From 66d1884ad95fb50d0b014ac7558950a559ac8017 Mon Sep 17 00:00:00 2001 From: Matthias Mair Date: Wed, 1 Jul 2026 23:50:05 +0200 Subject: [PATCH] fix pin syntax (#12287) * fix pin syntax * make pins precise * update target name and version --- .github/actions/setup/action.yaml | 6 +++--- .github/workflows/backport.yaml | 2 +- .github/workflows/docker.yaml | 20 +++++++++---------- .github/workflows/frontend.yaml | 18 ++++++++--------- .github/workflows/import_export.yaml | 2 +- .github/workflows/qc_checks.yaml | 28 +++++++++++++-------------- .github/workflows/release.yaml | 10 +++++----- .github/workflows/stale.yaml | 2 +- .github/workflows/translations.yaml | 2 +- .github/workflows/update.yml.disabled | 4 ++-- 10 files changed, 47 insertions(+), 47 deletions(-) diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index f312390970..f3ffaebee8 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -39,14 +39,14 @@ runs: using: 'composite' steps: - name: Checkout Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false # Python installs - name: Set up Python ${{ env.python_version }} if: ${{ inputs.python == 'true' && env.python_version != '3.14' }} - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # pin@v5.0.0 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: ${{ env.python_version }} cache: pip @@ -57,7 +57,7 @@ runs: contrib/dev_reqs/requirements.txt - name: Setup Python 3.14 if: ${{ inputs.python == 'true' && env.python_version == '3.14' }} - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # pin@v5.0.0 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: ${{ env.python_version }} - name: Install Base Python Dependencies diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index 7ac4bb2d1b..1a8a77502c 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -25,7 +25,7 @@ jobs: ) steps: - name: Backport Action - uses: sqren/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947 # pin@v9.2.2 + uses: sorenlouv/backport-github-action@8a6c0381851f43f9f1fddc7303f0e9015eb57b62 # v12.0.4 with: github_token: ${{ secrets.GITHUB_TOKEN }} auto_backport_label_prefix: backport-to- diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 561e861d57..af1943336e 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -42,7 +42,7 @@ jobs: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # pin@v4.0.1 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: filters: | @@ -167,7 +167,7 @@ jobs: with: persist-credentials: false - name: Set Up Python ${{ env.python_version }} - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # pin@v6.2.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.python_version }} - name: Version Check @@ -178,13 +178,13 @@ jobs: echo "git_commit_date=$(git show -s --format=%ci)" >> $GITHUB_ENV - name: Set up QEMU if: github.event_name != 'pull_request' - uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # pin@v4.1.0 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 - name: Set up Docker Buildx if: github.event_name != 'pull_request' - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # pin@v4.1.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Set up cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # pin@v4.1.2 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Check if Dockerhub login is required id: docker_login run: | @@ -195,14 +195,14 @@ jobs: fi - name: Login to Dockerhub if: github.event_name != 'pull_request' && steps.docker_login.outputs.skip_dockerhub_login != 'true' - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # pin@v4.2.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Log into registry ghcr.io if: github.event_name != 'pull_request' - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # pin@v4.2.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -211,16 +211,16 @@ jobs: - name: Extract Docker metadata if: github.event_name != 'pull_request' id: meta - uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # pin@v6.1.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: | inventree/inventree ghcr.io/${{ github.repository }} - - uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # pin@v1 + - uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1 - name: Push Docker Images id: push-docker if: github.event_name != 'pull_request' - uses: depot/build-push-action@98e78adca7817480b8185f474a400b451d74e287 # pin@v1 + uses: depot/build-push-action@98e78adca7817480b8185f474a400b451d74e287 # v1 with: project: jczzbjkk68 context: . diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml index 51276ddf7f..62a3a6c43e 100644 --- a/.github/workflows/frontend.yaml +++ b/.github/workflows/frontend.yaml @@ -49,7 +49,7 @@ jobs: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # pin@v4.0.1 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: filters: | @@ -86,7 +86,7 @@ jobs: run: | cd src/backend/InvenTree/web/static zip -r frontend-build.zip web/ web/.vite - - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: frontend-build path: src/backend/InvenTree/web/static/web @@ -141,7 +141,7 @@ jobs: - name: Install dependencies run: invoke int.frontend-compile --extract - name: Cache Playwright browsers - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # pin@v5.0.5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 id: playwright-cache with: path: ~/.cache/ms-playwright @@ -165,7 +165,7 @@ jobs: cp ./tests/fixtures/playwright_custom_splash.png ../backend/InvenTree/InvenTree/static/img/playwright_custom_splash.png invoke static env INVENTREE_CUSTOM_SPLASH="img/playwright_custom_splash.png" INVENTREE_CUSTOM_LOGO="img/playwright_custom_logo.png" PLAYWRIGHT_BASE_URL=http://localhost:8000 npx playwright test --project=firefox --shard=${{ matrix.shard }}/2 - - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ !cancelled() && steps.tests.outcome == 'failure' }} with: name: playwright-report-firefox-${{ matrix.shard }} @@ -223,7 +223,7 @@ jobs: - name: Install dependencies run: invoke int.frontend-compile --extract - name: Cache Playwright browsers - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # pin@v5.0.5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 id: playwright-cache with: path: ~/.cache/ms-playwright @@ -245,7 +245,7 @@ jobs: cd src/frontend npx nyc playwright test --project=chromium --shard=${{ matrix.shard }}/4 - name: Playwright Report [${{ matrix.shard }} / 4] - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ !cancelled() && steps.tests.outcome == 'failure' }} with: name: playwright-report-chromium-${{ matrix.shard }} @@ -253,7 +253,7 @@ jobs: if-no-files-found: error retention-days: 7 - name: Upload Coverage Artifact [${{ matrix.shard }} / 4] - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 id: coverage-upload if: ${{ !cancelled() && steps.tests.outcome != 'failure' }} with: @@ -285,7 +285,7 @@ jobs: update: false - name: Download Coverage Artifacts - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: coverage-* path: all-coverage/ @@ -304,7 +304,7 @@ jobs: - name: Upload coverage reports to Codecov if: ${{ !cancelled() && github.ref == 'refs/heads/master' }} - uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # pin@v7.0.0 + uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} slug: inventree/InvenTree diff --git a/.github/workflows/import_export.yaml b/.github/workflows/import_export.yaml index e9a500b4aa..c251bab557 100644 --- a/.github/workflows/import_export.yaml +++ b/.github/workflows/import_export.yaml @@ -51,7 +51,7 @@ jobs: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # pin@v4.0.1 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: filters: | diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml index 13ce079806..9dab7c79a1 100644 --- a/.github/workflows/qc_checks.yaml +++ b/.github/workflows/qc_checks.yaml @@ -47,7 +47,7 @@ jobs: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # pin@v4.0.1 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: filters: | @@ -112,12 +112,12 @@ jobs: with: persist-credentials: false - name: Set up Python ${{ env.python_version }} - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # pin@v6.2.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.python_version }} cache: "pip" - name: Run pre commit hook Checks - uses: j178/prek-action@bdca6f102f98e2b4c7029491a53dfd366469e33d # pin@v2 + uses: j178/prek-action@e98a699c41eb69ab013a45817a0406469a748f8d # v2.0.5 - name: Check Version run: | pip install --require-hashes -r contrib/dev_reqs/requirements.txt @@ -156,7 +156,7 @@ jobs: with: persist-credentials: false - name: Set up Python ${{ env.python_version }} - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # pin@v6.2.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.python_version }} - name: Check Config @@ -165,7 +165,7 @@ jobs: pip install --require-hashes -r docs/requirements.txt python docs/ci/check_mkdocs_config.py - name: Check Links - uses: tcort/github-action-markdown-link-check@e7c7a18363c842693fadde5d41a3bd3573a7a225 # pin@v1 + uses: tcort/github-action-markdown-link-check@e7c7a18363c842693fadde5d41a3bd3573a7a225 # v1 with: folder-path: docs config-file: docs/mlc_config.json @@ -202,7 +202,7 @@ jobs: - name: Export API Documentation run: invoke dev.schema --ignore-warnings --filename src/backend/InvenTree/schema.yml - name: Upload schema - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: schema.yml path: src/backend/InvenTree/schema.yml @@ -251,17 +251,17 @@ jobs: - name: Extract settings / tags run: invoke int.export-definitions --basedir docs - name: Upload settings - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: inventree_settings.json path: docs/generated/inventree_settings.json - name: Upload tags - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: inventree_tags.yml path: docs/generated/inventree_tags.yml - name: Upload filters - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: inventree_filters.yml path: docs/generated/inventree_filters.yml @@ -284,7 +284,7 @@ jobs: - name: Create artifact directory run: mkdir -p artifact - name: Download schema artifact - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: artifact merge-multiple: true @@ -301,7 +301,7 @@ jobs: echo "after move" ls -la artifact rm -rf artifact - - uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # pin@v7.1.0 + - uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0 name: Commit schema changes with: commit_message: "Update API schema for ${{ env.version }} / ${{ github.sha }}" @@ -409,13 +409,13 @@ jobs: - name: Coverage Tests run: invoke dev.test --check --coverage --translations - name: Upload raw coverage to artifacts - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage path: .coverage retention-days: 14 - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # pin@v7.0.0 + uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 if: always() with: token: ${{ secrets.CODECOV_TOKEN }} @@ -597,7 +597,7 @@ jobs: - name: Run Tests run: invoke dev.test --check --migrations --report --coverage --translations - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # pin@v7.0.0 + uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 if: always() with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7a8f69897a..a4d62d2710 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -28,7 +28,7 @@ jobs: pip install --require-hashes -r contrib/dev_reqs/requirements.txt python3 .github/scripts/version_check.py - name: Push to Stable Branch - uses: ad-m/github-push-action@881a6320fdb16eb5318c5054f31c218aec2b324c # pin@v1.3.0 + uses: ad-m/github-push-action@881a6320fdb16eb5318c5054f31c218aec2b324c # v1.3.0 if: env.stable_release == 'true' with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -57,7 +57,7 @@ jobs: - name: Build frontend run: cd src/frontend && npm run compile && npm run build - name: Create SBOM for frontend - uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # pin@v0 + uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # v0 with: artifact-name: frontend-build.spdx path: src/frontend @@ -75,7 +75,7 @@ jobs: zip -r ../frontend-build.zip * .vite - name: Attest Build Provenance id: attest - uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # pin@v4 + uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1 with: subject-path: "${{ github.workspace }}/src/backend/InvenTree/web/static/frontend-build.zip" @@ -85,7 +85,7 @@ jobs: REF: ${{ github.ref_name }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload frontend to artifacts - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: frontend-build path: src/backend/InvenTree/web/static/frontend-build.zip @@ -161,7 +161,7 @@ jobs: fetch-depth: 0 persist-credentials: false - name: Get frontend artifact - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: frontend-build - name: Setup diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index e7e3749e4a..2f5ddd5cee 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -16,7 +16,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # pin@v10.3.0 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: "This issue seems stale. Please react to show this is still important." diff --git a/.github/workflows/translations.yaml b/.github/workflows/translations.yaml index baf461cba7..9e35748748 100644 --- a/.github/workflows/translations.yaml +++ b/.github/workflows/translations.yaml @@ -56,7 +56,7 @@ jobs: echo "Resetting to HEAD~" git reset HEAD~ || true - name: crowdin action - uses: crowdin/github-action@52aa776766211d83d975df51f3b9c53c2f8ba35f # pin@v2 + uses: crowdin/github-action@52aa776766211d83d975df51f3b9c53c2f8ba35f # v2 with: upload_sources: true upload_translations: false diff --git a/.github/workflows/update.yml.disabled b/.github/workflows/update.yml.disabled index 900596bb09..fd97125053 100644 --- a/.github/workflows/update.yml.disabled +++ b/.github/workflows/update.yml.disabled @@ -9,7 +9,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup @@ -18,7 +18,7 @@ jobs: run: pip-compile --output-file=requirements.txt requirements.in -U - name: Update requirements-dev.txt run: pip-compile --generate-hashes --output-file=requirements-dev.txt requirements-dev.in -U - - uses: stefanzweifel/git-auto-commit-action@fd157da78fa13d9383e5580d1fd1184d89554b51 # pin@v4.15.1 + - uses: stefanzweifel/git-auto-commit-action@fd157da78fa13d9383e5580d1fd1184d89554b51 # v4.15.1 with: commit_message: "[Bot] Updated dependency" branch: dep-update