From 028b69c74ab4999ca02bb6aa93b82e95560922ed Mon Sep 17 00:00:00 2001
From: Bartosz <bjedrecki@splunk.com>
Date: Thu, 21 Aug 2025 10:32:48 +0200
Subject: [PATCH 1/3] Update and pin external GH Actions in CI/CD

---
 .github/workflows/release.yml | 12 ++++++------
 .github/workflows/test.yml    | 14 ++++++--------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 90ef8171..7bfe403c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,9 +9,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout source
-        uses: actions/checkout@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
         with:
           python-version: 3.7
       - name: Install dependencies
@@ -19,7 +19,7 @@ jobs:
       - name: Build package
         run: python setup.py sdist
       - name: Publish package to PyPI
-        uses: pypa/gh-action-pypi-publish@v1.8.10
+        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
         with:
           user: __token__
           password: ${{ secrets.pypi_password }}
@@ -29,14 +29,14 @@ jobs:
         run: |
           rm -rf ./docs/_build
           tox -e docs
-      - name : Docs Upload
-        uses: actions/upload-artifact@v3
+      - name: Docs Upload
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: python_sdk_docs
           path: docs/_build/html
       # Test upload
       # - name: Publish package to TestPyPI
-      #   uses: pypa/gh-action-pypi-publish@master
+      #   uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
       #   with:
       #     user: __token__
       #     password: ${{ secrets.test_pypi_password }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 329c686c..bf7ad3b0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,17 +1,15 @@
 name: Python CI
 
-on:
-  [ push, workflow_dispatch ]
+on: [push, workflow_dispatch]
 
 jobs:
   build:
-
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os:
           - ubuntu-latest
-        python: [ 3.9, 3.13 ]
+        python: [3.9, 3.13]
         splunk-version:
           - "8.1"
           - "8.2"
@@ -31,13 +29,13 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
       - name: Run docker compose
-        run: SPLUNK_VERSION=${{matrix.splunk-version}} docker compose up -d
+        run: SPLUNK_VERSION=${{ matrix.splunk-version }} docker compose up -d
 
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
         with:
           python-version: ${{ matrix.python }}
 
@@ -48,4 +46,4 @@ jobs:
         run: tox -e py
   fossa-scan:
     uses: splunk/oss-scanning-public/.github/workflows/oss-scan.yml@main
-    secrets: inherit
\ No newline at end of file
+    secrets: inherit

From 74c0fb860b497c672b206d2edd5c71171b9ba974 Mon Sep 17 00:00:00 2001
From: Bartosz <bjedrecki@splunk.com>
Date: Thu, 21 Aug 2025 10:32:48 +0200
Subject: [PATCH 2/3] Add new env variable for Splunk 10, remove docker-compose
 version, add quotes to versions as is recommended

---
 docker-compose.yml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index b819386b..243a4396 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,3 @@
-version: '3.6'
-
 services:
     splunk:
         image: "splunk/splunk:${SPLUNK_VERSION}"
@@ -11,9 +9,9 @@ services:
             - SPLUNK_PASSWORD=changed!
             - SPLUNK_APPS_URL=https://github.com/splunk/sdk-app-collection/releases/download/v1.1.0/sdkappcollection.tgz
         ports:
-            - 8000:8000
-            - 8088:8088
-            - 8089:8089
+            - "8000:8000"
+            - "8088:8088"
+            - "8089:8089"
         healthcheck:
             test: ['CMD', 'curl', '-f', 'http://localhost:8000']
             interval: 5s

From 5166207314f4355ed4ace358cbf7040f9f46be7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bartosz=20J=C4=99drecki?= <bjedrecki@splunk.com>
Date: Thu, 21 Aug 2025 14:29:11 +0200
Subject: [PATCH 3/3] Pin actions to newer commits

---
 .github/workflows/release.yml | 10 +++++-----
 .github/workflows/test.yml    |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7bfe403c..fe8c4831 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,9 +9,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
       - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
+        uses: actions/setup-python@9322b3ca74000aeb2c01eb777b646334015ddd72
         with:
           python-version: 3.7
       - name: Install dependencies
@@ -19,7 +19,7 @@ jobs:
       - name: Build package
         run: python setup.py sdist
       - name: Publish package to PyPI
-        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
+        uses: pypa/gh-action-pypi-publish@d417ba7e7683fa9104c42abe611c1f2c93c0727d
         with:
           user: __token__
           password: ${{ secrets.pypi_password }}
@@ -30,13 +30,13 @@ jobs:
           rm -rf ./docs/_build
           tox -e docs
       - name: Docs Upload
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8
         with:
           name: python_sdk_docs
           path: docs/_build/html
       # Test upload
       # - name: Publish package to TestPyPI
-      #   uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
+      #   uses: pypa/gh-action-pypi-publish@d417ba7e7683fa9104c42abe611c1f2c93c0727d
       #   with:
       #     user: __token__
       #     password: ${{ secrets.test_pypi_password }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index bf7ad3b0..8a9056e2 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -29,13 +29,13 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
 
       - name: Run docker compose
         run: SPLUNK_VERSION=${{ matrix.splunk-version }} docker compose up -d
 
       - name: Setup Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
+        uses: actions/setup-python@9322b3ca74000aeb2c01eb777b646334015ddd72
         with:
           python-version: ${{ matrix.python }}