From 66ec0c0410c666f894d13ceab4d7630ee47bc6b8 Mon Sep 17 00:00:00 2001 From: Salman Muin Kayser Chishti <13schishti@gmail.com> Date: Tue, 16 Dec 2025 14:22:57 +0000 Subject: [PATCH 1/2] Upgrade GitHub Actions to latest versions --- .github/workflows/build.yml | 2 +- .github/workflows/publish-pypi.yml | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c20798524..cc3b8f6ed 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -161,7 +161,7 @@ jobs: with: images: ${{ env.DOCKER_REPOSITORY }} - name: Build and export - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: Dockerfile diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 0d4f6c56b..7dee2dc51 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -92,7 +92,7 @@ jobs: name: grr-response-proto path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1 publish-to-pypi-grr-response-core: name: Publish grr-response-core to PyPI @@ -111,7 +111,7 @@ jobs: name: grr-response-core path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1 publish-to-pypi-grr-response-client: name: Publish grr-response-client to PyPI @@ -130,7 +130,7 @@ jobs: name: grr-response-client path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1 publish-to-pypi-grr-response-client-builder: name: Publish grr-response-client-builder to PyPI @@ -149,7 +149,7 @@ jobs: name: grr-response-client-builder path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1 publish-to-pypi-grr-response-server: name: Publish grr-response-server to PyPI @@ -168,7 +168,7 @@ jobs: name: grr-response-server path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1 publish-to-pypi-grr-response-test: name: Publish grr-response-test to PyPI @@ -187,7 +187,7 @@ jobs: name: grr-response-test path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1 publish-to-pypi-grr-colab: name: Publish grr-colab to PyPI @@ -206,7 +206,7 @@ jobs: name: grr-colab path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1 publish-to-pypi-grr-api-client: name: Publish grr-api-client to PyPI @@ -225,4 +225,4 @@ jobs: name: grr-api-client path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1 From e65dab9b54cf67b279a2b281feff2e81f0f3909d Mon Sep 17 00:00:00 2001 From: Salman Muin Kayser Chishti <13schishti@gmail.com> Date: Wed, 17 Dec 2025 10:32:03 +0000 Subject: [PATCH 2/2] Fix pypa/gh-action-pypi-publish to use SHA pinning Pin to release/v1.13 for security best practices. The v1 tag doesn't exist - only release/v1 branch exists. Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com> --- .github/workflows/publish-pypi.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 7dee2dc51..6886c0614 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -92,7 +92,7 @@ jobs: name: grr-response-proto path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13 publish-to-pypi-grr-response-core: name: Publish grr-response-core to PyPI @@ -111,7 +111,7 @@ jobs: name: grr-response-core path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13 publish-to-pypi-grr-response-client: name: Publish grr-response-client to PyPI @@ -130,7 +130,7 @@ jobs: name: grr-response-client path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13 publish-to-pypi-grr-response-client-builder: name: Publish grr-response-client-builder to PyPI @@ -149,7 +149,7 @@ jobs: name: grr-response-client-builder path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13 publish-to-pypi-grr-response-server: name: Publish grr-response-server to PyPI @@ -168,7 +168,7 @@ jobs: name: grr-response-server path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13 publish-to-pypi-grr-response-test: name: Publish grr-response-test to PyPI @@ -187,7 +187,7 @@ jobs: name: grr-response-test path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13 publish-to-pypi-grr-colab: name: Publish grr-colab to PyPI @@ -206,7 +206,7 @@ jobs: name: grr-colab path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13 publish-to-pypi-grr-api-client: name: Publish grr-api-client to PyPI @@ -225,4 +225,4 @@ jobs: name: grr-api-client path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13