diff --git a/.github/workflows/build-metrics-container.yml b/.github/workflows/build-metrics-container.yml index 751ab679411dc..7924779fc3f8d 100644 --- a/.github/workflows/build-metrics-container.yml +++ b/.github/workflows/build-metrics-container.yml @@ -27,7 +27,7 @@ jobs: container-filename: ${{ steps.vars.outputs.container-filename }} steps: - name: Checkout LLVM - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: .ci/metrics/ - name: Write Variables @@ -49,7 +49,7 @@ jobs: run: | podman save ${{ steps.vars.outputs.container-name-tag }} > ${{ steps.vars.outputs.container-filename }} - name: Upload Container Image - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: container path: ${{ steps.vars.outputs.container-filename }} @@ -66,7 +66,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: Download Container - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: container - name: Push Container diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml index d614dd07b3a49..e0d30b66f66b6 100644 --- a/.github/workflows/ci-post-commit-analyzer.yml +++ b/.github/workflows/ci-post-commit-analyzer.yml @@ -44,7 +44,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup ccache - uses: hendrikmuhs/ccache-action@v1 + uses: hendrikmuhs/ccache-action@a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17 with: # A full build of llvm, clang, lld, and lldb takes about 250MB # of ccache space. There's not much reason to have more than this, diff --git a/.github/workflows/commit-access-review.yml b/.github/workflows/commit-access-review.yml index f9195a1863dee..5ab0ddd50d241 100644 --- a/.github/workflows/commit-access-review.yml +++ b/.github/workflows/commit-access-review.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install dependencies run: | diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index b4fa27203236a..3561344bf87c2 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -60,12 +60,12 @@ jobs: # a local checkout beforehand. - name: Fetch LLVM sources (Push) if: ${{ github.event_name == 'push' }} - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: Get subprojects that have doc changes id: docs-changed-subprojects - uses: tj-actions/changed-files@v39 + uses: tj-actions/changed-files@fea790cb660e33aef4bdf07304e28fedd77dfa13 # v39.2.4 with: files_yaml: | llvm: @@ -98,11 +98,11 @@ jobs: - '.github/workflows/docs.yml' - name: Fetch LLVM sources (PR) if: ${{ github.event_name == 'pull_request' }} - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: Setup Python env - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.11' cache: 'pip' @@ -216,7 +216,7 @@ jobs: mkdir built-docs/flang cp -r flang-build/docs/* built-docs/flang/ - name: Upload docs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: docs-output path: built-docs/ diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index 8f32d020975f5..5719203c5f908 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/issue-release-workflow.yml b/.github/workflows/issue-release-workflow.yml index 5027d4f3ea6f1..1582d06a97d3f 100644 --- a/.github/workflows/issue-release-workflow.yml +++ b/.github/workflows/issue-release-workflow.yml @@ -42,7 +42,7 @@ jobs: contains(github.event.action == 'opened' && github.event.issue.body || github.event.comment.body, '/cherry-pick') steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: llvm/llvm-project # GitHub stores the token used for checkout and uses it for pushes diff --git a/.github/workflows/issue-subscriber.yml b/.github/workflows/issue-subscriber.yml index ef4fdf4418193..2fb8ad18eb0ac 100644 --- a/.github/workflows/issue-subscriber.yml +++ b/.github/workflows/issue-subscriber.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Checkout Automation Script - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: llvm/utils/git/ ref: main diff --git a/.github/workflows/issue-write.yml b/.github/workflows/issue-write.yml index 5334157a7fd20..712c7d8268239 100644 --- a/.github/workflows/issue-write.yml +++ b/.github/workflows/issue-write.yml @@ -25,7 +25,7 @@ jobs: ) steps: - name: Fetch Sources - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: | .github/workflows/unprivileged-download-artifact/action.yml @@ -39,7 +39,7 @@ jobs: - name: 'Comment on PR' if: steps.download-artifact.outputs.artifact-id != '' - uses: actions/github-script@v3 + uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3.2.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/libclang-abi-tests.yml b/.github/workflows/libclang-abi-tests.yml index 41b3075288d2d..8995d52b9925f 100644 --- a/.github/workflows/libclang-abi-tests.yml +++ b/.github/workflows/libclang-abi-tests.yml @@ -38,7 +38,7 @@ jobs: LLVM_VERSION_PATCH: ${{ steps.version.outputs.patch }} steps: - name: Checkout source - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 250 diff --git a/.github/workflows/llvm-bugs.yml b/.github/workflows/llvm-bugs.yml index c392078fa4525..a54e52456e860 100644 --- a/.github/workflows/llvm-bugs.yml +++ b/.github/workflows/llvm-bugs.yml @@ -14,13 +14,13 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'llvm/llvm-project' steps: - - uses: actions/setup-node@v4 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 18 check-latest: true - run: npm install mailgun.js form-data - name: Send notification - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 env: MAILGUN_API_KEY: ${{ secrets.LLVM_BUGS_KEY }} with: diff --git a/.github/workflows/llvm-project-tests.yml b/.github/workflows/llvm-project-tests.yml index 4ff84c511250f..d857995d325d0 100644 --- a/.github/workflows/llvm-project-tests.yml +++ b/.github/workflows/llvm-project-tests.yml @@ -82,7 +82,7 @@ jobs: # lldb. Using this setup-python action to make 3.10 the default # python fixes this. - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: ${{ inputs.python_version }} - name: Install Ninja @@ -91,11 +91,11 @@ jobs: # actions/checkout deletes any existing files in the new git directory, # so this needs to either run before ccache-action or it has to use # clean: false. - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 250 - name: Setup ccache - uses: hendrikmuhs/ccache-action@v1 + uses: hendrikmuhs/ccache-action@a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17 with: # A full build of llvm, clang, lld, and lldb takes about 250MB # of ccache space. There's not much reason to have more than this, diff --git a/.github/workflows/llvm-tests.yml b/.github/workflows/llvm-tests.yml index 9b3d49d4e99b9..2c41368369ce8 100644 --- a/.github/workflows/llvm-tests.yml +++ b/.github/workflows/llvm-tests.yml @@ -38,7 +38,7 @@ jobs: LLVM_VERSION_PATCH: ${{ steps.version.outputs.patch }} steps: - name: Checkout source - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 250 diff --git a/.github/workflows/merged-prs.yml b/.github/workflows/merged-prs.yml index e29afd4097f9f..aa559e4b75a76 100644 --- a/.github/workflows/merged-prs.yml +++ b/.github/workflows/merged-prs.yml @@ -21,7 +21,7 @@ jobs: (github.event.pull_request.merged == true) steps: - name: Checkout Automation Script - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: llvm/utils/git/ ref: main diff --git a/.github/workflows/new-prs.yml b/.github/workflows/new-prs.yml index 88175d6f8d64d..3f042e7616011 100644 --- a/.github/workflows/new-prs.yml +++ b/.github/workflows/new-prs.yml @@ -35,7 +35,7 @@ jobs: (github.event.pull_request.author_association != 'OWNER') steps: - name: Checkout Automation Script - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: llvm/utils/git/ ref: main @@ -67,7 +67,7 @@ jobs: github.event.pull_request.draft == false && github.event.pull_request.commits < 10 steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 with: configuration-path: .github/new-prs-labeler.yml # workaround for https://github.com/actions/labeler/issues/112 diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index 0e6180acf4a46..a5a5626369bdb 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -19,12 +19,12 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} - name: Checkout through merge base - uses: rmacklin/fetch-through-merge-base@v0 + uses: rmacklin/fetch-through-merge-base@bfe4d03a86f9afa52bc1a70e9814fc92a07f7b75 # v0.3.0 with: base_ref: ${{ github.event.pull_request.base.ref }} head_ref: ${{ github.event.pull_request.head.sha }} @@ -32,7 +32,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v39 + uses: tj-actions/changed-files@fea790cb660e33aef4bdf07304e28fedd77dfa13 # v39.2.4 with: separator: "," skip_initial_fetch: true @@ -40,7 +40,7 @@ jobs: # We need to pull the script from the main branch, so that we ensure # we get the latest version of this script. - name: Fetch code formatting utils - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ github.repository }} ref: ${{ github.base_ref }} @@ -58,12 +58,12 @@ jobs: echo "$CHANGED_FILES" - name: Install clang-format - uses: aminya/setup-cpp@v1 + uses: aminya/setup-cpp@17c11551771948abc5752bbf3183482567c7caf0 # v1.1.1 with: clangformat: 19.1.6 - name: Setup Python env - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/pr-subscriber.yml b/.github/workflows/pr-subscriber.yml index 272d3e2f9ef8a..0e3d3e04ee938 100644 --- a/.github/workflows/pr-subscriber.yml +++ b/.github/workflows/pr-subscriber.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Checkout Automation Script - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: llvm/utils/git/ ref: main diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index 231dd26e54ae0..fd6a6cc931ec4 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -336,7 +336,7 @@ jobs: runs-on: ${{ needs.prepare.outputs.test-runs-on }} steps: - name: Checkout Actions - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }} sparse-checkout: | diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml index 09e21585bfc56..bac500080f90a 100644 --- a/.github/workflows/release-documentation.yml +++ b/.github/workflows/release-documentation.yml @@ -37,7 +37,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Python env - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: cache: 'pip' cache-dependency-path: './llvm/docs/requirements.txt' diff --git a/.github/workflows/release-doxygen.yml b/.github/workflows/release-doxygen.yml index ea95e5bb12b2b..17d437e3a649d 100644 --- a/.github/workflows/release-doxygen.yml +++ b/.github/workflows/release-doxygen.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Python env - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: cache: 'pip' cache-dependency-path: './llvm/docs/requirements.txt' diff --git a/.github/workflows/release-lit.yml b/.github/workflows/release-lit.yml index 9d6f3140e6883..346cf3bf2c460 100644 --- a/.github/workflows/release-lit.yml +++ b/.github/workflows/release-lit.yml @@ -45,7 +45,7 @@ jobs: ./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions - name: Setup Cpp - uses: aminya/setup-cpp@v1 + uses: aminya/setup-cpp@17c11551771948abc5752bbf3183482567c7caf0 # v1.1.1 with: compiler: llvm-16.0.6 cmake: true @@ -66,14 +66,14 @@ jobs: python3 setup.py sdist bdist_wheel - name: Upload lit to test.pypi.org - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 with: password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }} repository-url: https://test.pypi.org/legacy/ packages-dir: llvm/utils/lit/dist/ - name: Upload lit to pypi.org - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 with: password: ${{ secrets.LLVM_LIT_PYPI_API_TOKEN }} packages-dir: llvm/utils/lit/dist/ diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml index 894e07d323ca9..18e21a1a8f295 100644 --- a/.github/workflows/version-check.yml +++ b/.github/workflows/version-check.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0