-artifact@(( action_shas.upload_artifact ))" + uses: "actions/upload-artifact@(( github_action_pins.upload_artifact ))" with: name: coverage-python${{ matrix.python-versions }}-fast path: .coverage diff --git a/exasol/toolbox/templates/github/workflows/gh-pages.yml b/exasol/toolbox/templates/github/workflows/gh-pages.yml index 0e4cee21c..c27eb1cbe 100644 --- a/exasol/toolbox/templates/github/workflows/gh-pages.yml +++ b/exasol/toolbox/templates/github/workflows/gh-pages.yml @@ -13,13 +13,13 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" with: fetch-depth: 0 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" @@ -32,7 +32,7 @@ jobs: - name: Upload Artifact id: upload-artifact - uses: "actions/upload-pages-artifact@(( action_shas.upload_pages_artifact ))" + uses: "actions/upload-pages-artifact@(( github_action_pins.upload_pages_artifact ))" with: path: html-documentation @@ -50,4 +50,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deploy-to-github-pages - uses: "actions/deploy-pages@(( action_shas.deploy_pages ))" + uses: "actions/deploy-pages@(( github_action_pins.deploy_pages ))" diff --git a/exasol/toolbox/templates/github/workflows/matrix-all.yml b/exasol/toolbox/templates/github/workflows/matrix-all.yml index ef021ca67..7b64205dc 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-all.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-all.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/matrix-exasol.yml b/exasol/toolbox/templates/github/workflows/matrix-exasol.yml index 3e0fe039f..996c5d8cc 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-exasol.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-exasol.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/matrix-python.yml b/exasol/toolbox/templates/github/workflows/matrix-python.yml index 6604c543a..98f161f41 100644 --- a/exasol/toolbox/templates/github/workflows/matrix-python.yml +++ b/exasol/toolbox/templates/github/workflows/matrix-python.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" diff --git a/exasol/toolbox/templates/github/workflows/report.yml b/exasol/toolbox/templates/github/workflows/report.yml index a30d5373e..0d911dc95 100644 --- a/exasol/toolbox/templates/github/workflows/report.yml +++ b/exasol/toolbox/templates/github/workflows/report.yml @@ -14,20 +14,20 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" with: fetch-depth: 0 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: "(( minimum_python_version ))" poetry-version: "(( dependency_manager_version ))" - name: Download Artifacts id: download-artifacts - uses: "actions/download-artifact@(( action_shas.download_artifact ))" + uses: "actions/download-artifact@(( github_action_pins.download_artifact ))" with: path: ./artifacts diff --git a/exasol/toolbox/templates/github/workflows/slow-checks.yml b/exasol/toolbox/templates/github/workflows/slow-checks.yml index 652726458..22f73a280 100644 --- a/exasol/toolbox/templates/github/workflows/slow-checks.yml +++ b/exasol/toolbox/templates/github/workflows/slow-checks.yml @@ -25,11 +25,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: "actions/checkout@(( action_shas.checkout ))" + uses: "actions/checkout@(( github_action_pins.checkout ))" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: "exasol/python-toolbox/.github/actions/python-environment@(( action_shas.ptb_python ))" + uses: "exasol/python-toolbox/.github/actions/python-environment@(( github_action_pins.ptb_python ))" with: python-version: ${{ matrix.python-version }} poetry-version: "(( dependency_manager_version ))" @@ -40,7 +40,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: "actions/upload-artifact@(( action_shas.upload_artifact ))" + uses: "actions/upload-artifact@(( github_action_pins.upload_artifact ))" with: name: coverage-python${{ matrix.python-version }}-exasol${{ matrix.exasol-version }}-slow path: .coverage From b34c9a22ba872f60f70d7f9a8d9eea8db0be281a Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 13:52:36 +0200 Subject: [PATCH 08/10] Add class to define GitHub action pins --- exasol/toolbox/config.py | 37 +++++++++++++++++++++++++++++++++++++ test/unit/config_test.py | 26 ++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/exasol/toolbox/config.py b/exasol/toolbox/config.py index dd2427ff9..9594e8de5 100644 --- a/exasol/toolbox/config.py +++ b/exasol/toolbox/config.py @@ -86,6 +86,7 @@ def valid_version_string(version_string: str) -> str: ValidPluginHook = Annotated[type[Any], AfterValidator(validate_plugin_hook)] ValidVersionStr = Annotated[str, AfterValidator(valid_version_string)] +SHA_1 = Annotated[str, Field(pattern=r"^[0-9a-fA-F]{40}$")] DEFAULT_EXCLUDED_PATHS = { ".eggs", @@ -121,6 +122,37 @@ def check_minimum_version(cls, v: str, info: ValidationInfo) -> str: return v +class GitHubActionPins(BaseModel): + """ + GitHub action pins for use in the workflow templates. + """ + + checkout: SHA_1 = Field( + default="de0fac2e4500dabe0009e67214ff5f5447ce83dd", # v6.0.2 + description="Commit SHA for actions/checkout", + ) + deploy_pages: SHA_1 = Field( + default="cd2ce8fcbc39b97be8ca5fce6e763baed58fa128", # v5.0.0 + description="Commit SHA for actions/deploy-pages", + ) + download_artifact: SHA_1 = Field( + default="3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c", # v8.0.1 + description="Commit SHA for actions/download-artifact", + ) + ptb_python: SHA_1 = Field( + default="de9c841d1e0c1d59b267900baf25da913330a25a", # v7 + description="Commit SHA for exasol/python-toolbox/.github/actions/python-environment", + ) + upload_artifact: SHA_1 = Field( + default="043fb46d1a93c77aae656e7c1c64a875d1fc6a0a", # v7.0.1 + description="Commit SHA for actions/upload-artifact", + ) + upload_pages_artifact: SHA_1 = Field( + default="fc324d3547104276b827a68afc52ff2a11cc49c9", # v5.0.0 + description="Commit SHA for actions/upload-pages-artifact", + ) + + class BaseConfig(BaseModel): """ Basic configuration for projects using the PTB @@ -191,6 +223,10 @@ class BaseConfig(BaseModel): are supported. """, ) + github_action_pins: GitHubActionPins = Field( + default_factory=GitHubActionPins, + description="This is used to specify the GitHub action pins used in the workflow templates.", + ) model_config = ConfigDict(frozen=True, arbitrary_types_allowed=True) @computed_field # type: ignore[misc] @@ -280,6 +316,7 @@ def github_template_dict(self) -> dict[str, Any]: configurations. """ return { + "github_action_pins": self.github_action_pins.model_dump(), "dependency_manager_version": self.dependency_manager.version, "minimum_python_version": self.minimum_python_version, "os_version": self.os_version, diff --git a/test/unit/config_test.py b/test/unit/config_test.py index be6a326bf..88a08572a 100644 --- a/test/unit/config_test.py +++ b/test/unit/config_test.py @@ -9,6 +9,7 @@ DEFAULT_EXCLUDED_PATHS, BaseConfig, DependencyManager, + GitHubActionPins, valid_version_string, warnings, ) @@ -31,6 +32,7 @@ def test_works_as_defined(tmp_path, test_project_config_factory): root_path = config.root_path assert config.model_dump() == { "add_to_excluded_python_paths": (), + "github_action_pins": GitHubActionPins().model_dump(), "create_major_version_tags": False, "dependency_manager": {"name": "poetry", "version": "2.3.0"}, "documentation_path": root_path / "doc", @@ -39,6 +41,7 @@ def test_works_as_defined(tmp_path, test_project_config_factory): "github_workflow_directory": tmp_path / ".github" / "workflows", "github_workflow_patcher_yaml": None, "github_template_dict": { + "github_action_pins": GitHubActionPins().model_dump(), "dependency_manager_version": "2.3.0", "minimum_python_version": "3.10", "os_version": "ubuntu-24.04", @@ -97,6 +100,29 @@ def test_raises_exception_when_not_valid(): valid_version_string("$.2.3") +class TestGitHubActionSHAs: + @staticmethod + def test_works_as_expected(): + sha_1 = "cd2ce8fcbc39b97be8ca5fce6e763baed58fa128" + result = GitHubActionPins(checkout=sha_1) + + assert result.checkout == sha_1 + + @staticmethod + @pytest.mark.parametrize( + "sha", + [ + pytest.param("123", id="too-short"), + pytest.param("g" * 40, id="non-hex"), + ], + ) + def test_raises_exception_when_sha_is_invalid(sha): + with pytest.raises(ValidationError) as ex: + GitHubActionPins(checkout=sha) + + assert "String should match pattern" in str(ex.value) + + class BaseConfigExpansion(BaseConfig): expansion1: str = "test1" From 7c2383d61562af4bd4eab37f2c61fbfd7e17d345 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 13:58:43 +0200 Subject: [PATCH 09/10] Add changelog entry --- doc/changes/unreleased.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index fb4737052..240ea5866 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -1,3 +1,7 @@ # Unreleased ## Summary + +## Security Issues + +* #812: Switched GitHub actions from versioned to be pinned with SHAs From 8c98112b11cc233b0bc6b5eeb05d74feb2541730 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Thu, 30 Apr 2026 14:07:16 +0200 Subject: [PATCH 10/10] Update PTB workflows --- .github/workflows/build-and-publish.yml | 4 +-- .github/workflows/check-release-tag.yml | 4 +-- .github/workflows/checks.yml | 40 ++++++++++++------------- .github/workflows/gh-pages.yml | 8 ++--- .github/workflows/matrix-all.yml | 4 +-- .github/workflows/matrix-exasol.yml | 4 +-- .github/workflows/matrix-python.yml | 4 +-- .github/workflows/report.yml | 6 ++-- .github/workflows/slow-checks.yml | 6 ++-- 9 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 9ba56f8d6..88297ec3e 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/check-release-tag.yml b/.github/workflows/check-release-tag.yml index 5423c11a4..fca9a1b65 100644 --- a/.github/workflows/check-release-tag.yml +++ b/.github/workflows/check-release-tag.yml @@ -13,11 +13,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index a258fef3a..d5b7fdbcd 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -12,11 +12,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" @@ -38,11 +38,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" @@ -63,11 +63,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -78,7 +78,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: actions/upload-artifact@v7 + uses: "actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a" with: name: lint-python${{ matrix.python-versions }} path: | @@ -98,11 +98,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -124,11 +124,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -139,7 +139,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: actions/upload-artifact@v7 + uses: "actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a" with: name: security-python${{ matrix.python-versions }} path: .security.json @@ -153,11 +153,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" @@ -175,11 +175,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" @@ -196,11 +196,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" @@ -227,7 +227,7 @@ jobs: fetch-depth: 0 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -238,7 +238,7 @@ jobs: - name: Upload Artifacts id: upload-artifacts - uses: actions/upload-artifact@v7 + uses: "actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a" with: name: coverage-python${{ matrix.python-versions }}-fast path: .coverage diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 147d0453a..218ac87a1 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -13,13 +13,13 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" with: fetch-depth: 0 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" @@ -32,7 +32,7 @@ jobs: - name: Upload Artifact id: upload-artifact - uses: actions/upload-pages-artifact@v5.0.0 + uses: "actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9" with: path: html-documentation @@ -50,4 +50,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deploy-to-github-pages - uses: actions/deploy-pages@v5 + uses: "actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128" diff --git a/.github/workflows/matrix-all.yml b/.github/workflows/matrix-all.yml index 69a5aa4b4..0241f6860 100644 --- a/.github/workflows/matrix-all.yml +++ b/.github/workflows/matrix-all.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/matrix-exasol.yml b/.github/workflows/matrix-exasol.yml index 44b5cfd98..89411c675 100644 --- a/.github/workflows/matrix-exasol.yml +++ b/.github/workflows/matrix-exasol.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/matrix-python.yml b/.github/workflows/matrix-python.yml index 328799b6c..b9612f310 100644 --- a/.github/workflows/matrix-python.yml +++ b/.github/workflows/matrix-python.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index 8790ca1ab..8ea053a43 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -14,20 +14,20 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" with: fetch-depth: 0 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: "3.10" poetry-version: "2.3.0" - name: Download Artifacts id: download-artifacts - uses: actions/download-artifact@v8 + uses: "actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c" with: path: ./artifacts diff --git a/.github/workflows/slow-checks.yml b/.github/workflows/slow-checks.yml index 8f1b55e42..bacd35336 100644 --- a/.github/workflows/slow-checks.yml +++ b/.github/workflows/slow-checks.yml @@ -25,11 +25,11 @@ jobs: steps: - name: Check out Repository id: check-out-repository - uses: actions/checkout@v6 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: "exasol/python-toolbox/.github/actions/python-environment@de9c841d1e0c1d59b267900baf25da913330a25a" with: python-version: ${{ matrix.python-version }} poetry-version: "2.3.0" @@ -39,7 +39,7 @@ jobs: run: poetry run -- nox -s test:integration -- --coverage - name: Upload Artifacts id: upload-artifacts - uses: actions/upload-artifact@v7 + uses: "actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a" with: name: coverage-python${{ matrix.python-version }}-exasol${{ matrix.exasol-version }}-slow path: .coverage