Pin hashes in requirements (#7081)

* use global pin for requests * unify on yaml for workflo files * format workflow files * pin action versions * fix pinned version * use system venv * switch args * remove uv for now and add setting for pyyaml * use requirements file * also switch on docker flow * generate hashes * added hashes to reqs * add hashes for CI too * add hash checking * require hashes everywhere possible * require hashes where possible in docker
2025-06-15 03:25:42 +00:00 · 2024-04-23 09:15:52 +02:00
parent 3e52e5fd69
commit 938c724395
14 changed files with 1952 additions and 198 deletions
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -5,9 +5,6 @@ on:
  release:
    types: [published]

-env:
-  requests_version: 2.31.0
-
 permissions:
  contents: read

@ -21,7 +18,7 @@ jobs:
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
      - name: Version Check
        run: |
-          pip install requests==${{ env.requests_version }}
+          pip install --require-hashes -r .github/requirements.txt
          python3 .github/scripts/version_check.py
      - name: Push to Stable Branch
        uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # pin@v0.8.0