caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Github] Hash Pin Actions in Most Workflows (#129486)

Browse Source 
This patch haspins all actions in most of the LLVM Github workflows.
This is something we try to do, but no one has gone through and combed
through all of the workflows before this patch.

Notably, this patch does not bump any major versions of actions just in
case there are subtle breaking changes introduced between versions that
could impact us. Also, this patch omits the libc/libc++ workflows so
that they can be split into separate PRs for the respective subproject
maintainers to review.
This commit is contained in:
Aiden Grossman
2025-03-03 08:37:20 -08:00
committed by GitHub
parent a3584fb13e
commit 705decc860
21 changed files with 39 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/build-metrics-container.yml vendored
View File

@@ -27,7 +27,7 @@ jobs:
container-filename: ${{ steps.vars.outputs.container-filename }}
steps:
- name: Checkout LLVM
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: .ci/metrics/
- name: Write Variables
@@ -49,7 +49,7 @@ jobs:
run: |
podman save ${{ steps.vars.outputs.container-name-tag }} > ${{ steps.vars.outputs.container-filename }}
- name: Upload Container Image
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: container
path: ${{ steps.vars.outputs.container-filename }}
@@ -66,7 +66,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Download Container
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: container
- name: Push Container

2
.github/workflows/ci-post-commit-analyzer.yml vendored
View File

@@ -44,7 +44,7 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup ccache
uses: hendrikmuhs/ccache-action@v1
uses: hendrikmuhs/ccache-action@a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
with:
# A full build of llvm, clang, lld, and lldb takes about 250MB
# of ccache space. There's not much reason to have more than this,

2
.github/workflows/commit-access-review.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Fetch LLVM sources
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install dependencies
run: |

10
.github/workflows/docs.yml vendored
View File

@@ -60,12 +60,12 @@ jobs:
# a local checkout beforehand.
- name: Fetch LLVM sources (Push)
if: ${{ github.event_name == 'push' }}
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Get subprojects that have doc changes
id: docs-changed-subprojects
uses: tj-actions/changed-files@v39
uses: tj-actions/changed-files@fea790cb660e33aef4bdf07304e28fedd77dfa13 # v39.2.4
with:
files_yaml: |
llvm:
@@ -98,11 +98,11 @@ jobs:
- '.github/workflows/docs.yml'
- name: Fetch LLVM sources (PR)
if: ${{ github.event_name == 'pull_request' }}
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Setup Python env
uses: actions/setup-python@v5
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: '3.11'
cache: 'pip'
@@ -216,7 +216,7 @@ jobs:
mkdir built-docs/flang
cp -r flang-build/docs/* built-docs/flang/
- name: Upload docs
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: docs-output
path: built-docs/

2
.github/workflows/email-check.yaml vendored
View File

@@ -14,7 +14,7 @@ jobs:
if: github.repository == 'llvm/llvm-project'
steps:
- name: Fetch LLVM sources
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}

2
.github/workflows/issue-release-workflow.yml vendored
View File

@@ -42,7 +42,7 @@ jobs:
contains(github.event.action == 'opened' && github.event.issue.body || github.event.comment.body, '/cherry-pick')
steps:
- name: Fetch LLVM sources
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: llvm/llvm-project
# GitHub stores the token used for checkout and uses it for pushes

2
.github/workflows/issue-subscriber.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
if: github.repository == 'llvm/llvm-project'
steps:
- name: Checkout Automation Script
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: llvm/utils/git/
ref: main

4
.github/workflows/issue-write.yml vendored
View File

@@ -25,7 +25,7 @@ jobs:
)
steps:
- name: Fetch Sources
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: |
.github/workflows/unprivileged-download-artifact/action.yml
@@ -39,7 +39,7 @@ jobs:
- name: 'Comment on PR'
if: steps.download-artifact.outputs.artifact-id != ''
uses: actions/github-script@v3
uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |

2
.github/workflows/libclang-abi-tests.yml vendored
View File

@@ -38,7 +38,7 @@ jobs:
LLVM_VERSION_PATCH: ${{ steps.version.outputs.patch }}
steps:
- name: Checkout source
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 250

4
.github/workflows/llvm-bugs.yml vendored
View File

@@ -14,13 +14,13 @@ jobs:
runs-on: ubuntu-latest
if: github.repository == 'llvm/llvm-project'
steps:
- uses: actions/setup-node@v4
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: 18
check-latest: true
- run: npm install mailgun.js form-data
- name: Send notification
uses: actions/github-script@v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
env:
MAILGUN_API_KEY: ${{ secrets.LLVM_BUGS_KEY }}
with:

6
.github/workflows/llvm-project-tests.yml vendored
View File

@@ -82,7 +82,7 @@ jobs:
# lldb. Using this setup-python action to make 3.10 the default
# python fixes this.
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: ${{ inputs.python_version }}
- name: Install Ninja
@@ -91,11 +91,11 @@ jobs:
# actions/checkout deletes any existing files in the new git directory,
# so this needs to either run before ccache-action or it has to use
# clean: false.
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 250
- name: Setup ccache
uses: hendrikmuhs/ccache-action@v1
uses: hendrikmuhs/ccache-action@a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
with:
# A full build of llvm, clang, lld, and lldb takes about 250MB
# of ccache space. There's not much reason to have more than this,

2
.github/workflows/llvm-tests.yml vendored
View File

@@ -38,7 +38,7 @@ jobs:
LLVM_VERSION_PATCH: ${{ steps.version.outputs.patch }}
steps:
- name: Checkout source
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 250

2
.github/workflows/merged-prs.yml vendored
View File

@@ -21,7 +21,7 @@ jobs:
(github.event.pull_request.merged == true)
steps:
- name: Checkout Automation Script
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: llvm/utils/git/
ref: main

4
.github/workflows/new-prs.yml vendored
View File

@@ -35,7 +35,7 @@ jobs:
(github.event.pull_request.author_association != 'OWNER')
steps:
- name: Checkout Automation Script
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: llvm/utils/git/
ref: main
@@ -67,7 +67,7 @@ jobs:
github.event.pull_request.draft == false &&
github.event.pull_request.commits < 10
steps:
- uses: actions/labeler@v4
- uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
with:
configuration-path: .github/new-prs-labeler.yml
# workaround for https://github.com/actions/labeler/issues/112

12
.github/workflows/pr-code-format.yml vendored
View File

@@ -19,12 +19,12 @@ jobs:
if: github.repository == 'llvm/llvm-project'
steps:
- name: Fetch LLVM sources
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout through merge base
uses: rmacklin/fetch-through-merge-base@v0
uses: rmacklin/fetch-through-merge-base@bfe4d03a86f9afa52bc1a70e9814fc92a07f7b75 # v0.3.0
with:
base_ref: ${{ github.event.pull_request.base.ref }}
head_ref: ${{ github.event.pull_request.head.sha }}
@@ -32,7 +32,7 @@ jobs:
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v39
uses: tj-actions/changed-files@fea790cb660e33aef4bdf07304e28fedd77dfa13 # v39.2.4
with:
separator: ","
skip_initial_fetch: true
@@ -40,7 +40,7 @@ jobs:
# We need to pull the script from the main branch, so that we ensure
# we get the latest version of this script.
- name: Fetch code formatting utils
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: ${{ github.repository }}
ref: ${{ github.base_ref }}
@@ -58,12 +58,12 @@ jobs:
echo "$CHANGED_FILES"
- name: Install clang-format
uses: aminya/setup-cpp@v1
uses: aminya/setup-cpp@17c11551771948abc5752bbf3183482567c7caf0 # v1.1.1
with:
clangformat: 19.1.6
- name: Setup Python env
uses: actions/setup-python@v5
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: '3.11'
cache: 'pip'

2
.github/workflows/pr-subscriber.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
if: github.repository == 'llvm/llvm-project'
steps:
- name: Checkout Automation Script
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: llvm/utils/git/
ref: main

2
.github/workflows/release-binaries.yml vendored
View File

@@ -336,7 +336,7 @@ jobs:
runs-on: ${{ needs.prepare.outputs.test-runs-on }}
steps:
- name: Checkout Actions
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }}
sparse-checkout: |

2
.github/workflows/release-documentation.yml vendored
View File

@@ -37,7 +37,7 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Python env
uses: actions/setup-python@v5
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
cache: 'pip'
cache-dependency-path: './llvm/docs/requirements.txt'

2
.github/workflows/release-doxygen.yml vendored
View File

@@ -43,7 +43,7 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Python env
uses: actions/setup-python@v5
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
cache: 'pip'
cache-dependency-path: './llvm/docs/requirements.txt'

6
.github/workflows/release-lit.yml vendored
View File

@@ -45,7 +45,7 @@ jobs:
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions
- name: Setup Cpp
uses: aminya/setup-cpp@v1
uses: aminya/setup-cpp@17c11551771948abc5752bbf3183482567c7caf0 # v1.1.1
with:
compiler: llvm-16.0.6
cmake: true
@@ -66,14 +66,14 @@ jobs:
python3 setup.py sdist bdist_wheel
- name: Upload lit to test.pypi.org
uses: pypa/gh-action-pypi-publish@release/v1
uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
with:
password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }}
repository-url: https://test.pypi.org/legacy/
packages-dir: llvm/utils/lit/dist/
- name: Upload lit to pypi.org
uses: pypa/gh-action-pypi-publish@release/v1
uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
with:
password: ${{ secrets.LLVM_LIT_PYPI_API_TOKEN }}
packages-dir: llvm/utils/lit/dist/

2
.github/workflows/version-check.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Fetch LLVM sources
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0