pin uv versions by hash

move-coop · Sep 7, 2024 · 0f95073 · 0f95073
1 parent d2f016f
commit 0f95073
Showing 1 changed file with 11 additions and 8 deletions.
diff --git a/.github/workflows/python-checks.yml b/.github/workflows/python-checks.yml
@@ -29,8 +29,11 @@ jobs:
                   python-version: ${{ matrix.python-version }}
 
             - name: Install uv
-              run: |
-                pip install uv
+            - run: |
+                pip install uv == 0.4.7 \
+                    --hash=sha256:ec49a00317799226d33135bf40e8da44262f44e3980a5bb9e6dae7250523c963 \   # manylinux: glibc 2.17+ x86-64
+                    --hash=sha256:319a585f53c0b63b989526206383716e1d7c0f3483425058b94bf47402a81841 \   # Windows x86-64
+                    --hash=sha256:bfbd6e28b0543b774db7d97d61963c384c70284e95056004c8f74252e69616c7     # macOS 11.0+ ARM64
 
             - name: Install dependencies
               env:
@@ -56,8 +59,8 @@ jobs:
 
             - name: Install uv
               run: |
-                pip install uv
-
+                pip install uv == 0.4.7 --hash=sha256:ec49a00317799226d33135bf40e8da44262f44e3980a5bb9e6dae7250523c963 \   # manylinux: glibc 2.17+ x86-64
+                
             - name: Install ruff
               run: |
                 uv pip install --system -r requirements-dev.txt
@@ -79,7 +82,7 @@ jobs:
 
             - name: Install uv
               run: |
-                pip install uv
+                pip install uv == 0.4.7 --hash=sha256:ec49a00317799226d33135bf40e8da44262f44e3980a5bb9e6dae7250523c963 \   # manylinux: glibc 2.17+ x86-64
 
             - name: Install isort
               run: |
@@ -102,7 +105,7 @@ jobs:
 
             - name: Install uv
               run: |
-                pip install uv
+                pip install uv == 0.4.7 --hash=sha256:ec49a00317799226d33135bf40e8da44262f44e3980a5bb9e6dae7250523c963 \   # manylinux: glibc 2.17+ x86-64
 
             - name: Install ruff
               run: |
@@ -125,7 +128,7 @@ jobs:
 
             - name: Install uv
               run: |
-                pip install uv
+                pip install uv == 0.4.7 --hash=sha256:ec49a00317799226d33135bf40e8da44262f44e3980a5bb9e6dae7250523c963 \   # manylinux: glibc 2.17+ x86-64
 
             - name: Install bandit
               run: |
@@ -148,7 +151,7 @@ jobs:
 
             - name: Install uv
               run: |
-                pip install uv
+                pip install uv == 0.4.7 --hash=sha256:ec49a00317799226d33135bf40e8da44262f44e3980a5bb9e6dae7250523c963 \   # manylinux: glibc 2.17+ x86-64
 
             - name: Install dependencies
               run: |