Skip to content

Commit 17d1b00

Browse files
ci: Enforce pinned pip dependencies
This should give us a 10/10 OpenSSF rating for pinned dependencies.
1 parent d723815 commit 17d1b00

File tree

4 files changed

+7
-7
lines changed

4 files changed

+7
-7
lines changed

.github/workflows/build_and_test.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ jobs:
5656

5757
- name: Install dependencies
5858
run: |
59-
pip install -r tests/integration/requirements.txt
59+
pip install --require-hashes -r tests/integration/requirements.txt
6060
6161
- name: Execute integration tests
6262
run: |

.github/workflows/compliance.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
run: |
1818
sudo apt update
1919
sudo apt -qy --no-install-recommends install clang-format-14
20-
pip3 install -r tools/requirements-compliance.txt
20+
pip3 install --require-hashes -r tools/requirements-compliance.txt
2121
2222
- name: Check commits with gitlint
2323
run: |

tests/integration/requirements.txt

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
pexpect==4.9.0
2-
pytest==8.3.3
1+
pexpect==4.9.0 --hash=sha256:7236d1e080e4936be2dc3e326cec0af72acf9212a7e1d060210e70a47e253523
2+
pytest==8.3.3 --hash=sha256:a6853c7375b2663155079443d2e45de913a911a11d669df02a50814944db57b2

tools/requirements-compliance.txt

+3-3
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
cmake-format==0.6.13
2-
gitlint==0.19
3-
pylint==3.3.1
1+
cmake-format==0.6.13 --hash=sha256:ec7ed949101e5f0b7bc19317d122b83ccbc28fd766c41c93094845719667c56e
2+
gitlint==0.19 --hash=sha256:3a566c6f641e054be26ecf67210c237e4fe45472f6606761c9fea7b44e570d3c
3+
pylint==3.3.1 --hash=sha256:2f846a466dd023513240bc140ad2dd73bfc080a5d85a710afdb728c420a5a2b9
44
-r ../tests/integration/requirements.txt

0 commit comments

Comments
 (0)