diff --git a/.github/actions/get-artifact-for-stage-tests/action.yml b/.github/actions/get-artifact-for-stage-tests/action.yml index feae95bd34..015f9468aa 100644 --- a/.github/actions/get-artifact-for-stage-tests/action.yml +++ b/.github/actions/get-artifact-for-stage-tests/action.yml @@ -49,7 +49,7 @@ runs: run: echo "GITHUB_ARTIFACT_NAME=${{ env.PYTHON_TAG }}-${{ inputs.wheel_os }}_${{ inputs.wheel_cpu_arch }}.build" >> $GITHUB_ENV shell: bash - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 if: ${{ inputs.get_from_jfrog == 'false' }} with: name: ${{ env.GITHUB_ARTIFACT_NAME }} @@ -70,7 +70,7 @@ runs: # End codepath that downloads artifacts from Github # Begin codepath that downloads from JFrog - - uses: jfrog/setup-jfrog-cli@v4 + - uses: jfrog/setup-jfrog-cli@88e9eba31c07e31beefa4cef5c0e93d1af9535d7 # v4 if: ${{ inputs.get_from_jfrog == 'true' }} env: JF_URL: ${{ inputs.JFROG_PLATFORM_URL }} diff --git a/.github/actions/run-ee-server/action.yml b/.github/actions/run-ee-server/action.yml index d4f492b439..732b3f2f36 100644 --- a/.github/actions/run-ee-server/action.yml +++ b/.github/actions/run-ee-server/action.yml @@ -40,7 +40,7 @@ runs: - name: Log into registry to get non-public server RCs # We can still pull public images while logged in, so just do this all the time to make things simple - uses: docker/login-action@v3 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: registry: ${{ inputs.registry-name }} username: ${{ inputs.registry-username }} @@ -54,11 +54,11 @@ runs: # QE images are not multi-platform and only support a single platform. - name: Allow building images from different platforms other than the native one - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # macOS Github runners and Windows self-hosted runners don't have buildx installed by default - if: ${{ runner.os == 'Windows' || runner.os == 'macOS' }} - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - run: echo CA_CERT_FILE_NAME="ca.cer" >> $GITHUB_ENV shell: bash @@ -69,7 +69,7 @@ runs: - name: Build Aerospike server Docker image for testing # We enable TLS standard authentication to verify that the OpenSSL library bundled with the wheel works # You can manually verify this by enabling debug logging in the client and checking that the server certificate was verified - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: # Don't want to use default Git context or else it will clone the whole Python client repo again context: .github/workflows/docker-build-context diff --git a/.github/workflows/build-and-run-stage-tests.yml b/.github/workflows/build-and-run-stage-tests.yml index b4a8fb8825..18788c6184 100644 --- a/.github/workflows/build-and-run-stage-tests.yml +++ b/.github/workflows/build-and-run-stage-tests.yml @@ -24,6 +24,11 @@ on: type: boolean default: true description: 'Test macOS x86 wheels (unstable)' + test-file: + required: false + type: string + default: '' + description: Allows you to choose specific test files to run. jobs: build-select-wheels: @@ -59,3 +64,4 @@ jobs: image-name: ${{ inputs.image-name }} server-tag: ${{ inputs.server-tag }} test-macos-x86: ${{ inputs.test-macos-x86 }} + test-file: ${{ inputs.test-file }} diff --git a/.github/workflows/build-sdist.yml b/.github/workflows/build-sdist.yml index fb6926701f..77b106656c 100644 --- a/.github/workflows/build-sdist.yml +++ b/.github/workflows/build-sdist.yml @@ -26,12 +26,12 @@ jobs: # The calling workflow can be triggered by push or pull request events, so there's that # https://github.com/actions/runner/issues/3146#issuecomment-2000017097 if: ${{ github.event_name != 'push' && github.event_name != 'pull_request' }} - uses: myrotvorets/set-commit-status-action@v2.0.0 + uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307 # v2.0.0 with: sha: ${{ env.COMMIT_SHA_TO_BUILD }} context: ${{ env.STATUS_CHECK_MESSAGE }} - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: submodules: recursive ref: ${{ env.COMMIT_SHA_TO_BUILD }} @@ -44,13 +44,13 @@ jobs: run: python3 -m build --sdist - name: Upload source distribution to GitHub - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: path: ./dist/*.tar.gz name: sdist.build - name: Set final commit status - uses: myrotvorets/set-commit-status-action@v2.0.0 + uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307 # v2.0.0 # Always run even if job failed or is cancelled # But we don't want to show anything if the calling workflow was triggered by these events if: ${{ always() && github.event_name != 'push' && github.event_name != 'pull_request' }} diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml index adee326bb9..da4f7f57b0 100644 --- a/.github/workflows/build-wheels.yml +++ b/.github/workflows/build-wheels.yml @@ -185,13 +185,13 @@ jobs: shell: bash - name: Show job status for commit - uses: myrotvorets/set-commit-status-action@v2.0.0 + uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307 # v2.0.0 if: ${{ github.event_name != 'push' && github.event_name != 'pull_request' }} with: sha: ${{ env.COMMIT_SHA_TO_BUILD_AND_TEST }} context: ${{ env.STATUS_CHECK_MESSAGE }} - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: submodules: recursive ref: ${{ env.COMMIT_SHA_TO_BUILD_AND_TEST }} @@ -200,7 +200,7 @@ jobs: - name: 'Windows: Add msbuild to PATH' if: ${{ inputs.platform-tag == 'win_amd64' }} - uses: microsoft/setup-msbuild@v1.1 + uses: microsoft/setup-msbuild@34cfbaee7f672c76950673338facd8a73f637506 # v1.1 - name: 'Windows: Install C client deps' if: ${{ inputs.platform-tag == 'win_amd64' }} @@ -253,7 +253,7 @@ jobs: - if: ${{ startsWith(inputs.platform-tag, 'manylinux') }} run: echo CIBW_MANYLINUX_AARCH64_IMAGE=${{ format(env.CUSTOM_IMAGE_NAME, 'aarch64', 'ebd269b4ecc3e186eeb0d734d765dfe9c606017a1cd5a122e08018b86b126217') }} >> $GITHUB_ENV - - uses: docker/login-action@v3 + - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 if: ${{ startsWith(inputs.platform-tag, 'manylinux') }} with: registry: ghcr.io @@ -294,7 +294,7 @@ jobs: run: echo CIBW_ENVIRONMENT_MACOS="LDFLAGS='-headerpad_max_install_names'" >> $GITHUB_ENV - name: Build wheel - uses: pypa/cibuildwheel@v3.1.3 + uses: pypa/cibuildwheel@352e01339f0a173aa2a3eb57f01492e341e83865 # v3.1.3 id: cibuildwheel env: # manylinux_2_28 x64 image doesn't search in this directory for shared libraries @@ -341,7 +341,7 @@ jobs: shell: bash - name: Upload wheels to GitHub - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 if: ${{ !cancelled() }} with: path: ./wheelhouse/*.whl @@ -349,7 +349,7 @@ jobs: if-no-files-found: error - name: Set final commit status - uses: myrotvorets/set-commit-status-action@v2.0.0 + uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307 # v2.0.0 if: ${{ always() && github.event_name != 'push' && github.event_name != 'pull_request' }} with: sha: ${{ env.COMMIT_SHA_TO_BUILD_AND_TEST }} @@ -373,13 +373,13 @@ jobs: shell: bash - name: Show job status for commit - uses: myrotvorets/set-commit-status-action@v2.0.0 + uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307 # v2.0.0 if: ${{ github.event_name != 'push' && github.event_name != 'pull_request' }} with: sha: ${{ env.COMMIT_SHA_TO_BUILD_AND_TEST }} context: ${{ env.STATUS_CHECK_MESSAGE }} - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ env.COMMIT_SHA_TO_BUILD_AND_TEST }} @@ -398,7 +398,7 @@ jobs: where-is-client-connecting-from: ${{ inputs.platform-tag == 'win_amd64' && 'remote-connection' || 'docker-host' }} - name: Download wheel - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: ${{ env.BUILD_IDENTIFIER }}.build @@ -411,7 +411,7 @@ jobs: echo PYTHON_VERSION="${PYTHON_VERSION/3/3.}" >> $GITHUB_ENV shell: bash - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: ${{ env.PYTHON_VERSION }} allow-prereleases: true @@ -430,7 +430,7 @@ jobs: - name: Show job status for commit if: ${{ always() && github.event_name != 'push' && github.event_name != 'pull_request' }} - uses: myrotvorets/set-commit-status-action@v2.0.0 + uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307 # v2.0.0 with: sha: ${{ env.COMMIT_SHA_TO_BUILD_AND_TEST }} status: ${{ job.status }} diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 7ec3716443..42ac4e8346 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -48,7 +48,7 @@ jobs: current_version: ${{ steps.get-current-version.outputs.current_version }} steps: # Checkout the branch where we want to bump the new version - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: token: ${{ secrets.CLIENT_BOT_PAT }} ref: ${{ inputs.ref }} @@ -64,7 +64,7 @@ jobs: new_version: ${{ steps.get-new-version.outputs.new_version }} steps: # Checkout branch where workflow is being called from - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Install library that parses PEP 440 versions run: pip install parver -c requirements.txt diff --git a/.github/workflows/delete-artifacts.yml b/.github/workflows/delete-artifacts.yml index 21a13b6cde..a99ca914e3 100644 --- a/.github/workflows/delete-artifacts.yml +++ b/.github/workflows/delete-artifacts.yml @@ -6,6 +6,6 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Remove artifacts with dev version - uses: geekyeggo/delete-artifact@v5 + uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 with: name: '*.build' diff --git a/.github/workflows/dev-to-stage.yml b/.github/workflows/dev-to-stage.yml index 5e8d203aec..aa26d2e773 100644 --- a/.github/workflows/dev-to-stage.yml +++ b/.github/workflows/dev-to-stage.yml @@ -13,7 +13,7 @@ jobs: run_stage_tests: ${{ steps.run_stage_tests.outputs.run_stage_tests }} runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: # Get all tags fetch-depth: 0 diff --git a/.github/workflows/fast-forward-merge.yml b/.github/workflows/fast-forward-merge.yml index 6b1237d253..b3d2385655 100644 --- a/.github/workflows/fast-forward-merge.yml +++ b/.github/workflows/fast-forward-merge.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: # Fetch the whole history to prevent unrelated history errors fetch-depth: '0' diff --git a/.github/workflows/stage-tests.yml b/.github/workflows/stage-tests.yml index 29b686d19c..fe39aa8666 100644 --- a/.github/workflows/stage-tests.yml +++ b/.github/workflows/stage-tests.yml @@ -39,6 +39,11 @@ on: type: boolean default: false description: 'Test macOS x86 wheels (unstable)' + test-file: + required: false + type: string + default: '' + description: 'Allows you to choose specific test files to run.' env: REGISTRY_USERNAME: ${{ inputs.registry-name == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} @@ -101,7 +106,7 @@ jobs: # TODO: the checkout code is also duplicated in the macOS stage tests # But it's only a few lines of code so I didn't bother to create a composite action for it. - name: Get tests and Github action scripts - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ inputs.use_jfrog_builds && inputs.jfrog-build-version-to-test || github.sha }} sparse-checkout: | @@ -182,7 +187,7 @@ jobs: run: docker exec --workdir /aerospike-client-python/test ${{ env.LINUX_DISTRO_CONTAINER_NAME }} python${{ env.PYTHON_VERSION }} -m ${{ env.PIP_INSTALL_COMMAND }} pytest -c requirements.txt - name: Run tests - run: docker exec --workdir /aerospike-client-python/test ${{ env.LINUX_DISTRO_CONTAINER_NAME }} python${{ env.PYTHON_VERSION }} -m pytest new_tests/ + run: docker exec --workdir /aerospike-client-python/test ${{ env.LINUX_DISTRO_CONTAINER_NAME }} python${{ env.PYTHON_VERSION }} -m pytest new_tests/${{ inputs.test-file }} macOS: if: ${{ inputs.test-macos-x86 }} @@ -204,7 +209,7 @@ jobs: runs-on: ${{ matrix.runner-os }} steps: - name: Get tests and Github action scripts - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ inputs.use_jfrog_builds && inputs.jfrog-build-version-to-test || github.sha }} sparse-checkout: | @@ -224,7 +229,7 @@ jobs: JFROG_ACCESS_TOKEN: ${{ secrets.JFROG_ACCESS_TOKEN }} JFROG_REPO_NAME: ${{ vars.JFROG_REPO_NAME }} - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v2 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/stage-to-master.yml b/.github/workflows/stage-to-master.yml index 154dc4dec8..c96ad48fe0 100644 --- a/.github/workflows/stage-to-master.yml +++ b/.github/workflows/stage-to-master.yml @@ -41,14 +41,14 @@ jobs: needs: build-artifacts steps: - name: Download and store all artifacts to single folder - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: path: artifacts merge-multiple: true # TODO: fix - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: packages-dir: artifacts/ password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.github/workflows/test-server-rc.yml b/.github/workflows/test-server-rc.yml index ed7625910d..0eb62f6bf8 100644 --- a/.github/workflows/test-server-rc.yml +++ b/.github/workflows/test-server-rc.yml @@ -29,7 +29,7 @@ jobs: ] runs-on: ${{ matrix.platform[1] }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - run: docker run -d --name manylinux quay.io/pypa/manylinux2014_${{ matrix.platform[0] }} tail -f /dev/null @@ -41,7 +41,7 @@ jobs: docker-hub-password: ${{ secrets.DOCKER_HUB_BOT_PW }} where-is-client-connecting-from: 'docker-container' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: ${{ matrix.python[1] }}-manylinux_${{ matrix.platform[0] }}.build path: ./ @@ -73,7 +73,7 @@ jobs: ] runs-on: macos-12-large steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: ./.github/actions/setup-docker-on-macos @@ -84,12 +84,12 @@ jobs: docker-hub-username: ${{ secrets.DOCKER_HUB_BOT_USERNAME }} docker-hub-password: ${{ secrets.DOCKER_HUB_BOT_PW }} - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: ${{ matrix.python[1] }}-macosx_x86_64.build path: ./ - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v2 with: python-version: ${{ matrix.python[0] }} @@ -119,9 +119,9 @@ jobs: ] fail-fast: false steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: ${{ matrix.python-version[1] }}-macosx_arm64.build path: ./ @@ -137,7 +137,7 @@ jobs: # Need to be able to save Docker Hub credentials to keychain - run: security unlock-keychain -p ${{ secrets.MAC_M1_SELF_HOSTED_RUNNER_PW }} - - uses: docker/login-action@v3 + - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: username: ${{ secrets.DOCKER_HUB_BOT_USERNAME }} password: ${{ secrets.DOCKER_HUB_BOT_PW }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c51c2f0344..4abed487ce 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -43,14 +43,14 @@ jobs: lint: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: submodules: recursive - - uses: actions/setup-python@v2 + - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4 with: python-version: ${{ env.LOWEST_SUPPORTED_PY_VERSION }} architecture: 'x64' - - uses: pre-commit/action@v3.0.0 + - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # v3.0.0 build: runs-on: ubuntu-22.04 @@ -66,12 +66,12 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: submodules: recursive fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: ${{ matrix.py-version }} architecture: 'x64' @@ -97,7 +97,7 @@ jobs: run: echo WHEEL_GH_ARTIFACT_NAME=${{ env.WHEEL_GH_ARTIFACT_NAME }}-sanitizer >> $GITHUB_ENV - name: Send wheel to test jobs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: ${{ env.WHEEL_GH_ARTIFACT_NAME }} path: ./dist/*.whl @@ -105,12 +105,12 @@ jobs: generate-coverage-report: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: submodules: recursive fetch-depth: 0 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4 with: python-version: ${{ env.LOWEST_SUPPORTED_PY_VERSION }} architecture: 'x64' @@ -184,7 +184,7 @@ jobs: - name: Upload coverage report folder to Github if: ${{ !cancelled() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: coverage-report path: build/temp*/src/main/ @@ -194,16 +194,16 @@ jobs: if: ${{ !cancelled() }} runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: submodules: recursive - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: coverage-report path: ./coverage-report - - uses: codecov/codecov-action@v5 + - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.1.1 with: directory: coverage-report verbose: true # optional (default = false) @@ -215,16 +215,16 @@ jobs: needs: build runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: submodules: recursive - - uses: actions/setup-python@v2 + - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4 with: python-version: ${{ env.LOWEST_SUPPORTED_PY_VERSION }} architecture: 'x64' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: wheel-${{ env.LOWEST_SUPPORTED_PY_VERSION }} @@ -240,18 +240,18 @@ jobs: runs-on: ubuntu-22.04 needs: build steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: submodules: recursive - - uses: actions/setup-python@v2 + - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4 with: python-version: ${{ env.LOWEST_SUPPORTED_PY_VERSION }} architecture: 'x64' - run: echo WHEEL_GH_ARTIFACT_NAME=wheel-${{ env.LOWEST_SUPPORTED_PY_VERSION }}-sanitizer >> $GITHUB_ENV - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: ${{ env.WHEEL_GH_ARTIFACT_NAME }} @@ -296,11 +296,11 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: submodules: recursive - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: ${{ matrix.py-version }} architecture: 'x64' @@ -308,7 +308,7 @@ jobs: - run: echo WHEEL_GH_ARTIFACT_NAME=wheel-${{ matrix.py-version }} >> $GITHUB_ENV - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: ${{ env.WHEEL_GH_ARTIFACT_NAME }} @@ -318,7 +318,7 @@ jobs: - name: Install test dependencies run: pip install -r test/requirements.txt - - uses: docker/login-action@v3 + - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: registry: ${{ env.REGISTRY_NAME }} username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} @@ -343,16 +343,16 @@ jobs: runs-on: ubuntu-22.04 needs: build steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: submodules: recursive - - uses: actions/setup-python@v2 + - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4 with: python-version: "3.13" architecture: 'x64' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: wheel-3.13 @@ -391,10 +391,10 @@ jobs: # -vv is too verbose and makes it hard to read logs - 'linkcheck -v . links' steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 with: submodules: recursive - - uses: actions/setup-python@v2 + - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4 with: python-version: 3.11 architecture: 'x64' @@ -415,12 +415,12 @@ jobs: fail-fast: false runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: ${{ env.LOWEST_SUPPORTED_PY_VERSION }} architecture: 'x64' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: wheel-${{ env.LOWEST_SUPPORTED_PY_VERSION }} - run: python3 -m pip install *.whl @@ -440,17 +440,17 @@ jobs: - "user_agent_with_ee" runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: ${{ env.LOWEST_SUPPORTED_PY_VERSION }} architecture: 'x64' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: wheel-${{ env.LOWEST_SUPPORTED_PY_VERSION }} - run: python3 -m pip install *.whl - - uses: docker/login-action@v3 + - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: registry: ${{ env.REGISTRY_NAME }} username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} diff --git a/.github/workflows/update-manylinux-openssl-image.yml b/.github/workflows/update-manylinux-openssl-image.yml index 25d2cc1f78..45ab1dd755 100644 --- a/.github/workflows/update-manylinux-openssl-image.yml +++ b/.github/workflows/update-manylinux-openssl-image.yml @@ -25,19 +25,19 @@ jobs: runs-on: ${{ matrix.arch-and-runner-os[1] }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: sparse-checkout: | .github/workflows path: aerospike-client-python - - uses: docker/login-action@v3 + - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/metadata-action@v5 + - uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 id: meta with: images: ${{ env.REGISTRY }}/aerospike/${{ env.MANYLINUX_TAG }}_${{ matrix.arch-and-runner-os[0] }} @@ -45,13 +45,13 @@ jobs: flavor: latest=false - name: Set up Docker Buildx so we can cache our Docker image layers - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Get cibuildwheel version used to build wheels run: echo CIBW_VERSION=$(yq eval '.jobs.cibuildwheel.steps | map(select(.id == "cibuildwheel"))[0].uses' build-wheels.yml | cut -f 2- -d "@") >> $GITHUB_ENV working-directory: aerospike-client-python/.github/workflows - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: repository: pypa/cibuildwheel ref: ${{ env.CIBW_VERSION }} @@ -82,7 +82,7 @@ jobs: working-directory: cibuildwheel - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: # Don't want to use default Git context or else it will clone the whole Python client repo again context: ${{ github.workspace }}/aerospike-client-python/.github/workflows diff --git a/.github/workflows/update-version.yml b/.github/workflows/update-version.yml index ce155ed1e4..28db7ef4cc 100644 --- a/.github/workflows/update-version.yml +++ b/.github/workflows/update-version.yml @@ -41,7 +41,7 @@ jobs: outputs: bump_sha: ${{ steps.get-bump-commit-sha.outputs.bump_sha }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: token: ${{ secrets.CLIENT_BOT_PAT }} ref: ${{ inputs.ref }} @@ -52,7 +52,7 @@ jobs: new_version: ${{ inputs.new_version }} - name: Commit new version - uses: stefanzweifel/git-auto-commit-action@v4 + uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4 with: commit_message: 'Auto-bump version to ${{ inputs.new_version }} [skip ci]' commit_author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> diff --git a/.github/workflows/upload-jfrog-build-to-pypi.yml b/.github/workflows/upload-jfrog-build-to-pypi.yml index 02a5f56bf8..657357bff1 100644 --- a/.github/workflows/upload-jfrog-build-to-pypi.yml +++ b/.github/workflows/upload-jfrog-build-to-pypi.yml @@ -16,7 +16,7 @@ jobs: publish-jfrog-build-to-pypi: runs-on: ubuntu-22.04 steps: - - uses: jfrog/setup-jfrog-cli@v4 + - uses: jfrog/setup-jfrog-cli@88e9eba31c07e31beefa4cef5c0e93d1af9535d7 # v4 env: JF_URL: ${{ secrets.JFROG_PLATFORM_URL }} JF_ACCESS_TOKEN: ${{ secrets.JFROG_ACCESS_TOKEN }} @@ -25,7 +25,7 @@ jobs: run: jf rt dl --build python-client/${{ inputs.version }} ${{ vars.JFROG_REPO_NAME }} - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: # This is the directory jf downloads the artifacts to packages-dir: aerospike/${{ inputs.version }}/artifacts diff --git a/.github/workflows/upload-to-jfrog.yml b/.github/workflows/upload-to-jfrog.yml index 04c31a2f3c..37411393e2 100644 --- a/.github/workflows/upload-to-jfrog.yml +++ b/.github/workflows/upload-to-jfrog.yml @@ -22,14 +22,14 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Download artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: pattern: '*.build' merge-multiple: true path: artifacts - name: Set up JFrog credentials - uses: jfrog/setup-jfrog-cli@v3 + uses: jfrog/setup-jfrog-cli@0f30b43d62ccad81fba40748d2c671c4665b2d27 # v3 env: JF_URL: ${{ secrets.JFROG_PLATFORM_URL }} JF_ACCESS_TOKEN: ${{ secrets.JFROG_ACCESS_TOKEN }} diff --git a/.github/workflows/valgrind.yml b/.github/workflows/valgrind.yml index 44c390a7a5..b5a3797408 100644 --- a/.github/workflows/valgrind.yml +++ b/.github/workflows/valgrind.yml @@ -41,7 +41,7 @@ jobs: env: JF_SEARCH_RESULTS_FILE_NAME: wheel_commit_matches.txt steps: - - uses: jfrog/setup-jfrog-cli@v4 + - uses: jfrog/setup-jfrog-cli@88e9eba31c07e31beefa4cef5c0e93d1af9535d7 # v4 env: JF_URL: ${{ secrets.JFROG_PLATFORM_URL }} JF_ACCESS_TOKEN: ${{ secrets.JFROG_ACCESS_TOKEN }} @@ -88,7 +88,7 @@ jobs: - name: Pass to valgrind job if: ${{ steps.count_num_artifacts_found.outputs.num_artifacts == 1 }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: # Artifact name doesn't matter. Valgrind job downloads all artifacts to get the one wheel if-no-files-found: error @@ -127,7 +127,7 @@ jobs: if: ${{ !cancelled() && (needs.look-for-wheel-in-jfrog.result == 'success' && (needs.look-for-wheel-in-jfrog.outputs.num_artifacts_found == 1) || (needs.look-for-wheel-in-jfrog.outputs.num_artifacts_found == 0 && needs.build-manylinux-wheel.result == 'success')) }} runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: submodules: recursive fetch-depth: 0 @@ -136,12 +136,12 @@ jobs: run: echo PYTHON_VERSION=$(echo ${{ env.PYTHON_TAG }} | sed -e "s/cp3/cp3./" -e "s/cp//") >> $GITHUB_ENV shell: bash - - uses: actions/setup-python@v2 + - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4 with: python-version: '${{ env.PYTHON_VERSION }}' architecture: 'x64' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: merge-multiple: true