Hash-pin github actions versions#2369
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
I'm dismissing the code-scanning alerts. At first, I couldn't understand why these (known!) issues were being marked as part of this PR, but I got a pointer from @ichard26 (thanks again!) to this: So it looks like I'm just editing too close to where the SARIF findings are demarcated. Obviously I want to fix all of these, but one thing at a time. |
| steps: | ||
| - name: Switch to using Python 3.14 by default | ||
| uses: actions/setup-python@v6 | ||
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 |
There was a problem hiding this comment.
Is it possible to use two-space indents?
There was a problem hiding this comment.
You mean, invent the list item, starting at the -? I would like to. I'm slowly trying to apply that style to every YAML file I interact with.
But I don't think we want it in this PR.
There was a problem hiding this comment.
I meant
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 |
There was a problem hiding this comment.
As for the list items, I actually prefer no additional indentation in that place. This is the style I'm using everywhere: https://github.com/cherrypy/cheroot/blob/2ffb0baf8aa480da9da8d522b3fd7eab271f6dba/.yamllint
There was a problem hiding this comment.
Ah, gotcha, two spaces for the comments. Yeah, I'll amend.
As for the indent-sequences: false rule, we should probably add yamllint here. I don't feel very strongly about it, but I'm likely to use the other style if it's not enforced.
There was a problem hiding this comment.
Done in the course of a rebase.
There was a problem hiding this comment.
As for the
indent-sequences: falserule, we should probably addyamllinthere.
Yes, and a copy of that config. It just so happened that I kept postponing it, focusing on other stuff. But feel free to sync both yamllint config + pre-commit config from Cheroot in a standalone patch.
Applied by `gha-update` (with failing items with no tags commented out).
sirosen
force-pushed
the
pin-github-actions
branch
from
6a3ede2 to
87a1a1f
Compare
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
|
A few PyPy jobs seem to need another minute to be able to complete: https://github.com/jazzband/pip-tools/actions/runs/24464328233 |
|
I'd like to give them a much more generous margin, if they're running into the limits, since CI runtimes aren't very stable. I'll prep a PR right away -- I've got a few minutes in the middle of my day right now. 😁 |
|
PR for a more generous timeout visible here. |
|
Alright.. This got in on the retry. We'll get higher timeouts merged in next thing. |
3 participants
Applied by
gha-update(with failing items with no tags commented out).Contributor checklist
Included tests for the changes.changelog.d/(seechangelog.d/README.mdfor instructions) or the PR text says "no changelog needed".
Maintainer checklist
bot:chronographer:skiplabel.(following Semantic Versioning).