Skip to content

Commit e7352b0

Browse files
danieldkdanieldk
authored
Add make pin-actions target to pin all GitHub actions (#498)
* Add `make pin-actions` target to pin all GitHub actions * Pin all the actions
1 parent 865145b commit e7352b0

16 files changed

Lines changed: 42 additions & 38 deletions

.github/workflows/build_kernel.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ jobs:
4545
run: cp -rL result/* .
4646

4747
- name: Upload kernel artifacts
48-
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
48+
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
4949
with:
5050
name: built-kernels-${{ matrix.arch }}
5151
path: |
@@ -68,7 +68,7 @@ jobs:
6868
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6969

7070
- name: Download kernel artifacts
71-
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
71+
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
7272
with:
7373
name: built-kernels-x86_64-linux
7474
path: .

.github/workflows/build_kernel_macos.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,8 @@ jobs:
1919
run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
2020
- name: "Install Metal Toolchain"
2121
run: xcodebuild -downloadComponent metalToolchain
22-
- uses: actions/checkout@v6
23-
- uses: cachix/install-nix-action@v31
22+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
23+
- uses: cachix/install-nix-action@616559265b40713947b9c190a8ff4b507b5df49b # v31.10.4
2424
- uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c # v17
2525
with:
2626
name: huggingface

.github/workflows/build_kernel_rocm.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
runs-on:
1717
group: aws-highmemory-32-plus-nix
1818
steps:
19-
- uses: actions/checkout@v6
19+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2020
- uses: DeterminateSystems/nix-installer-action@ef8a148080ab6020fd15196c2084a2eea5ff2d25
2121
with:
2222
extra-conf: |

.github/workflows/build_kernel_windows.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,26 +26,26 @@ jobs:
2626
runs-on: ${{ matrix.os }}
2727

2828
steps:
29-
- uses: actions/cache@v5
29+
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
3030
with:
3131
key: cuda-toolkit-v${{ matrix.cuda }}-${{ matrix.os }}
3232
path: |
3333
C:\Program Files\NVIDIA GPU Computing Toolkit
3434
~/.cargo/registry
3535
~/.cargo/git
3636
37-
- uses: actions/checkout@v6
37+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3838

3939
# CUDA environment setup
40-
- uses: huggingface/cuda-toolkit@v0.1.0
40+
- uses: huggingface/cuda-toolkit@714c97b32958862237b96401fb253a4261453c3b # v0.1.0
4141
id: setup-cuda-toolkit
4242
with:
4343
cuda: ${{ matrix.torch.cuda }} # TODO(mfuntowicz): How can we test multiple CUDA versions than align with torch?
4444
- name: "NVCC checks"
4545
run: nvcc -V
4646

4747
# Rust build environment setup
48-
- uses: actions-rs/toolchain@v1
48+
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
4949
with:
5050
toolchain: stable
5151
profile: minimal
@@ -55,7 +55,7 @@ jobs:
5555
run: ( cd kernel-builder && cargo build --release )
5656

5757
# Python environment setup
58-
- uses: actions/setup-python@v6
58+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
5959
with:
6060
python-version: ${{ matrix.python }}
6161
cache: 'pip'

.github/workflows/build_kernel_xpu.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
runs-on:
1717
group: aws-highmemory-32-plus-nix
1818
steps:
19-
- uses: actions/checkout@v6
19+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2020
- uses: DeterminateSystems/nix-installer-action@ef8a148080ab6020fd15196c2084a2eea5ff2d25
2121
with:
2222
extra-conf: |

.github/workflows/check_variants.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ jobs:
1515
name: Check build variants
1616
runs-on: ubuntu-latest
1717
steps:
18-
- uses: actions/checkout@v6
19-
- uses: cachix/install-nix-action@v31
18+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
19+
- uses: cachix/install-nix-action@616559265b40713947b9c190a8ff4b507b5df49b # v31.10.4
2020
with:
2121
nix_path: nixpkgs=channel:nixos-unstable
2222
- name: Generate variants JSON

.github/workflows/lint.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,12 +12,12 @@ jobs:
1212
steps:
1313
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1414
- name: Run ruff check
15-
uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3
15+
uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3.6.1
1616
with:
1717
src: kernels
1818
version: ${{ env.RUFF_VERSION }}
1919
- name: Run ruff format check
20-
uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3
20+
uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3.6.1
2121
with:
2222
src: kernels
2323
version: ${{ env.RUFF_VERSION }}
@@ -33,7 +33,7 @@ jobs:
3333
with:
3434
fetch-depth: 0
3535
- name: Install uv and set the python version
36-
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
36+
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
3737
with:
3838
python-version: "3.12"
3939
- name: Check for breaking changes

.github/workflows/nix_checks.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
runs-on:
1414
group: aws-highmemory-32-plus-nix
1515
steps:
16-
- uses: actions/checkout@v6
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1717
- uses: DeterminateSystems/nix-installer-action@ef8a148080ab6020fd15196c2084a2eea5ff2d25
1818
with:
1919
extra-conf: |

.github/workflows/publish_kernels.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
with:
1313
persist-credentials: false
1414
- name: Set up Python
15-
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
15+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
1616
with:
1717
python-version: "3.9"
1818
- name: Install pypa/build
@@ -24,7 +24,7 @@ jobs:
2424
- name: Build a binary wheel and a source tarball
2525
run: ( cd kernels && python3 -m build )
2626
- name: Store the distribution packages
27-
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
27+
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
2828
with:
2929
name: python-package-distributions
3030
path: kernels/dist/
@@ -44,7 +44,7 @@ jobs:
4444

4545
steps:
4646
- name: Download all the dists
47-
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
47+
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
4848
with:
4949
name: python-package-distributions
5050
path: dist/
@@ -65,7 +65,7 @@ jobs:
6565

6666
steps:
6767
- name: Download all the dists
68-
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
68+
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
6969
with:
7070
name: python-package-distributions
7171
path: dist/
@@ -109,7 +109,7 @@ jobs:
109109

110110
steps:
111111
- name: Download all the dists
112-
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
112+
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
113113
with:
114114
name: python-package-distributions
115115
path: dist/

.github/workflows/rust.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@ jobs:
77
name: Rustfmt
88
runs-on: ubuntu-latest
99
steps:
10-
- uses: actions/checkout@v6
11-
- uses: dtolnay/rust-toolchain@stable
10+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
11+
- uses: dtolnay/rust-toolchain@e081816240890017053eacbb1bdf337761dc5582 # 1.95.0
1212
with:
1313
components: rustfmt
1414
- name: Cargo fmt (kernel-abi-check)
@@ -26,8 +26,8 @@ jobs:
2626
name: Clippy
2727
runs-on: ubuntu-latest
2828
steps:
29-
- uses: actions/checkout@v6
30-
- uses: actions/cache@v5
29+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
30+
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
3131
with:
3232
path: |
3333
~/.cargo/bin/
@@ -36,7 +36,7 @@ jobs:
3636
~/.cargo/git/db/
3737
target/
3838
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
39-
- uses: dtolnay/rust-toolchain@stable
39+
- uses: dtolnay/rust-toolchain@e081816240890017053eacbb1bdf337761dc5582 # 1.95.0
4040
with:
4141
components: clippy
4242
- name: Clippy (kernel-abi-check)

0 commit comments

Comments
 (0)