Fix pinned-dependencies issues

.github/workflows/code_scan.yml

@@ -20,7 +20,10 @@ jobs:
         with:
           python-version: "3.10"
       - name: Install dependencies
-        run: python -m pip install tox==4.21.1
+        run: |
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
+          pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt
+          pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt
       - name: Trivy Scanning
         env:
           TRIVY_DOWNLOAD_URL: ${{ vars.TRIVY_DOWNLOAD_URL }}
@@ -43,7 +46,11 @@ jobs:
         with:
           python-version: "3.10"
       - name: Install dependencies
-        run: python -m pip install tox==4.21.1
+        run: |
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
+          pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt
+          pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt
+          rm /tmp/otx-dev-requirements.txt
       - name: Bandit Scanning
         run: tox -e bandit-scan
       - name: Upload Bandit artifact

.github/workflows/docs.yml

@@ -21,7 +21,11 @@ jobs:
         with:
           python-version: "3.10"
       - name: Install dependencies
-        run: python -m pip install -r requirements/dev.txt
+        run: |
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
+          pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt
+          pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt
+          rm /tmp/otx-dev-requirements.txt
       - name: Build-Docs
         run: tox -e build-doc
       - name: Create gh-pages branch

.github/workflows/docs_stable.yml

@@ -22,7 +22,11 @@ jobs:
         with:
           python-version: "3.10"
       - name: Install dependencies
-        run: python -m pip install -r requirements/dev.txt
+        run: |
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
+          pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt
+          pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt
+          rm /tmp/otx-dev-requirements.txt
       - name: Build-Docs
         run: tox -e build-doc
       - name: Create gh-pages branch

.github/workflows/pre_merge.yml

@@ -31,9 +31,10 @@ jobs:
           python-version: "3.10"
       - name: Install dependencies
         run: |
-          pip install pip-tools==7.3.0
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
           pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt
           pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt
+          rm /tmp/otx-dev-requirements.txt
       - name: Code quality checks
         run: tox -vv -e pre-commit-all-py310-pt1
   Unit-Test:
@@ -79,9 +80,10 @@ jobs:
           python-version: "3.8"
       - name: Install dependencies
         run: |
-          pip install pip-tools==7.3.0
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
           pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt
           pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt
+          rm /tmp/otx-dev-requirements.txt
       - name: Run unit test
         run: tox -vv -e unittest-all-py38-pt1
       - name: Upload coverage artifact

.github/workflows/publish.yml

@@ -33,9 +33,10 @@ jobs:
           python-version: "3.10"
       - name: Install pypa/build
         run: |
-          pip install pip-tools==7.3.0
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
           pip-compile --generate-hashes -o /tmp/otx-publish-requirements.txt requirements/publish.txt
           pip install --require-hashes --no-deps -r /tmp/otx-publish-requirements.txt
+          rm /tmp/otx-publish-requirements.txt
       - name: Build sdist
         run: python -m build --sdist
       - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3

.github/workflows/publish_internal.yml

@@ -31,9 +31,10 @@ jobs:
           python-version: "3.10"
       - name: Install pypa/build
         run: |
-          pip install pip-tools==7.3.0
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
           pip-compile --generate-hashes -o /tmp/otx-publish-requirements.txt requirements/publish.txt
           pip install --require-hashes --no-deps -r /tmp/otx-publish-requirements.txt
+          rm /tmp/otx-publish-requirements.txt
       - name: Build sdist
         run: python -m build --sdist
       - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
@@ -56,9 +57,10 @@ jobs:
           python-version: "3.10"
       - name: Install dependencies
         run: |
-          pip install pip-tools==7.3.0
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
           pip-compile --generate-hashes -o /tmp/otx-publish-requirements.txt requirements/publish.txt
           pip install --require-hashes --no-deps -r /tmp/otx-publish-requirements.txt
+          rm /tmp/otx-publish-requirements.txt
       - name: Download artifacts
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:

.github/workflows/run_tests_in_tox.yml

@@ -52,9 +52,10 @@ jobs:
           python-version: ${{ inputs.python-version }}
       - name: Install dependencies
         run: |
-          pip install pip-tools==7.3.0
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
           pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt
           pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt
+          rm /tmp/otx-dev-requirements.txt
       - name: Run Tests
         env:
           MLFLOW_TRACKING_SERVER_URI: ${{ vars.MLFLOW_TRACKING_SERVER_URI }}

.github/workflows/run_tests_in_tox_custom.yml

@@ -58,9 +58,10 @@ jobs:
           python-version: ${{ inputs.python-version }}
       - name: Install dependencies
         run: |
-          pip install pip-tools==7.3.0
+          pip install --require-hashes --no-deps -r requirements/gh-actions.txt
           pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt
           pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt
+          rm /tmp/otx-dev-requirements.txt
       - name: Run Tests
         env:
           MLFLOW_TRACKING_SERVER_URI: ${{ vars.MLFLOW_TRACKING_SERVER_URI }}

requirements/gh-actions.txt

@@ -0,0 +1,45 @@
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile --generate-hashes --output-file=requirements.txt requirements/gh-actions.txt
+#
+build==1.0.3 \
+    --hash=sha256:538aab1b64f9828977f84bc63ae570b060a8ed1be419e7870b8b4fc5e6ea553b \
+    --hash=sha256:589bf99a67df7c9cf07ec0ac0e5e2ea5d4b37ac63301c4986d1acb126aa83f8f
+    # via pip-tools
+click==8.1.7 \
+    --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \
+    --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de
+    # via pip-tools
+packaging==23.2 \
+    --hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
+    --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
+    # via build
+pip-tools==7.4.0 \
+    --hash=sha256:a92a6ddfa86ff389fe6ace381d463bc436e2c705bd71d52117c25af5ce867bb7 \
+    --hash=sha256:b67432fd0759ed834c5367f9e0ce8c95441acecfec9c8e24b41aca166757adf0
+    # via -r requirements/gh-actions.txt
+pyproject-hooks==1.0.0 \
+    --hash=sha256:283c11acd6b928d2f6a7c73fa0d01cb2bdc5f07c57a2eeb6e83d5e56b97976f8 \
+    --hash=sha256:f271b298b97f5955d53fb12b72c1fb1948c22c1a6b70b315c54cedaca0264ef5
+    # via
+    #   build
+    #   pip-tools
+tomli==2.0.1 \
+    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
+    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
+    # via
+    #   build
+    #   pip-tools
+    #   pyproject-hooks
+wheel==0.42.0 \
+    --hash=sha256:177f9c9b0d45c47873b619f5b650346d632cdc35fb5e4d25058e09c9e581433d \
+    --hash=sha256:c45be39f7882c9d34243236f2d63cbd58039e360f85d0913425fbd7ceea617a8
+    # via pip-tools
+
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes and the requirement is not
+# satisfied by a package already installed. Consider using the --allow-unsafe flag.
+# pip
+# setuptools