Update pre-commit hooks; pin GitHub actions to exact refs (#758)
Update pre-commit hooks
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fe869a7..2bfc1cd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -55,13 +55,17 @@
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ id-token: write # for codecov upload
+
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Set up Python
- uses: actions/setup-python@v6
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: ${{ matrix.python-version }}
allow-prereleases: true
@@ -98,7 +102,7 @@
github.repository == 'python/typing_extensions'
&& (github.event_name == 'push' || github.event_name == 'pull_request')
with:
- token: ${{ secrets.CODECOV_ORG_TOKEN }}
+ use_oidc: true
flags: ${{ matrix.python-version }}
directory: src
fail_ci_if_error: true
@@ -122,7 +126,7 @@
issues: write
steps:
- - uses: actions/github-script@v9
+ - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index b506cba..72efb7f 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -23,11 +23,11 @@
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Set up Python
- uses: actions/setup-python@v6
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: "3.x"
- name: Check package metadata
@@ -43,7 +43,7 @@
- name: Build a binary wheel and a source tarball
run: python -m build
- name: Store the distribution packages
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: python-package-distributions
path: dist/
@@ -55,15 +55,15 @@
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Set up Python
- uses: actions/setup-python@v6
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: "3.x"
- name: Download all the dists
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
name: python-package-distributions
path: dist/
@@ -84,15 +84,15 @@
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Set up Python
- uses: actions/setup-python@v6
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: "3.x"
- name: Download all the dists
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
name: python-package-distributions
path: dist/
@@ -112,15 +112,15 @@
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Set up Python
- uses: actions/setup-python@v6
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: "3.x"
- name: Download all the dists
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
name: python-package-distributions
path: dist/
@@ -152,7 +152,7 @@
steps:
- name: Download all the dists
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
name: python-package-distributions
path: dist/
diff --git a/.github/workflows/third_party.yml b/.github/workflows/third_party.yml
index 40f78b2..8b77088 100644
--- a/.github/workflows/third_party.yml
+++ b/.github/workflows/third_party.yml
@@ -58,7 +58,7 @@
- name: Checkout pydantic
run: git clone --depth=1 https://github.com/pydantic/pydantic.git || git clone --depth=1 https://github.com/pydantic/pydantic.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -91,7 +91,7 @@
- name: Checkout typing_inspect
run: git clone --depth=1 https://github.com/ilevkivskyi/typing_inspect.git || git clone --depth=1 https://github.com/ilevkivskyi/typing_inspect.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -126,7 +126,7 @@
- name: Check out pycroscope
run: git clone --depth=1 https://github.com/JelleZijlstra/pycroscope.git || git clone --depth=1 https://github.com/JelleZijlstra/pycroscope.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -161,7 +161,7 @@
- name: Check out typeguard
run: git clone --depth=1 https://github.com/agronholm/typeguard.git || git clone --depth=1 https://github.com/agronholm/typeguard.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -199,7 +199,7 @@
- name: Check out typed-argument-parser
run: git clone --depth=1 https://github.com/swansonk14/typed-argument-parser.git || git clone --depth=1 https://github.com/swansonk14/typed-argument-parser.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -242,7 +242,7 @@
- name: Checkout mypy for stubtest and mypyc tests
run: git clone --depth=1 https://github.com/python/mypy.git || git clone --depth=1 https://github.com/python/mypy.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -278,7 +278,7 @@
- name: Checkout cattrs
run: git clone --depth=1 https://github.com/python-attrs/cattrs.git || git clone --depth=1 https://github.com/python-attrs/cattrs.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -316,7 +316,7 @@
- name: Checkout sqlalchemy
run: git clone -b ${{ matrix.checkout-ref }} --depth=1 https://github.com/sqlalchemy/sqlalchemy.git || git clone -b ${{ matrix.checkout-ref }} --depth=1 https://github.com/sqlalchemy/sqlalchemy.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -348,7 +348,7 @@
- name: Checkout litestar
run: git clone --depth=1 https://github.com/litestar-org/litestar.git || git clone --depth=1 https://github.com/litestar-org/litestar.git
- name: Checkout typing_extensions
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
path: typing-extensions-latest
persist-credentials: false
@@ -405,7 +405,7 @@
issues: write
steps:
- - uses: actions/github-script@v9
+ - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2a3aede..3fdf3d7 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/astral-sh/ruff-pre-commit
- rev: v0.14.10
+ rev: v0.15.9
hooks:
- id: ruff
- repo: https://github.com/pre-commit/pre-commit-hooks
@@ -21,18 +21,18 @@
hooks:
- id: sphinx-lint
- repo: https://github.com/python-jsonschema/check-jsonschema
- rev: 0.36.0
+ rev: 0.37.1
hooks:
- id: check-dependabot
- id: check-github-workflows
- id: check-readthedocs
- repo: https://github.com/abravalheri/validate-pyproject
- rev: v0.24.1
+ rev: v0.25
hooks:
- id: validate-pyproject
additional_dependencies: ["validate-pyproject-schema-store[all]"]
- repo: https://github.com/rhysd/actionlint
- rev: v1.7.10
+ rev: v1.7.12
hooks:
- id: actionlint
additional_dependencies:
@@ -41,7 +41,7 @@
# but the integration only works if shellcheck is installed
- "github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.11.1"
- repo: https://github.com/woodruffw/zizmor-pre-commit
- rev: v1.19.0
+ rev: v1.23.1
hooks:
- id: zizmor
- repo: meta
