chore: gha - security improvements (#34)

mfiedorowicz · web-flow · commit 0729278ab1ac · 2024-12-30T11:56:06.000Z
Signed-off-by: Michal Fiedorowicz &lt;mfiedorowicz@netboxlabs.com&gt;
diff --git a/.github/workflows/lint-tests.yml b/.github/workflows/lint-tests.yml
@@ -43,7 +43,7 @@ jobs:
           pytest --junitxml=pytest.xml --cov-report=term-missing:skip-covered --cov=netboxlabs.diode.sdk tests/ | tee pytest-coverage.txt
 
       - name: Pytest coverage comment
-        uses: MishaKav/pytest-coverage-comment@main
+        uses: MishaKav/pytest-coverage-comment@81882822c5b22af01f91bd3eacb1cefb6ad73dc2 # v1
         with:
           pytest-coverage-path: ./pytest-coverage.txt
           junitxml-path: ./pytest.xml
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -44,7 +44,7 @@ jobs:
         with:
           node-version: "lts/*"
       - name: Write package.json
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 # v1.3
         with:
           path: ./package.json
           write-mode: overwrite
@@ -58,7 +58,7 @@ jobs:
               }
             }
       - name: Write .releaserc.json
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 # v1.3
         with:
           path: ./.releaserc.json
           write-mode: overwrite
@@ -168,7 +168,7 @@ jobs:
           retention-days: 30
           if-no-files-found: error
       - name: Publish release distributions to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v.1.12.3
         with:
           packages-dir: dist
 
@@ -183,7 +183,7 @@ jobs:
         with:
           node-version: "lts/*"
       - name: Write package.json
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 # v1.3
         with:
           path: ./package.json
           write-mode: overwrite
@@ -197,7 +197,7 @@ jobs:
               }
             }
       - name: Write .releaserc.json
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 # v1.3
         with:
           path: ./.releaserc.json
           write-mode: overwrite
