Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/benchmarks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
- uses: actions/checkout@v7

- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
enable-cache: true

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ jobs:
with:
python-version: "3.12"
- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
- name: Sync locked environment
run: uv sync --frozen
- name: Run pip-audit advisory gate
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs-backfill.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ jobs:
ref: master

- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
enable-cache: true

Expand Down
26 changes: 19 additions & 7 deletions .github/workflows/documentation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,10 @@ on:
required: false
default: ""

# Default to read-only at the top level so the PR build-only job inherits the
# least privilege. The deploy jobs opt back into the write scopes they need.
permissions:
contents: write
id-token: write
pages: write
contents: read

# Allow one concurrent deployment so a fast-follow push doesn't race the
# previous deploy on gh-pages.
Expand All @@ -93,7 +93,7 @@ jobs:
fetch-depth: 0

- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
enable-cache: true

Expand All @@ -119,14 +119,18 @@ jobs:
name: Deploy latest documentation
if: github.event_name == 'push'
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
pages: write
steps:
- name: Checkout (full history for mike + git-revision-date plugins)
uses: actions/checkout@v7
with:
fetch-depth: 0

- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
enable-cache: true

Expand Down Expand Up @@ -167,6 +171,10 @@ jobs:
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.event == 'repository_dispatch'
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
pages: write
steps:
- name: Checkout (full history for mike + git-revision-date plugins)
uses: actions/checkout@v7
Expand Down Expand Up @@ -198,7 +206,7 @@ jobs:
echo "Resolved release tag: ${tag}"

- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
enable-cache: true

Expand Down Expand Up @@ -240,6 +248,10 @@ jobs:
# left byte-for-byte unchanged. It reuses the existing deploy scripts verbatim.
if: github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
pages: write
steps:
- name: Validate inputs
env:
Expand Down Expand Up @@ -267,7 +279,7 @@ jobs:
ref: master

- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
enable-cache: true

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/native-core-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
python-version: "3.13"

- name: Setup uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0

- name: Setup Rust
uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ jobs:
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
- name: Sync resolved environment
# Resolve the locked dependency set into .venv so the SBOM reflects the
# exact versions a consumer gets, not just the declared ranges.
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/type-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ jobs:
uses: actions/checkout@v7

- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
python-version: 3.13

Expand Down Expand Up @@ -131,7 +131,7 @@ jobs:
uses: actions/checkout@v7

- name: Install uv
uses: astral-sh/setup-uv@v7
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
with:
python-version: 3.13

Expand Down