Skip to content

Commit d0a2a0f

Browse files
rodion-mrodion-m
committed
Pin test dependencies and workflow actions
1 parent 155580f commit d0a2a0f

3 files changed

Lines changed: 20 additions & 20 deletions

File tree

.github/workflows/ci.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,9 @@ jobs:
1919
name: Test
2020
runs-on: ubuntu-latest
2121
steps:
22-
- uses: actions/checkout@v5
22+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2323

24-
- uses: actions/setup-python@v5
24+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
2525
with:
2626
python-version: '3.11'
2727
cache: 'pip'
@@ -37,7 +37,7 @@ jobs:
3737
python -m pytest src/tests/ -v --cov=src --cov-report=term-missing --cov-report=xml --junitxml=junit/test-results.xml
3838
3939
- name: Upload test results
40-
uses: actions/upload-artifact@v4
40+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
4141
if: always()
4242
with:
4343
name: pytest-results
@@ -50,13 +50,13 @@ jobs:
5050
needs: test
5151
runs-on: ubuntu-latest
5252
steps:
53-
- uses: actions/checkout@v5
53+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5454

55-
- uses: docker/setup-buildx-action@v3
55+
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
5656

5757
- name: Login to GitHub Container Registry
5858
if: github.event_name == 'push'
59-
uses: docker/login-action@v3
59+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
6060
with:
6161
registry: ${{ env.DOCKER_REGISTRY }}
6262
username: ${{ github.actor }}
@@ -65,7 +65,7 @@ jobs:
6565
# PR: build only (no push) to validate Dockerfile — single platform for speed
6666
- name: Build Docker image (PR validation)
6767
if: github.event_name == 'pull_request'
68-
uses: docker/build-push-action@v5
68+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
6969
with:
7070
push: false
7171
load: true
@@ -76,7 +76,7 @@ jobs:
7676
# Push to main: build multi-platform and push with rolling tags
7777
- name: Build and push Docker image
7878
if: github.event_name == 'push'
79-
uses: docker/build-push-action@v5
79+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
8080
with:
8181
push: true
8282
platforms: linux/amd64,linux/arm64

.github/workflows/release.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,12 @@ jobs:
3333
environment: release
3434
steps:
3535
- name: Checkout repository
36-
uses: actions/checkout@v5
36+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3737
with:
3838
fetch-depth: 0
3939

4040
- name: Set up Python
41-
uses: actions/setup-python@v5
41+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
4242
with:
4343
python-version: '3.11'
4444
cache: 'pip'
@@ -137,17 +137,17 @@ jobs:
137137
"
138138
139139
- name: Set up Docker Buildx
140-
uses: docker/setup-buildx-action@v3
140+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
141141

142142
- name: Login to GitHub Container Registry
143-
uses: docker/login-action@v3
143+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
144144
with:
145145
registry: ${{ env.DOCKER_REGISTRY }}
146146
username: ${{ github.actor }}
147147
password: ${{ secrets.GITHUB_TOKEN }}
148148

149149
- name: Build and push Docker image
150-
uses: docker/build-push-action@v5
150+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
151151
with:
152152
push: true
153153
platforms: linux/amd64,linux/arm64
@@ -182,7 +182,7 @@ jobs:
182182
run: ./mcp-publisher publish
183183

184184
- name: Create GitHub Release
185-
uses: softprops/action-gh-release@v2
185+
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
186186
with:
187187
tag_name: v${{ steps.version.outputs.version }}
188188
name: CodeAlive MCP v${{ steps.version.outputs.version }}

pyproject.toml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,18 +12,18 @@ dependencies = [
1212

1313
[project.optional-dependencies]
1414
test = [
15-
"pytest>=8.0.0,<9.0.0",
16-
"pytest-asyncio>=0.23.0,<1.0.0",
17-
"pytest-mock>=3.14.0,<4.0.0",
18-
"pytest-cov>=4.0.0,<6.0.0",
19-
"mcp>=1.0.0",
15+
"pytest==9.0.2",
16+
"pytest-asyncio==1.3.0",
17+
"pytest-mock==3.15.1",
18+
"pytest-cov==7.1.0",
19+
"mcp==1.26.0",
2020
]
2121

2222
[project.scripts]
2323
codealive-mcp = "codealive_mcp.server:main"
2424

2525
[build-system]
26-
requires = ["setuptools>=61.0", "setuptools-scm>=8"]
26+
requires = ["setuptools==82.0.1", "setuptools-scm==10.0.3"]
2727
build-backend = "setuptools.build_meta"
2828

2929
[tool.setuptools]

0 commit comments

Comments
 (0)