@@ -118,9 +118,6 @@ jobs:
118118 docker : ${{steps.filter.outputs.docker || steps.filter.outputs.ci}}
119119 docker_files : ${{steps.filter.outputs.docker_files}}
120120
121- requirements : ${{steps.filter.outputs.requirements || steps.filter.outputs.ci}}
122- requirements_files : ${{steps.filter.outputs.requirements_files}}
123-
124121 shell : ${{steps.filter.outputs.shell || steps.filter.outputs.ci}}
125122 shell_files : ${{steps.filter.outputs.shell_files}}
126123 steps :
@@ -129,27 +126,28 @@ jobs:
129126 name : Use the user-provided SHA as the basis for comparison
130127 env :
131128 GH_TOKEN : ${{github.token}}
129+ INPUTS_SHA : ${{inputs.sha}}
132130 run : |
133131 set -x +e
134- url="repos/${{github.repository}}/commits/${{inputs.sha} }"
135- if full_sha="$(gh api $url -q '.sha')"; then
132+ url="repos/${{github.repository}}/commits/${INPUTS_SHA }"
133+ if full_sha="$(gh api " $url" -q '.sha')"; then
136134 echo "base=$full_sha" >> "$GITHUB_ENV"
137135 else
138136 {
139137 echo "### :x: Workflow error"
140138 echo "The SHA provided to _Run Workflow_ does not exist:"
141- echo "<code>${{inputs.sha} }</code>"
139+ echo "<code>${INPUTS_SHA }</code>"
142140 } >> "$GITHUB_STEP_SUMMARY"
143141 exit 1
144142 fi
145143
146144if : github.event_name != 'workflow_dispatch'
147145 name : Use ref ${{github.ref_name}} as the basis for comparison
148146 run : |
149- echo base=${{github.ref_name}} >> "$GITHUB_ENV"
147+ echo base="${GITHUB_REF_NAME}" >> "$GITHUB_ENV"
150148
151149name : Check out a copy of the OpenFermion git repository
152- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
150+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
153151
154152 - name : Determine files changed by this ${{github.event_name}} event
155153 uses : dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
@@ -169,6 +167,12 @@ jobs:
169167 - '**/CITATION.cff'
170168 python:
171169 - '**/*.py'
170+ - 'dev_tools/conf/**'
171+ - 'dev_tools/requirements/deps/*.txt'
172+ - 'dev_tools/requirements/env/*.txt'
173+ - 'dev_tools/requirements/max_compat/*.txt'
174+ - 'docs/**/*-requirements.txt'
175+ - 'docs/**/requirements.txt'
172176 gha:
173177 - added|modified:
174178 - './.github/workflows/*.yaml'
@@ -183,10 +187,6 @@ jobs:
183187 docker:
184188 - '**/dockerfile'
185189 - '**/Dockerfile'
186- requirements:
187- - 'dev_tools/requirements/deps/*.txt'
188- - 'docs/**/*-requirements.txt'
189- - 'docs/**/requirements.txt'
190190 shell:
191191 - '**/*.sh'
192192 - 'check/*'
@@ -199,10 +199,10 @@ jobs:
199199 timeout-minutes : 10
200200 steps :
201201 - name : Check out a copy of the git repository
202- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
202+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
203203
204204 - name : Set up Python with caching of pip dependencies
205- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
205+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
206206 with :
207207 python-version : ${{inputs.python_ver || env.python_ver}}
208208 architecture : ' x64'
@@ -228,12 +228,12 @@ jobs:
228228 timeout-minutes : 10
229229 steps :
230230 - name : Check out a copy of the git repository
231- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
231+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
232232 with :
233233 fetch-depth : 0
234234
235235 - name : Set up Python and restore cache
236- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
236+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
237237 with :
238238 python-version : ${{inputs.python_ver || env.python_ver}}
239239 architecture : ' x64'
@@ -257,10 +257,10 @@ jobs:
257257 timeout-minutes : 10
258258 steps :
259259 - name : Check out a copy of the git repository
260- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
260+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
261261
262262 - name : Set up Python and restore cache
263- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
263+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
264264 with :
265265 python-version : ${{inputs.python_ver || env.python_ver}}
266266 architecture : ' x64'
@@ -284,10 +284,10 @@ jobs:
284284 timeout-minutes : 10
285285 steps :
286286 - name : Check out a copy of the git repository
287- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
287+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
288288
289289 - name : Set up Python and restore cache
290- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
290+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
291291 with :
292292 python-version : ${{inputs.python_ver || env.python_ver}}
293293 architecture : ' x64'
@@ -324,10 +324,10 @@ jobs:
324324 fail-fast : false
325325 steps :
326326 - name : Check out a copy of the git repository
327- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
327+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
328328
329329 - name : Set up Python and restore cache
330- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
330+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
331331 with :
332332 python-version : ${{inputs.python_ver || env.python_ver}}
333333 cache : pip
@@ -351,12 +351,14 @@ jobs:
351351 runs-on : ubuntu-24.04
352352 steps :
353353 - run : |
354- result="${{needs.pytest-matrix.result} }"
354+ result="${NEEDS_PYTEST_MATRIX_RESULT }"
355355 if [[ $result == "success" || $result == "skipped" ]]; then
356356 exit 0
357357 else
358358 exit 1
359359 fi
360+ env:
361+ NEEDS_PYTEST_MATRIX_RESULT: ${{needs.pytest-matrix.result}}
360362
361363pytest-extra-matrix :
362364 if : needs.changes.outputs.python == 'true'
@@ -371,10 +373,10 @@ jobs:
371373 fail-fast : false
372374 steps :
373375 - name : Check out a copy of the git repository
374- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
376+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
375377
376378 - name : Set up Python and restore cache
377- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
379+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
378380 with :
379381 python-version : ${{inputs.python_ver || env.python_ver}}
380382 cache : pip
@@ -398,12 +400,14 @@ jobs:
398400 runs-on : ubuntu-24.04
399401 steps :
400402 - run : |
401- result="${{needs.pytest-extra-matrix.result} }"
403+ result="${NEEDS_PYTEST_EXTRA_MATRIX_RESULT }"
402404 if [[ $result == "success" || $result == "skipped" ]]; then
403405 exit 0
404406 else
405407 exit 1
406408 fi
409+ env:
410+ NEEDS_PYTEST_EXTRA_MATRIX_RESULT: ${{needs.pytest-extra-matrix.result}}
407411
408412python-compat :
409413 if : needs.changes.outputs.python == 'true'
@@ -413,12 +417,12 @@ jobs:
413417 timeout-minutes : 15
414418 steps :
415419 - name : Check out a copy of the git repository
416- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
420+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
417421
418422 # Note: deliberately not using our Python cache here b/c this runs
419423 # a different version of Python.
420424 - name : Set up Python and restore cache
421- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
425+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
422426 with :
423427 python-version : ${{env.python_compat_ver}}
424428
@@ -439,12 +443,12 @@ jobs:
439443 timeout-minutes : 15
440444 steps :
441445 - name : Check out a copy of the git repository
442- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
446+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
443447 with :
444448 fetch-depth : 0
445449
446450 - name : Set up Python and restore cache
447- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
451+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
448452 with :
449453 python-version : ${{inputs.python_ver || env.python_ver}}
450454 cache : pip
@@ -466,10 +470,10 @@ jobs:
466470 runs-on : ubuntu-24.04
467471 timeout-minutes : 5
468472 env :
469- changed_files : ${{needs.changes.outputs.yaml_files}}
473+ CHANGED_FILES : ${{needs.changes.outputs.yaml_files}}
470474 steps :
471475 - name : Check out a copy of the git repository
472- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
476+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
473477
474478 - name : Set up yamllint output problem matcher
475479 run : echo "::add-matcher::.github/problem-matchers/yamllint.json"
@@ -478,7 +482,7 @@ jobs:
478482 run : |
479483 set -x
480484 # shellcheck disable=SC2086
481- yamllint $changed_files
485+ yamllint ${CHANGED_FILES}
482486
483487json-lint :
484488 if : needs.changes.outputs.json == 'true'
@@ -487,10 +491,10 @@ jobs:
487491 runs-on : ubuntu-24.04
488492 timeout-minutes : 5
489493 env :
490- changed_files : ${{needs.changes.outputs.json_files}}
494+ CHANGED_FILES : ${{needs.changes.outputs.json_files}}
491495 steps :
492496 - name : Check out a copy of the git repository
493- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
497+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
494498
495499 - name : Install jsonlint
496500 run : npm install -g @prantlf/jsonlint
@@ -499,19 +503,19 @@ jobs:
499503 run : echo '::add-matcher::.github/problem-matchers/jsonlint.json'
500504
501505 - name : Run jsonlint on JSON files
502- run : jsonlint --continue ${{env.changed_files}}
506+ run : |
507+ # shellcheck disable=SC2086
508+ jsonlint --continue ${CHANGED_FILES}
503509
504510cff-validation :
505511 if : needs.changes.outputs.cff == 'true'
506512 name : CITATION.cff checks
507513 needs : changes
508514 runs-on : ubuntu-24.04
509515 timeout-minutes : 5
510- env :
511- changed_files : ${{needs.changes.outputs.cff_files}}
512516 steps :
513517 - name : Check out a copy of the git repository
514- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
518+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
515519
516520 - name : Install cffconvert
517521 run : pip install cffconvert
@@ -527,10 +531,10 @@ jobs:
527531 runs-on : macos-14
528532 timeout-minutes : 5
529533 env :
530- changed_files : ${{needs.changes.outputs.docker_files}}
534+ CHANGED_FILES : ${{needs.changes.outputs.docker_files}}
531535 steps :
532536 - name : Check out a copy of the git repository
533- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
537+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
534538
535539 # Note: there is a hadolint GitHub Actions available, but it only accepts
536540 # one Dockerfile to check. We have > 1 file to check, so we need the CLI.
@@ -541,7 +545,9 @@ jobs:
541545 run : echo '::add-matcher::.github/problem-matchers/hadolint.json'
542546
543547 - name : Run hadolint on Dockerfiles that have been changed
544- run : hadolint ${{env.changed_files}}
548+ run : |
549+ # shellcheck disable=SC2086
550+ hadolint ${CHANGED_FILES}
545551
546552workflow-validation :
547553 if : needs.changes.outputs.gha == 'true'
@@ -550,15 +556,14 @@ jobs:
550556 # This uses a Mac runner because actionlint isn't available via Linux apt.
551557 runs-on : macos-14
552558 timeout-minutes : 5
553- env :
554- changed_files : ${{needs.changes.outputs.gha_files}}
555559 steps :
556560 - name : Check out a copy of the git repository
557- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
561+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
558562
559563 # The next action simply fails if there are any unpinned actions.
560564 - name : Verify that all workflow actions have pinned versions
561- uses : zgosalvez/github-actions-ensure-sha-pinned-actions@9e9574ef04ea69da568d6249bd69539ccc704e74
565+ # yamllint disable-line rule:line-length
566+ uses : zgosalvez/github-actions-ensure-sha-pinned-actions@70c4af2ed5282c51ba40566d026d6647852ffa3e # v5.0.1
562567
563568 # If we didn't fail the previous check, go on to more time-consuming ones.
564569 - name : Install actionlint
@@ -577,25 +582,18 @@ jobs:
577582 runs-on : ubuntu-24.04
578583 timeout-minutes : 5
579584 env :
580- changed_files : ${{needs.changes.outputs.shell_files}}
585+ CHANGED_FILES : ${{needs.changes.outputs.shell_files}}
581586 steps :
582587 - name : Check out a copy of the git repository
583- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
588+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
584589
585590 - name : Set up shellcheck output problem matcher
586591 run : echo "::add-matcher::.github/problem-matchers/shellcheck.json"
587592
588593 - name : Run shellcheck on shell scripts that have been changed
589- run : shellcheck ${{env.changed_files}}
590-
591- vulnerability-checks :
592- if : needs.changes.outputs.requirements == 'true'
593- name : Vulnerability checks
594- needs : changes
595- uses : ./.github/workflows/osv-scanner.yaml
596- permissions : write-all
597- with :
598- reason : CI
594+ run : |
595+ # shellcheck disable=SC2086
596+ shellcheck ${CHANGED_FILES}
599597
600598print-debugging-info :
601599 if : failure()
@@ -604,10 +602,10 @@ jobs:
604602 timeout-minutes : 5
605603 steps :
606604 - name : Check out a copy of the git repository
607- uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4
605+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
608606
609607 - name : Set up Python with caching of pip dependencies
610- uses : actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0 .0
608+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2 .0
611609 with :
612610 python-version : ${{inputs.python_ver || env.python_ver}}
613611 architecture : ' x64'
0 commit comments