From ac1558081315f7fa3f29e8b5686cad0f3f2a29dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 19:57:48 +0000 Subject: [PATCH] Bump the github-actions group across 1 directory with 13 updates Bumps the github-actions group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.4.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `5.0.4` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.3.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `4.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [astral-sh/ruff-action](https://github.com/astral-sh/ruff-action) | `3.3.1` | `3.6.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` | | [actions/github-script](https://github.com/actions/github-script) | `7.1.0` | `8.0.0` | | [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) | `5.1.0` | `6.0.0` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6.1.0` | `8.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.18` | `4.35.1` | Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-go` from 5.5.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/d35c59abb061a4a6fb18e82ac0862c26744d6ab5...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `actions/cache` from 4.2.3 to 5.0.4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...668228422ae6a00e4ad889ee87cd7109ec5666a7) Updates `actions/setup-node` from 4.4.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...53b83947a5a98c8d113130e565377fae1a50d02f) Updates `actions/upload-pages-artifact` from 3.0.1 to 4.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...7b1f4a764d45c48632c6b24a0339c27f5614fb0b) Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128) Updates `astral-sh/ruff-action` from 3.3.1 to 3.6.1 - [Release notes](https://github.com/astral-sh/ruff-action/releases) - [Commits](https://github.com/astral-sh/ruff-action/compare/84f83ecf9e1e15d26b7984c7ec9cf73d39ffc946...4919ec5cf1f49eff0871dbcea0da843445b837e6) Updates `actions/upload-artifact` from 4.6.2 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) Updates `actions/download-artifact` from 4.3.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `actions/github-script` from 7.1.0 to 8.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/f28e40c7f34bde8b3046d885e986cb6290c5673b...ed597411d8f924073f98dfc5c65a23a2325f34cd) Updates `geekyeggo/delete-artifact` from 5.1.0 to 6.0.0 - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Changelog](https://github.com/GeekyEggo/delete-artifact/blob/main/CHANGELOG.md) - [Commits](https://github.com/geekyeggo/delete-artifact/compare/f275313e70c08f6120db482d7a6b98377786765b...176a747ab7e287e3ff4787bf8a148716375ca118) Updates `astral-sh/setup-uv` from 6.1.0 to 8.0.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb...cec208311dfd045dd5311c1add060b2062131d57) Updates `github/codeql-action` from 3.28.18 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...c10b8064de6f491fea524254123dbe5e09572f13) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-pages-artifact dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: astral-sh/ruff-action dependency-version: 3.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: geekyeggo/delete-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/actions-cpu-e2e-test.yaml | 2 +- .github/workflows/actions-lint.yaml | 2 +- .github/workflows/benchmarking-tests.yaml | 2 +- .../check-clang-format-on-error.yaml | 2 +- .github/workflows/check-clang-format.yaml | 2 +- .../workflows/generate-dashboard-data.yaml | 14 ++++----- .github/workflows/python-lint.yml | 8 ++--- .github/workflows/run-benchmarks.yaml | 30 +++++++++---------- .github/workflows/setup-uv-python-test.yaml | 4 +-- .../test-ci-buildifier-on-error.yaml | 2 +- .github/workflows/test-ci-buildifier.yaml | 2 +- .../wait-for-connection-no-python.yaml | 2 +- .../wait-for-connection-on-error-test.yaml | 2 +- .../workflows/wait-for-connection-test.yaml | 2 +- .github/workflows/zizmor.yaml | 6 ++-- 15 files changed, 41 insertions(+), 41 deletions(-) diff --git a/.github/workflows/actions-cpu-e2e-test.yaml b/.github/workflows/actions-cpu-e2e-test.yaml index 79a69924..26b55023 100644 --- a/.github/workflows/actions-cpu-e2e-test.yaml +++ b/.github/workflows/actions-cpu-e2e-test.yaml @@ -21,7 +21,7 @@ jobs: (contains(matrix.runner, 'linux-arm64') && 'us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build-arm64:latest') || (contains(matrix.runner, 'windows-x86') && null) }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 with: persist-credentials: false - name: Simulate running a job on ${{ matrix.runner }} diff --git a/.github/workflows/actions-lint.yaml b/.github/workflows/actions-lint.yaml index 05d1a340..f2854026 100644 --- a/.github/workflows/actions-lint.yaml +++ b/.github/workflows/actions-lint.yaml @@ -9,7 +9,7 @@ jobs: actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 with: persist-credentials: false - name: Check workflow files diff --git a/.github/workflows/benchmarking-tests.yaml b/.github/workflows/benchmarking-tests.yaml index 5be7aaf2..c2a43383 100644 --- a/.github/workflows/benchmarking-tests.yaml +++ b/.github/workflows/benchmarking-tests.yaml @@ -28,7 +28,7 @@ jobs: image: us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest@sha256:e1461af32bf27640ddbcde7c3e7a10f194142779e9ed3bba962040812e626a1c # ratchet:us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest steps: - name: Checkout Repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v5 with: persist-credentials: false - name: Run benchmarking Bazel tests diff --git a/.github/workflows/check-clang-format-on-error.yaml b/.github/workflows/check-clang-format-on-error.yaml index ec1836bc..6e1af073 100644 --- a/.github/workflows/check-clang-format-on-error.yaml +++ b/.github/workflows/check-clang-format-on-error.yaml @@ -29,7 +29,7 @@ jobs: container: "us-central1-docker.pkg.dev/tensorflow-sigs/tensorflow/ml-build:latest" timeout-minutes: 10 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: "Run clang-format on error action" diff --git a/.github/workflows/check-clang-format.yaml b/.github/workflows/check-clang-format.yaml index b18a7927..1f8fb26c 100644 --- a/.github/workflows/check-clang-format.yaml +++ b/.github/workflows/check-clang-format.yaml @@ -29,7 +29,7 @@ jobs: container: "us-central1-docker.pkg.dev/tensorflow-sigs/tensorflow/ml-build:latest" timeout-minutes: 10 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: "Run clang-format action" diff --git a/.github/workflows/generate-dashboard-data.yaml b/.github/workflows/generate-dashboard-data.yaml index 5c35578f..92a7ee97 100644 --- a/.github/workflows/generate-dashboard-data.yaml +++ b/.github/workflows/generate-dashboard-data.yaml @@ -15,10 +15,10 @@ jobs: generate-json: runs-on: ubuntu-latest steps: - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: 1.24.0 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false # Get values for cache paths t∏o be used in later steps @@ -27,7 +27,7 @@ jobs: echo "go-cache=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod-cache=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Cache go modules - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.cache-paths.outputs.go-cache }} @@ -46,10 +46,10 @@ jobs: generate-angular: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # ratchet:actions/setup-node@v6.4.0 with: node-version: 20 cache: 'npm' @@ -69,7 +69,7 @@ jobs: mv dist/ci-dashboard/3rdpartylicenses.txt dist/ci-dashboard/browser ls -la dist/ci-dashboard - name: Upload Pages - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # ratchet:actions/upload-artifact@v4 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # ratchet:actions/upload-artifact@v4 with: id: deployment path: ci_dashboard/frontend/dist/ci-dashboard/browser @@ -89,7 +89,7 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # ratchet:actions/deploy-pages@v4 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # ratchet:actions/deploy-pages@v5.0.0 diff --git a/.github/workflows/python-lint.yml b/.github/workflows/python-lint.yml index 97df8ba1..76ba2082 100644 --- a/.github/workflows/python-lint.yml +++ b/.github/workflows/python-lint.yml @@ -16,17 +16,17 @@ jobs: name: Ruff Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 with: persist-credentials: false - - uses: astral-sh/ruff-action@84f83ecf9e1e15d26b7984c7ec9cf73d39ffc946 # ratchet:astral-sh/ruff-action@v3.3.1 + - uses: astral-sh/ruff-action@0ce1b0bf8b818ef400413f810f8a11cdbda0034b # ratchet:astral-sh/ruff-action@v4.0.0 format: name: Ruff Format runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 with: persist-credentials: false - - uses: astral-sh/ruff-action@84f83ecf9e1e15d26b7984c7ec9cf73d39ffc946 # ratchet:astral-sh/ruff-action@v3.3.1 + - uses: astral-sh/ruff-action@0ce1b0bf8b818ef400413f810f8a11cdbda0034b # ratchet:astral-sh/ruff-action@v4.0.0 with: args: "format --check --diff" diff --git a/.github/workflows/run-benchmarks.yaml b/.github/workflows/run-benchmarks.yaml index 7cba3402..faebc4e5 100644 --- a/.github/workflows/run-benchmarks.yaml +++ b/.github/workflows/run-benchmarks.yaml @@ -115,7 +115,7 @@ jobs: job_id: ${{ steps.gen_job_id.outputs.job_id }} steps: - name: Check out user repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6.0.2 with: repository: ${{ github.repository }} ref: ${{ github.sha }} @@ -189,7 +189,7 @@ jobs: echo "::endgroup::" - name: Check out ML actions repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6.0.2 with: repository: "google-ml-infra/actions" ref: ${{ steps.resolve_refs.outputs.ml_actions_ref }} @@ -247,7 +247,7 @@ jobs: echo "::endgroup::" - name: Upload matrix JSON artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7.0.1 with: name: shard-matrix-${{ steps.gen_job_id.outputs.job_id }} path: ${{ steps.generate.outputs.matrix_json_path }} @@ -275,7 +275,7 @@ jobs: steps: - name: Check out user repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6.0.2 with: repository: ${{ github.repository }} # For A/B mode, use the checkout ref. Otherwise fall back to SHA. @@ -298,7 +298,7 @@ jobs: echo "::endgroup::" - name: Check out ML actions repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6.0.2 with: repository: "google-ml-infra/actions" ref: ${{ needs.generate_matrix.outputs.ml_actions_ref }} @@ -335,7 +335,7 @@ jobs: - name: Upload workload artifacts if: always() # Uploads even if the workload fails - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7.0.1 with: # Format: shard-workload-artifacts-{CONFIG}[-{AB_MODE}]-{JOB_ID}.json name: shard-workload-artifacts-${{ matrix.config_id }}${{ matrix.ab_test_group && format('-{0}', matrix.ab_test_group) || '' }}-${{ needs.generate_matrix.outputs.job_id }} @@ -390,7 +390,7 @@ jobs: echo "::endgroup::" - name: Upload benchmark result - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7.0.1 with: # Format: shard-benchmark-result-{CONFIG}[-{AB_MODE}]-{JOB_ID} name: shard-benchmark-result-${{ matrix.config_id }}${{ matrix.ab_test_group && format('-{0}', matrix.ab_test_group) || '' }}-${{ needs.generate_matrix.outputs.job_id }} @@ -454,7 +454,7 @@ jobs: if: inputs.ab_mode == true && !cancelled() steps: - name: Check out ML actions repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6.0.2 with: repository: "google-ml-infra/actions" ref: ${{ needs.generate_matrix.outputs.ml_actions_ref }} @@ -462,7 +462,7 @@ jobs: persist-credentials: false - name: Download benchmark results - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # ratchet:actions/download-artifact@v8.0.1 with: # Only download artifacts created in this specific job pattern: shard-benchmark-result-*-${{ needs.generate_matrix.outputs.job_id }} @@ -505,7 +505,7 @@ jobs: echo "::endgroup::" - name: Upload A/B report - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7.0.1 with: name: shard-ab-report-${{ needs.generate_matrix.outputs.job_id }} path: ${{ github.workspace }}/ab_report.md @@ -513,7 +513,7 @@ jobs: - name: Post PR comment if: inputs.post_pr_comment == true && github.event_name == 'pull_request' && !cancelled() - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # ratchet:actions/github-script@v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # ratchet:actions/github-script@v9.0.0 with: script: | const scriptPath = require('path').resolve('./ml_actions/benchmarking/post_pr_comment/post_pr_comment.js'); @@ -545,7 +545,7 @@ jobs: steps: - name: Check out ML actions repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6.0.2 with: repository: "google-ml-infra/actions" ref: ${{ needs.generate_matrix.outputs.ml_actions_ref }} @@ -553,7 +553,7 @@ jobs: persist-credentials: false - name: Download all job artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # ratchet:actions/download-artifact@v8.0.1 with: pattern: shard-*-${{ needs.generate_matrix.outputs.job_id }} path: raw_artifacts @@ -583,13 +583,13 @@ jobs: echo "::endgroup::" - name: Upload bundled artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7.0.1 with: name: artifacts-${{ needs.generate_matrix.outputs.job_id }} path: final_artifacts/ - name: Delete temporary artifacts - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # ratchet:geekyeggo/delete-artifact@v5 + uses: geekyeggo/delete-artifact@176a747ab7e287e3ff4787bf8a148716375ca118 # ratchet:geekyeggo/delete-artifact@v6.0.0 with: name: shard-*-${{ needs.generate_matrix.outputs.job_id }} useGlob: true diff --git a/.github/workflows/setup-uv-python-test.yaml b/.github/workflows/setup-uv-python-test.yaml index 88bd179c..0c0677fd 100644 --- a/.github/workflows/setup-uv-python-test.yaml +++ b/.github/workflows/setup-uv-python-test.yaml @@ -95,7 +95,7 @@ jobs: runs-on: ${{ matrix.scenario.runner }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v5 with: persist-credentials: false @@ -170,7 +170,7 @@ jobs: FIRST_PYTHON_VERSION: '3.13' SECOND_PYTHON_VERSION: '3.14' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v5 with: persist-credentials: false diff --git a/.github/workflows/test-ci-buildifier-on-error.yaml b/.github/workflows/test-ci-buildifier-on-error.yaml index 8e0cd290..fe810af3 100644 --- a/.github/workflows/test-ci-buildifier-on-error.yaml +++ b/.github/workflows/test-ci-buildifier-on-error.yaml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/test-ci-buildifier.yaml b/.github/workflows/test-ci-buildifier.yaml index 864f3d22..c7058160 100644 --- a/.github/workflows/test-ci-buildifier.yaml +++ b/.github/workflows/test-ci-buildifier.yaml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/wait-for-connection-no-python.yaml b/.github/workflows/wait-for-connection-no-python.yaml index b98c98bb..d1ccfab3 100644 --- a/.github/workflows/wait-for-connection-no-python.yaml +++ b/.github/workflows/wait-for-connection-no-python.yaml @@ -30,7 +30,7 @@ jobs: container: image: ${{ startsWith(matrix.runner, 'linux') && 'us-central1-docker.pkg.dev/tensorflow-sigs/tensorflow/ml-build@sha256:cec01011e627c0fd101c521a8af7c09ce4557ab6dcc9f8678aeb67a3182ed821' || (startsWith(matrix.runner, 'windows') && null) }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 with: persist-credentials: false - name: Echo diff --git a/.github/workflows/wait-for-connection-on-error-test.yaml b/.github/workflows/wait-for-connection-on-error-test.yaml index 32d225dd..4cad30c9 100644 --- a/.github/workflows/wait-for-connection-on-error-test.yaml +++ b/.github/workflows/wait-for-connection-on-error-test.yaml @@ -24,7 +24,7 @@ jobs: container: image: us-central1-docker.pkg.dev/tensorflow-sigs/tensorflow/ml-build:latest@sha256:ca6fff944073ad89676de696f503c1a758bed96c3ce1a258e1d6e545cad37afb # ratchet:us-central1-docker.pkg.dev/tensorflow-sigs/tensorflow/ml-build:latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 with: persist-credentials: false - name: Fail on purpose diff --git a/.github/workflows/wait-for-connection-test.yaml b/.github/workflows/wait-for-connection-test.yaml index d3d0404c..beb04d27 100644 --- a/.github/workflows/wait-for-connection-test.yaml +++ b/.github/workflows/wait-for-connection-test.yaml @@ -38,7 +38,7 @@ jobs: container: image: ${{ startsWith(matrix.runner, 'linux') && 'us-central1-docker.pkg.dev/tensorflow-sigs/tensorflow/ml-build@sha256:cec01011e627c0fd101c521a8af7c09ce4557ab6dcc9f8678aeb67a3182ed821' || (startsWith(matrix.runner, 'windows') && null) }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 with: persist-credentials: false - name: Echo diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 4e50eafb..d87f8a45 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -14,17 +14,17 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb # v6.1.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 - name: Run zizmor run: uvx zizmor --format=sarif . > results.sarif env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: sarif_file: results.sarif category: zizmor