From 725d02ce31fe7dccb4f26fbd2625c6db89146e33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Dec 2025 15:16:32 +0000 Subject: [PATCH 1/2] build(deps): bump the actions-infrastructure group with 3 updates Bumps the actions-infrastructure group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-python](https://github.com/actions/setup-python) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) Updates `actions/download-artifact` from 4 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-infrastructure - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-infrastructure - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-infrastructure ... Signed-off-by: dependabot[bot] --- .github/workflows/build_test_deploy.yml | 14 +++++++------- .github/workflows/docker.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build_test_deploy.yml b/.github/workflows/build_test_deploy.yml index d871037cab..617ae062a0 100644 --- a/.github/workflows/build_test_deploy.yml +++ b/.github/workflows/build_test_deploy.yml @@ -42,7 +42,7 @@ jobs: attestations: write id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 persist-credentials: false @@ -96,13 +96,13 @@ jobs: DEPENDS: ${{ matrix.dependencies }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false - name: Install the latest version of uv uses: astral-sh/setup-uv@v5 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - name: Display Python version @@ -149,7 +149,7 @@ jobs: steps: - name: Download packages built by build-and-inspect-python-package - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v6 with: pattern: Packages-* path: dist @@ -158,7 +158,7 @@ jobs: - name: Install the latest version of uv uses: astral-sh/setup-uv@v5 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - name: Restore cached templateflow @@ -203,7 +203,7 @@ jobs: steps: - name: Download packages built by build-and-inspect-python-package - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v6 with: pattern: Packages-* path: dist @@ -226,7 +226,7 @@ jobs: check: ["style", "spellcheck"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false - name: Install the latest version of uv diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 8dbe7db613..6cc57e5f01 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,7 +25,7 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v5 with: fetch-depth: 200 fetch-tags: true From b567659c86137f48bb256357767934242625f405 Mon Sep 17 00:00:00 2001 From: "Christopher J. Markiewicz" Date: Tue, 9 Dec 2025 10:23:22 -0500 Subject: [PATCH 2/2] [DATALAD RUNCMD] pin-github-action '.github/workflows/bui... === Do not change lines below === { "chain": [], "cmd": "pin-github-action '{inputs}'", "exit": 0, "extra_inputs": [], "inputs": [ ".github/workflows/build_test_deploy.yml" ], "outputs": [ ".github/workflows/build_test_deploy.yml" ], "pwd": "." } ^^^ Do not change lines above ^^^ --- .github/workflows/build_test_deploy.yml | 36 ++++++++++++------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build_test_deploy.yml b/.github/workflows/build_test_deploy.yml index 617ae062a0..ec947aa692 100644 --- a/.github/workflows/build_test_deploy.yml +++ b/.github/workflows/build_test_deploy.yml @@ -42,7 +42,7 @@ jobs: attestations: write id-token: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 persist-credentials: false @@ -54,7 +54,7 @@ jobs: # # If 2.9 is required, then we will need to pin to hatchling 1.26.x to avoid # incompatibilities with twine and the package metadata emitted by hatchiling. - - uses: hynek/build-and-inspect-python-package@v2 + - uses: hynek/build-and-inspect-python-package@efb823f52190ad02594531168b7a2d5790e66516 # v2 id: build-smriprep with: upload-name-suffix: -main @@ -63,7 +63,7 @@ jobs: run: rm -r "$DIST" env: DIST: ${{ steps.build-smriprep.outputs.dist }} - - uses: hynek/build-and-inspect-python-package@v2 + - uses: hynek/build-and-inspect-python-package@efb823f52190ad02594531168b7a2d5790e66516 # v2 id: build-wrapper with: path: wrapper @@ -96,13 +96,13 @@ jobs: DEPENDS: ${{ matrix.dependencies }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6 with: python-version: ${{ matrix.python-version }} - name: Display Python version @@ -110,7 +110,7 @@ jobs: - name: Restore cached templateflow id: tf-cache-restore - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: /tmp/templateflow key: templateflow-v0 @@ -130,7 +130,7 @@ jobs: run: tox c - name: Run tox run: tox -v --exit-and-dump-after 1800 - - uses: codecov/codecov-action@v5 + - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5 with: token: ${{ secrets.CODECOV_TOKEN }} if: ${{ always() }} @@ -149,21 +149,21 @@ jobs: steps: - name: Download packages built by build-and-inspect-python-package - uses: actions/download-artifact@v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 with: pattern: Packages-* path: dist - run: ls -lR - name: Install the latest version of uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6 with: python-version: ${{ matrix.python-version }} - name: Restore cached templateflow id: tf-cache-restore - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: /tmp/templateflow key: templateflow-v0 @@ -186,7 +186,7 @@ jobs: run: tox c - name: Run tox run: tox -v --exit-and-dump-after 1800 - - uses: codecov/codecov-action@v5 + - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5 with: token: ${{ secrets.CODECOV_TOKEN }} if: ${{ always() }} @@ -203,18 +203,18 @@ jobs: steps: - name: Download packages built by build-and-inspect-python-package - uses: actions/download-artifact@v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 with: pattern: Packages-* path: dist - name: Upload package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1 with: packages-dir: dist/Packages-main/ - name: Upload package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1 with: packages-dir: dist/Packages-wrapper/ @@ -226,11 +226,11 @@ jobs: check: ["style", "spellcheck"] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 - name: Install tox run: uv tool install tox --with=tox-uv - name: Show tox config