From ffd2b8a692f307db3075e3884becfcaddf8093ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edgar=20Ram=C3=ADrez=20Mondrag=C3=B3n?=
 <edgarrm358@gmail.com>
Date: Mon, 1 Sep 2025 15:04:02 -0600
Subject: [PATCH] Pin GitHub actions

---
 .github/workflows/deploy.yml | 8 ++++----
 .github/workflows/format.yml | 6 +++---
 .github/workflows/test.yml   | 6 +++---
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 9089757..19a00ae 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -13,8 +13,8 @@ jobs:
   dist:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
-    - uses: hynek/build-and-inspect-python-package@v2
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: hynek/build-and-inspect-python-package@efb823f52190ad02594531168b7a2d5790e66516 # v2.14.0
 
   deploy:
     needs: [dist]
@@ -25,13 +25,13 @@ jobs:
       attestations: write
 
     steps:
-    - uses: actions/download-artifact@v6
+    - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
       with:
         name: Packages
         path: dist
 
     - name: Generate artifact attestation for sdist and wheel
-      uses: actions/attest-build-provenance@v3
+      uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
       with:
         subject-path: "dist/*"
 
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
index 66befcb..0073b70 100644
--- a/.github/workflows/format.yml
+++ b/.github/workflows/format.yml
@@ -11,8 +11,8 @@ jobs:
     name: Pre-commit checks
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
-    - uses: actions/setup-python@v6
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
       with:
         python-version: '3.10'
-    - uses: pre-commit/action@v3.0.1
+    - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c2af3a4..81d586a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -32,15 +32,15 @@ jobs:
 
     name: ${{ matrix.os }}, Python ${{ matrix.python-version }}
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v6
+      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
       with:
         python-version: ${{ matrix.python-version }}
         allow-prereleases: true
 
-    - uses: astral-sh/setup-uv@v7
+    - uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
 
     - name: Install tox
       run: uv tool install --with tox-gh-actions --with tox-uv tox