From 797ad9441979b64c0592f934077dc6a5729f870f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 21:36:51 +0000 Subject: [PATCH] Bump the github-actions group across 1 directory with 10 updates Bumps the github-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3.1.0` | `4.1.7` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3` | `4` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `3` | `4` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `39` | `44` | | [actions/setup-python](https://github.com/actions/setup-python) | `4` | `5` | | [actions/github-script](https://github.com/actions/github-script) | `3` | `7` | | [actions/setup-node](https://github.com/actions/setup-node) | `3` | `4` | | [actions/labeler](https://github.com/actions/labeler) | `4` | `5` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.4.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.2.4` | `3.25.15` | Updates `actions/checkout` from 3.1.0 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...v4.1.7) Updates `actions/upload-artifact` from 3 to 4 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) Updates `actions/download-artifact` from 3 to 4 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) Updates `tj-actions/changed-files` from 39 to 44 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/v39...v44) Updates `actions/setup-python` from 4 to 5 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) Updates `actions/github-script` from 3 to 7 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v3...v7) Updates `actions/setup-node` from 3 to 4 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3...v4) Updates `actions/labeler` from 4 to 5 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/v4...v5) Updates `ossf/scorecard-action` from 2.3.1 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) Updates `github/codeql-action` from 2.2.4 to 3.25.15 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/17573ee1cc1b9d061760f3a006fc4aac4f944fd5...afb54ba388a7dca6ecae48f608c4ff05ff4cc77a) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build-ci-container.yml | 4 +-- .github/workflows/docs.yml | 8 +++--- .github/workflows/email-check.yaml | 4 +-- .github/workflows/issue-release-workflow.yml | 2 +- .github/workflows/issue-subscriber.yml | 2 +- .github/workflows/issue-write.yml | 4 +-- .github/workflows/libclang-abi-tests.yml | 10 +++---- .github/workflows/libcxx-build-and-test.yaml | 14 +++++----- .../libcxx-check-generated-files.yml | 2 +- .github/workflows/llvm-bugs.yml | 4 +-- .github/workflows/llvm-project-tests.yml | 4 +-- .github/workflows/llvm-tests.yml | 14 +++++----- .github/workflows/merged-prs.yml | 2 +- .github/workflows/new-prs.yml | 4 +-- .github/workflows/pr-code-format.yml | 10 +++---- .github/workflows/pr-subscriber.yml | 2 +- .github/workflows/release-binaries.yml | 26 +++++++++---------- .github/workflows/release-documentation.yml | 8 +++--- .github/workflows/release-doxygen.yml | 4 +-- .github/workflows/release-lit.yml | 2 +- .github/workflows/release-tasks.yml | 2 +- .github/workflows/scorecard.yml | 8 +++--- .github/workflows/version-check.yml | 2 +- 23 files changed, 71 insertions(+), 71 deletions(-) diff --git a/.github/workflows/build-ci-container.yml b/.github/workflows/build-ci-container.yml index 28fc7de2ee06..7ca5bd79b339 100644 --- a/.github/workflows/build-ci-container.yml +++ b/.github/workflows/build-ci-container.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout LLVM - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: sparse-checkout: .github/workflows/containers/github-action-ci/ - name: Change podman Root Direcotry @@ -65,7 +65,7 @@ jobs: echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT - name: Checkout LLVM - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: sparse-checkout: .github/workflows/containers/github-action-ci/ diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index d62485e2ebb6..6bc4d213c809 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -60,12 +60,12 @@ jobs: # a local checkout beforehand. - name: Fetch LLVM sources (Push) if: ${{ github.event_name == 'push' }} - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: fetch-depth: 1 - name: Get subprojects that have doc changes id: docs-changed-subprojects - uses: tj-actions/changed-files@v39 + uses: tj-actions/changed-files@v44 with: files_yaml: | llvm: @@ -96,11 +96,11 @@ jobs: - 'flang/include/flang/Optimizer/Dialect/FIROps.td' - name: Fetch LLVM sources (PR) if: ${{ github.event_name == 'pull_request' }} - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: fetch-depth: 1 - name: Setup Python env - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index 8f32d020975f..16dc1029c370 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: ref: ${{ github.event.pull_request.head.sha }} @@ -38,7 +38,7 @@ jobs: [{"body" : "$COMMENT"}] EOF - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 if: always() with: name: workflow-args diff --git a/.github/workflows/issue-release-workflow.yml b/.github/workflows/issue-release-workflow.yml index eb88ec6e43c5..9889bcfdf59d 100644 --- a/.github/workflows/issue-release-workflow.yml +++ b/.github/workflows/issue-release-workflow.yml @@ -42,7 +42,7 @@ jobs: contains(github.event.action == 'opened' && github.event.issue.body || github.event.comment.body, '/cherry-pick') steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: repository: llvm/llvm-project # GitHub stores the token used for checkout and uses it for pushes diff --git a/.github/workflows/issue-subscriber.yml b/.github/workflows/issue-subscriber.yml index ef6cd0674e80..d71dbffdb3cd 100644 --- a/.github/workflows/issue-subscriber.yml +++ b/.github/workflows/issue-subscriber.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Checkout Automation Script - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: sparse-checkout: llvm/utils/git/ ref: main diff --git a/.github/workflows/issue-write.yml b/.github/workflows/issue-write.yml index e003be006c4e..7c8241b41ee0 100644 --- a/.github/workflows/issue-write.yml +++ b/.github/workflows/issue-write.yml @@ -20,14 +20,14 @@ jobs: github.event.workflow_run.event == 'pull_request' steps: - name: 'Download artifact' - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: github-token: ${{ secrets.ISSUE_WRITE_DOWNLOAD_ARTIFACT }} run-id: ${{ github.event.workflow_run.id }} name: workflow-args - name: 'Comment on PR' - uses: actions/github-script@v3 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/libclang-abi-tests.yml b/.github/workflows/libclang-abi-tests.yml index ccfc1e5fb8a7..d32ae125dd8d 100644 --- a/.github/workflows/libclang-abi-tests.yml +++ b/.github/workflows/libclang-abi-tests.yml @@ -39,7 +39,7 @@ jobs: LLVM_VERSION_PATCH: ${{ steps.version.outputs.LLVM_VERSION_PATCH }} steps: - name: Checkout source - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: fetch-depth: 250 @@ -131,7 +131,7 @@ jobs: sed -i 's/LLVM_[0-9]\+/LLVM_NOVERSION/' $lib-${{ matrix.ref }}.abi done - name: Upload ABI file - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.name }} path: '*${{ matrix.ref }}.abi' @@ -144,12 +144,12 @@ jobs: - abi-dump steps: - name: Download baseline - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: build-baseline path: build-baseline - name: Download latest - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: build-latest path: build-latest @@ -163,7 +163,7 @@ jobs: done - name: Upload ABI Comparison if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: compat-report-${{ github.sha }} path: compat_reports/ diff --git a/.github/workflows/libcxx-build-and-test.yaml b/.github/workflows/libcxx-build-and-test.yaml index 44a3d79c72c0..f36e30c755c2 100644 --- a/.github/workflows/libcxx-build-and-test.yaml +++ b/.github/workflows/libcxx-build-and-test.yaml @@ -66,13 +66,13 @@ jobs: cc: 'gcc-13' cxx: 'g++-13' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.7 - name: ${{ matrix.config }}.${{ matrix.cxx }} run: libcxx/utils/ci/run-buildbot ${{ matrix.config }} env: CC: ${{ matrix.cc }} CXX: ${{ matrix.cxx }} - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 if: always() with: name: ${{ matrix.config }}-${{ matrix.cxx }}-results @@ -110,13 +110,13 @@ jobs: cc: 'clang-18' cxx: 'clang++-18' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.7 - name: ${{ matrix.config }} run: libcxx/utils/ci/run-buildbot ${{ matrix.config }} env: CC: ${{ matrix.cc }} CXX: ${{ matrix.cxx }} - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 if: always() # Upload artifacts even if the build or test suite fails with: name: ${{ matrix.config }}-${{ matrix.cxx }}-results @@ -174,13 +174,13 @@ jobs: machine: libcxx-runners-8-set runs-on: ${{ matrix.machine }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.7 - name: ${{ matrix.config }} run: libcxx/utils/ci/run-buildbot ${{ matrix.config }} env: CC: clang-19 CXX: clang++-19 - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 if: always() with: name: ${{ matrix.config }}-results @@ -206,7 +206,7 @@ jobs: - { config: mingw-static, mingw: true } - { config: mingw-dll-i686, mingw: true } steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.7 - name: Install dependencies run: | choco install -y ninja wget diff --git a/.github/workflows/libcxx-check-generated-files.yml b/.github/workflows/libcxx-check-generated-files.yml index 570055624b2a..525261981201 100644 --- a/.github/workflows/libcxx-check-generated-files.yml +++ b/.github/workflows/libcxx-check-generated-files.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 - name: Install dependencies uses: aminya/setup-cpp@v1 diff --git a/.github/workflows/llvm-bugs.yml b/.github/workflows/llvm-bugs.yml index f592dd6ccd90..4797eea4e3d3 100644 --- a/.github/workflows/llvm-bugs.yml +++ b/.github/workflows/llvm-bugs.yml @@ -14,13 +14,13 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'llvm/llvm-project' steps: - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 18 check-latest: true - run: npm install mailgun.js form-data - name: Send notification - uses: actions/github-script@v6 + uses: actions/github-script@v7 env: MAILGUN_API_KEY: ${{ secrets.LLVM_BUGS_KEY }} with: diff --git a/.github/workflows/llvm-project-tests.yml b/.github/workflows/llvm-project-tests.yml index a52dd2db8035..4c0112336fc2 100644 --- a/.github/workflows/llvm-project-tests.yml +++ b/.github/workflows/llvm-project-tests.yml @@ -77,7 +77,7 @@ jobs: # lldb. Using this setup-python action to make 3.10 the default # python fixes this. - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ inputs.python_version }} - name: Install Ninja @@ -86,7 +86,7 @@ jobs: # actions/checkout deletes any existing files in the new git directory, # so this needs to either run before ccache-action or it has to use # clean: false. - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.7 with: fetch-depth: 250 - name: Setup ccache diff --git a/.github/workflows/llvm-tests.yml b/.github/workflows/llvm-tests.yml index 64d60bc3da45..8c504626ffb7 100644 --- a/.github/workflows/llvm-tests.yml +++ b/.github/workflows/llvm-tests.yml @@ -48,7 +48,7 @@ jobs: LLVM_VERSION_PATCH: ${{ steps.version.outputs.LLVM_VERSION_PATCH }} steps: - name: Checkout source - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: fetch-depth: 250 @@ -137,14 +137,14 @@ jobs: # Remove symbol versioning from dumps, so we can compare across major versions. sed -i 's/LLVM_${{ matrix.llvm_version_major }}/LLVM_NOVERSION/' ${{ matrix.ref }}.abi - name: Upload ABI file - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.name }} path: ${{ matrix.ref }}.abi - name: Upload symbol list file if: matrix.name == 'build-baseline' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: symbol-list path: llvm.symbols @@ -157,17 +157,17 @@ jobs: - abi-dump steps: - name: Download baseline - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: build-baseline path: build-baseline - name: Download latest - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: build-latest path: build-latest - name: Download symbol list - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: symbol-list path: symbol-list @@ -186,7 +186,7 @@ jobs: abi-compliance-checker $EXTRA_ARGS -l libLLVM.so -old build-baseline/*.abi -new build-latest/*.abi || test "${{ needs.abi-dump-setup.outputs.ABI_HEADERS }}" = "llvm-c" - name: Upload ABI Comparison if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: compat-report-${{ github.sha }} path: compat_reports/ diff --git a/.github/workflows/merged-prs.yml b/.github/workflows/merged-prs.yml index 37fc6c67f000..dfafc55c1899 100644 --- a/.github/workflows/merged-prs.yml +++ b/.github/workflows/merged-prs.yml @@ -21,7 +21,7 @@ jobs: (github.event.pull_request.merged == true) steps: - name: Checkout Automation Script - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: sparse-checkout: llvm/utils/git/ ref: main diff --git a/.github/workflows/new-prs.yml b/.github/workflows/new-prs.yml index a60f82ce35d1..31672a87e5b4 100644 --- a/.github/workflows/new-prs.yml +++ b/.github/workflows/new-prs.yml @@ -35,7 +35,7 @@ jobs: (github.event.pull_request.author_association != 'OWNER') steps: - name: Checkout Automation Script - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: sparse-checkout: llvm/utils/git/ ref: main @@ -67,7 +67,7 @@ jobs: github.event.pull_request.draft == false && github.event.pull_request.commits < 10 steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@v5 with: configuration-path: .github/new-prs-labeler.yml # workaround for https://github.com/actions/labeler/issues/112 diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index 983838858ba4..f72703b965bd 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: ref: ${{ github.event.pull_request.head.sha }} @@ -27,7 +27,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v39 + uses: tj-actions/changed-files@v44 with: separator: "," skip_initial_fetch: true @@ -35,7 +35,7 @@ jobs: # We need to pull the script from the main branch, so that we ensure # we get the latest version of this script. - name: Fetch code formatting utils - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: repository: ${{ github.repository }} ref: ${{ github.base_ref }} @@ -58,7 +58,7 @@ jobs: clangformat: 18.1.1 - name: Setup Python env - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.11' cache: 'pip' @@ -88,7 +88,7 @@ jobs: --end-rev $END_REV \ --changed-files "$CHANGED_FILES" - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 if: always() with: name: workflow-args diff --git a/.github/workflows/pr-subscriber.yml b/.github/workflows/pr-subscriber.yml index 3952493bb698..97e5c3a1cfc4 100644 --- a/.github/workflows/pr-subscriber.yml +++ b/.github/workflows/pr-subscriber.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Checkout Automation Script - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: sparse-checkout: llvm/utils/git/ ref: main diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index 02082a84d8c1..6697cd7a3b4a 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.1 - name: Install Dependencies run: | @@ -89,7 +89,7 @@ jobs: if: github.repository == 'llvm/llvm-project' steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.1 with: ref: ${{ needs.prepare.outputs.ref }} @@ -117,14 +117,14 @@ jobs: tar -C /mnt/ -c build/ | zstd -T0 -c > build.tar.zst - name: Upload Stage 1 Source - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 with: name: stage1-source path: llvm-project.tar.zst retention-days: 2 - name: Upload Stage 1 Build Dir - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 with: name: stage1-build path: build.tar.zst @@ -142,7 +142,7 @@ jobs: uses: llvm/actions/install-ninja@22e9f909d35b50bd1181709564bfe816eaeaae81 # main - name: Download Stage 1 Artifacts - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: stage1-* merge-multiple: true @@ -167,14 +167,14 @@ jobs: tar -C /mnt/ -c build/ | zstd -T0 -c > build.tar.zst - name: Upload Stage 2 Source - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 with: name: stage2-source path: ${{ github.workspace }}/llvm-project.tar.zst retention-days: 2 - name: Upload Stage 2 Build Dir - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 with: name: stage2-build path: ${{ github.workspace }}/build.tar.zst @@ -195,7 +195,7 @@ jobs: uses: llvm/actions/install-ninja@22e9f909d35b50bd1181709564bfe816eaeaae81 # main - name: 'Download artifact' - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: stage2-* merge-multiple: true @@ -218,7 +218,7 @@ jobs: echo "filename=$filename" >> $GITHUB_OUTPUT echo "path=/mnt/build/tools/clang/stage2-bins/$filename" >> $GITHUB_OUTPUT - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 if: always() with: name: release-binary @@ -237,14 +237,14 @@ jobs: tar -C /mnt/ -c build/ | zstd -T0 -c > build.tar.zst - name: Upload Stage 3 Source - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 with: name: stage3-source path: llvm-project.tar.zst retention-days: 2 - name: Upload Stage 3 Build Dir - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #v4.3.4 with: name: stage3-build path: build.tar.zst @@ -262,7 +262,7 @@ jobs: steps: - name: 'Download artifact' - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: release-binary @@ -288,7 +288,7 @@ jobs: uses: llvm/actions/install-ninja@22e9f909d35b50bd1181709564bfe816eaeaae81 # main - name: 'Download artifact' - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: stage3-* merge-multiple: true diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml index 64572906988b..ade7adab8c52 100644 --- a/.github/workflows/release-documentation.yml +++ b/.github/workflows/release-documentation.yml @@ -34,10 +34,10 @@ jobs: upload: ${{ inputs.upload && !contains(inputs.release-version, 'rc') }} steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.1 - name: Setup Python env - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: cache: 'pip' cache-dependency-path: './llvm/docs/requirements.txt' @@ -59,14 +59,14 @@ jobs: ./llvm/utils/release/build-docs.sh -release "${{ inputs.release-version }}" -no-doxygen - name: Create Release Notes Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: release-notes path: docs-build/html-export/ - name: Clone www-releases if: env.upload - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.1 with: repository: ${{ github.repository_owner }}/www-releases ref: main diff --git a/.github/workflows/release-doxygen.yml b/.github/workflows/release-doxygen.yml index 12c14bea52f6..b7a107e849e8 100644 --- a/.github/workflows/release-doxygen.yml +++ b/.github/workflows/release-doxygen.yml @@ -36,10 +36,10 @@ jobs: upload: ${{ inputs.upload && !contains(inputs.release-version, 'rc') }} steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.1 - name: Setup Python env - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: cache: 'pip' cache-dependency-path: './llvm/docs/requirements.txt' diff --git a/.github/workflows/release-lit.yml b/.github/workflows/release-lit.yml index 0316ba406041..03d29e5ab8c2 100644 --- a/.github/workflows/release-lit.yml +++ b/.github/workflows/release-lit.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.1 with: ref: "llvmorg-${{ inputs.release-version }}" diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml index 29049ff01428..a93567d4a297 100644 --- a/.github/workflows/release-tasks.yml +++ b/.github/workflows/release-tasks.yml @@ -38,7 +38,7 @@ jobs: sudo apt-get install python3-github - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.1 - name: Create Release env: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ff61cf83a6af..506d5e2f142f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,12 +31,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v3.1.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml index c6d779080bbe..87aa561fe5da 100644 --- a/.github/workflows/version-check.yml +++ b/.github/workflows/version-check.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Fetch LLVM sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: fetch-depth: 0