Update and pin dependencies (#18454)
Pins (and updates some) dependencies as suggested by OpenSSF Scorecard,
see
https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies.
diff --git a/.github/workflows/build_package.yml b/.github/workflows/build_package.yml
index 2a793d7..e7b9079 100644
--- a/.github/workflows/build_package.yml
+++ b/.github/workflows/build_package.yml
@@ -105,7 +105,7 @@
MANYLINUX_AARCH64_IMAGE: quay.io/pypa/manylinux_2_28_aarch64
steps:
- - uses: actions/checkout@v4.1.7
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
path: "c" # Windows can hit path length limits, so use a short path.
submodules: true
@@ -121,7 +121,7 @@
run: ./c/build_tools/python_deploy/install_windows_deps.ps1
- name: "Configure MSVC (Windows)"
if: "matrix.build-family == 'windows'"
- uses: ilammy/msvc-dev-cmd@v1.13.0
+ uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
##########################################################################
# Write version_info.json
@@ -285,7 +285,7 @@
"${MANYLINUX_X86_64_IMAGE}" \
bash -c 'export PATH=/opt/python/cp39-cp39/bin:$PATH; python ./c/build_tools/github_actions/build_dist.py py-tf-compiler-tools-pkg'
- - uses: actions/upload-artifact@v4.3.3
+ - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: wheels-${{ matrix.build-family }}-${{ matrix.build-package }}
# We upload all wheels (which includes deps so that subsequent
@@ -312,7 +312,7 @@
runs-on: ubuntu-20.04
steps:
- name: "Invoke workflow :: Validate and Publish Release"
- uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2.2
+ uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4
with:
workflow: Validate and Publish Release
token: ${{ secrets.WRITE_ACCESS_TOKEN }}
diff --git a/.github/workflows/bump_torch_mlir.yml b/.github/workflows/bump_torch_mlir.yml
index d039ed9..efb47b8 100644
--- a/.github/workflows/bump_torch_mlir.yml
+++ b/.github/workflows/bump_torch_mlir.yml
@@ -31,7 +31,7 @@
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
@@ -61,7 +61,7 @@
echo "TORCH_MLIR_COMMIT=$TORCH_MLIR_COMMIT" >> $GITHUB_OUTPUT
- name: Create Pull Request
- uses: peter-evans/create-pull-request@v6.0.5
+ uses: peter-evans/create-pull-request@8867c4aba1b742c39f8d0ba35429c2dfa4b6cb20 # v7.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
base: main
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ab1868f..31cd87f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -67,7 +67,7 @@
- os-family=Linux
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: "Building and testing with Bazel"
@@ -107,8 +107,8 @@
env:
BUILD_DIR: build-runtime
steps:
- - uses: actions/checkout@v4.1.7
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
python-version: "3.11"
@@ -121,7 +121,7 @@
echo "CXX=clang++" >> $GITHUB_ENV
- name: (Windows) Configure MSVC
if: contains(matrix.name, 'windows')
- uses: ilammy/msvc-dev-cmd@v1.13.0
+ uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
- name: (macOS) Install requirements
if: contains(matrix.name, 'macos')
run: brew install ninja ccache coreutils bash
@@ -131,7 +131,7 @@
- name: Install Python requirements
run: pip install -r ./runtime/bindings/python/iree/runtime/build_requirements.txt
- name: ccache
- uses: hendrikmuhs/ccache-action@v1.2
+ uses: hendrikmuhs/ccache-action@ed74d11c0b343532753ecead8a951bb09bb34bc9 # v1.2.14
with:
key: ${{ github.job }}-${{ matrix.name }}
save: ${{ needs.setup.outputs.write-caches == 1 }}
@@ -163,13 +163,13 @@
CC: clang
CXX: clang++
steps:
- - uses: actions/checkout@v4.1.7
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install requirements
run: sudo apt update && sudo apt install -y ninja-build
- name: Checkout runtime submodules
run: bash ./build_tools/scripts/git/update_runtime_submodules.sh
- name: ccache
- uses: hendrikmuhs/ccache-action@v1.2
+ uses: hendrikmuhs/ccache-action@ed74d11c0b343532753ecead8a951bb09bb34bc9 # v1.2.14
with:
key: ${{ github.job }}
save: ${{ needs.setup.outputs.write-caches == 1 }}
@@ -206,13 +206,13 @@
CXX: clang++
TRACING_PROVIDER: ${{ matrix.provider }}
steps:
- - uses: actions/checkout@v4.1.7
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install requirements
run: sudo apt update && sudo apt install -y ninja-build
- name: Checkout runtime submodules
run: bash ./build_tools/scripts/git/update_runtime_submodules.sh
- name: ccache
- uses: hendrikmuhs/ccache-action@v1.2
+ uses: hendrikmuhs/ccache-action@ed74d11c0b343532753ecead8a951bb09bb34bc9 # v1.2.14
with:
key: ${{ github.job }}-${{ matrix.provider }}
save: ${{ needs.setup.outputs.write-caches == 1 }}
@@ -283,7 +283,7 @@
# IREE_WRITE_REMOTE_CCACHE: ${{ needs.setup.outputs.write-caches }}
# steps:
# - name: "Checking out repository"
- # uses: actions/checkout@v4.1.7
+ # uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# - name: "Checking out runtime submodules"
# run: ./build_tools/scripts/git/update_runtime_submodules.sh
# - name: "Downloading install dir archive"
@@ -341,7 +341,7 @@
# - cross_compile_and_test
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Getting failed jobs
id: failed_jobs
run: |
@@ -356,7 +356,7 @@
exit 1
fi
- name: Posting to Discord
- uses: sarisia/actions-status-discord@v1.14.3
+ uses: sarisia/actions-status-discord@ce8cc68e4e626000136b3c702d049a154243e490 # v1.14.7
if: failure() && github.ref_name == 'main'
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}
diff --git a/.github/workflows/ci_linux_arm64_clang.yml b/.github/workflows/ci_linux_arm64_clang.yml
index ea0e41e..5539a2c 100644
--- a/.github/workflows/ci_linux_arm64_clang.yml
+++ b/.github/workflows/ci_linux_arm64_clang.yml
@@ -38,7 +38,7 @@
BUILD_DIR: build-arm64
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: "Building IREE"
diff --git a/.github/workflows/ci_linux_x64_clang.yml b/.github/workflows/ci_linux_x64_clang.yml
index 387ef64..27fcbac 100644
--- a/.github/workflows/ci_linux_x64_clang.yml
+++ b/.github/workflows/ci_linux_x64_clang.yml
@@ -38,7 +38,7 @@
BUILD_DIR: full-build-dir
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: "Building IREE"
diff --git a/.github/workflows/ci_linux_x64_clang_asan.yml b/.github/workflows/ci_linux_x64_clang_asan.yml
index d3d291a..b16818d 100644
--- a/.github/workflows/ci_linux_x64_clang_asan.yml
+++ b/.github/workflows/ci_linux_x64_clang_asan.yml
@@ -36,7 +36,7 @@
- os-family=Linux
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: "Building and testing with ASan"
diff --git a/.github/workflows/ci_linux_x64_clang_byollvm.yml b/.github/workflows/ci_linux_x64_clang_byollvm.yml
index 48cda80..11c4131 100644
--- a/.github/workflows/ci_linux_x64_clang_byollvm.yml
+++ b/.github/workflows/ci_linux_x64_clang_byollvm.yml
@@ -34,7 +34,7 @@
shell: bash
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: "Building and testing with bring-your-own-LLVM"
diff --git a/.github/workflows/ci_linux_x64_clang_debug.yml b/.github/workflows/ci_linux_x64_clang_debug.yml
index 0e55b8f..64b04ad 100644
--- a/.github/workflows/ci_linux_x64_clang_debug.yml
+++ b/.github/workflows/ci_linux_x64_clang_debug.yml
@@ -47,7 +47,7 @@
BUILD_DIR: build-debug
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: Install Python requirements
diff --git a/.github/workflows/ci_linux_x64_clang_tsan.yml b/.github/workflows/ci_linux_x64_clang_tsan.yml
index 755dd2a..bd3c6ab 100644
--- a/.github/workflows/ci_linux_x64_clang_tsan.yml
+++ b/.github/workflows/ci_linux_x64_clang_tsan.yml
@@ -39,7 +39,7 @@
- os-family=Linux
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: "Building and testing with TSan"
diff --git a/.github/workflows/ci_linux_x64_gcc.yml b/.github/workflows/ci_linux_x64_gcc.yml
index d884ae3..0256913 100644
--- a/.github/workflows/ci_linux_x64_gcc.yml
+++ b/.github/workflows/ci_linux_x64_gcc.yml
@@ -36,7 +36,7 @@
BUILD_DIR: build-gcc
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: "Building IREE with gcc"
diff --git a/.github/workflows/ci_macos_x64_clang.yml b/.github/workflows/ci_macos_x64_clang.yml
index c93606f..f302234 100644
--- a/.github/workflows/ci_macos_x64_clang.yml
+++ b/.github/workflows/ci_macos_x64_clang.yml
@@ -30,7 +30,7 @@
shell: bash
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: "Updating git submodules"
run: git submodule update --init --jobs 8 --depth 1
# There may be multiple versions of Xcode and SDKs installed.
@@ -41,7 +41,7 @@
xcrun metal --version
xcrun metallib --version
- name: "Setting up Python"
- uses: actions/setup-python@v5.1.0
+ uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
python-version: "3.10"
cache: "pip"
diff --git a/.github/workflows/ci_windows_x64_msvc.yml b/.github/workflows/ci_windows_x64_msvc.yml
index b7fa3eb..622c6b5 100644
--- a/.github/workflows/ci_windows_x64_msvc.yml
+++ b/.github/workflows/ci_windows_x64_msvc.yml
@@ -30,11 +30,11 @@
BUILD_DIR: build-windows
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: "Setting up Python"
- uses: actions/setup-python@v5.1.0
+ uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
python-version: "3.10" # Needs pybind >= 2.10.1 for Python >= 3.11
- name: "Installing Python packages"
@@ -45,7 +45,7 @@
- name: "Installing requirements"
run: choco install ccache --yes
- name: "Configuring MSVC"
- uses: ilammy/msvc-dev-cmd@v1.13.0
+ uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
- name: "Building IREE"
run: ./build_tools/cmake/build_all.sh "${BUILD_DIR}"
- name: "Testing IREE"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index b3501e0..c199d36 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -16,8 +16,8 @@
runs-on: ubuntu-20.04
steps:
- name: Checking out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setting up python
- uses: actions/setup-python@v5.1.0
+ uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
- name: Running pre-commit
- uses: pre-commit/action@v3.0.1
+ uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
diff --git a/.github/workflows/oneshot_candidate_release.yml b/.github/workflows/oneshot_candidate_release.yml
index 3629ab9..595ba72 100644
--- a/.github/workflows/oneshot_candidate_release.yml
+++ b/.github/workflows/oneshot_candidate_release.yml
@@ -9,7 +9,7 @@
runs-on: ubuntu-20.04
steps:
- name: Checking out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ secrets.WRITE_ACCESS_TOKEN }}
@@ -26,7 +26,7 @@
git tag "${tag_name}"
- name: Pushing changes
- uses: ad-m/github-push-action@v0.8.0
+ uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0
with:
github_token: ${{ secrets.WRITE_ACCESS_TOKEN }}
branch: ${{ github.ref_name }}
@@ -46,7 +46,7 @@
prerelease: true
- name: "Invoke workflow :: Build Release Packages"
- uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2.2
+ uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4
with:
workflow: Build Release Packages
token: ${{ secrets.WRITE_ACCESS_TOKEN }}
diff --git a/.github/workflows/pkgci_build_packages.yml b/.github/workflows/pkgci_build_packages.yml
index 4172e8d..366716c 100644
--- a/.github/workflows/pkgci_build_packages.yml
+++ b/.github/workflows/pkgci_build_packages.yml
@@ -32,7 +32,7 @@
run: |
docker pull "$MANYLINUX_DOCKER_IMAGE" &
- name: Checking out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: Write version info
@@ -71,7 +71,7 @@
# permissions. Take them back.
sudo chown -R "$(whoami)" "${cache_dir}"
- name: Upload wheel artifacts
- uses: actions/upload-artifact@v4.3.3
+ uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: linux_x86_64_release_packages
path: |
@@ -97,7 +97,7 @@
# run: |
# docker pull "$MANYLINUX_DOCKER_IMAGE" &
# - name: "Checking out repository"
-# uses: actions/checkout@v4.1.7
+# uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# with:
# submodules: true
# - name: Write version info
@@ -136,7 +136,7 @@
# # permissions. Take them back.
# sudo chown -R "$(whoami)" "${cache_dir}"
# - name: Upload wheel artifacts
-# uses: actions/upload-artifact@v4.3.3
+# uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
# with:
# name: linux_x86_64_release_asserts_packages
# path: |
diff --git a/.github/workflows/pkgci_regression_test.yml b/.github/workflows/pkgci_regression_test.yml
index 1ef6958..446c7dc 100644
--- a/.github/workflows/pkgci_regression_test.yml
+++ b/.github/workflows/pkgci_regression_test.yml
@@ -63,14 +63,14 @@
VENV_DIR: ${{ github.workspace }}/venv
steps:
- name: Checking out IREE repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
@@ -82,7 +82,7 @@
# Out of tree tests
- name: Check out external TestSuite repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: nod-ai/SHARK-TestSuite
ref: f5615ab29da491c0047146258dfa3a0c40c735e5
@@ -152,14 +152,14 @@
TEST_OUTPUT_ARTIFACTS: ${{ github.workspace }}/model_output_artifacts
steps:
- name: Checking out IREE repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
diff --git a/.github/workflows/pkgci_test_amd_mi250.yml b/.github/workflows/pkgci_test_amd_mi250.yml
index 903b93d..623bb47 100644
--- a/.github/workflows/pkgci_test_amd_mi250.yml
+++ b/.github/workflows/pkgci_test_amd_mi250.yml
@@ -33,16 +33,16 @@
IREE_HIP_TEST_TARGET_CHIP: "gfx90a"
steps:
- name: Check out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- name: Check out runtime submodules
run: ./build_tools/scripts/git/update_runtime_submodules.sh
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
diff --git a/.github/workflows/pkgci_test_amd_mi300.yml b/.github/workflows/pkgci_test_amd_mi300.yml
index 495c19b..1c6ad99 100644
--- a/.github/workflows/pkgci_test_amd_mi300.yml
+++ b/.github/workflows/pkgci_test_amd_mi300.yml
@@ -33,16 +33,16 @@
IREE_HIP_TEST_TARGET_CHIP: "gfx942"
steps:
- name: Check out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- name: Check out runtime submodules
run: ./build_tools/scripts/git/update_runtime_submodules.sh
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
diff --git a/.github/workflows/pkgci_test_amd_w7900.yml b/.github/workflows/pkgci_test_amd_w7900.yml
index a2cb109..d73617e 100644
--- a/.github/workflows/pkgci_test_amd_w7900.yml
+++ b/.github/workflows/pkgci_test_amd_w7900.yml
@@ -31,16 +31,16 @@
IREE_HIP_TEST_TARGET_CHIP: "gfx1100"
steps:
- name: Check out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- name: Check out runtime submodules
run: ./build_tools/scripts/git/update_runtime_submodules.sh
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
diff --git a/.github/workflows/pkgci_test_android.yml b/.github/workflows/pkgci_test_android.yml
index 7236e05..c0ca0d1 100644
--- a/.github/workflows/pkgci_test_android.yml
+++ b/.github/workflows/pkgci_test_android.yml
@@ -42,19 +42,19 @@
steps:
# General setup.
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: "Checking out runtime submodules"
run: ./build_tools/scripts/git/update_runtime_submodules.sh
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- name: ccache
- uses: hendrikmuhs/ccache-action@v1.2
+ uses: hendrikmuhs/ccache-action@ed74d11c0b343532753ecead8a951bb09bb34bc9 # v1.2.14
with:
key: ${{ github.job }}
save: ${{ inputs.write-caches == 1 }}
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
@@ -66,7 +66,7 @@
- name: Install build dependencies
run: sudo apt update && sudo apt install -y ninja-build
- - uses: nttld/setup-ndk@v1
+ - uses: nttld/setup-ndk@afb4c9964b521afb97c864b7d40b11e6911bd410 # v1.5.0
with:
ndk-version: r25b
- name: Build for Android
diff --git a/.github/workflows/pkgci_test_nvidia_t4.yml b/.github/workflows/pkgci_test_nvidia_t4.yml
index 9fd4245..f8cbf0f 100644
--- a/.github/workflows/pkgci_test_nvidia_t4.yml
+++ b/.github/workflows/pkgci_test_nvidia_t4.yml
@@ -37,7 +37,7 @@
IREE_HIP_ENABLE: 0
steps:
- name: Check out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- name: Check out runtime submodules
@@ -46,11 +46,11 @@
run: |
./build_tools/scripts/check_cuda.sh
./build_tools/scripts/check_vulkan.sh
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
diff --git a/.github/workflows/pkgci_test_onnx.yml b/.github/workflows/pkgci_test_onnx.yml
index 5f2191c..46b0085 100644
--- a/.github/workflows/pkgci_test_onnx.yml
+++ b/.github/workflows/pkgci_test_onnx.yml
@@ -68,14 +68,14 @@
VENV_DIR: ${{ github.workspace }}/venv
steps:
- name: Checking out IREE repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
@@ -86,7 +86,7 @@
--fetch-gh-workflow=${{ inputs.artifact_run_id }}
- name: Checkout test suites repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: iree-org/iree-test-suites
ref: 9e921d0ea271a85f772eee22965585461c9b14c2
@@ -115,7 +115,7 @@
cat ${CONFIG_FILE_PATH}
- name: "Uploading new config file"
if: failure()
- uses: actions/upload-artifact@v4.3.3
+ uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: ${{ matrix.config-file }}
path: ${{ env.CONFIG_FILE_PATH }}
diff --git a/.github/workflows/pkgci_test_riscv64.yml b/.github/workflows/pkgci_test_riscv64.yml
index 82dd6f7..f852e4f 100644
--- a/.github/workflows/pkgci_test_riscv64.yml
+++ b/.github/workflows/pkgci_test_riscv64.yml
@@ -44,19 +44,19 @@
steps:
# General setup.
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: "Checking out runtime submodules"
run: ./build_tools/scripts/git/update_runtime_submodules.sh
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- name: ccache
- uses: hendrikmuhs/ccache-action@v1.2
+ uses: hendrikmuhs/ccache-action@ed74d11c0b343532753ecead8a951bb09bb34bc9 # v1.2.14
with:
key: ${{ github.job }}
save: ${{ inputs.write-caches == 1 }}
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
diff --git a/.github/workflows/pkgci_test_tensorflow.yml b/.github/workflows/pkgci_test_tensorflow.yml
index 3f9cfcd..087be80 100644
--- a/.github/workflows/pkgci_test_tensorflow.yml
+++ b/.github/workflows/pkgci_test_tensorflow.yml
@@ -27,14 +27,14 @@
IREE_VMVX_DISABLE: 0
steps:
- name: Checking out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
diff --git a/.github/workflows/pkgci_unit_test.yml b/.github/workflows/pkgci_unit_test.yml
index 5ec0264..7825f3b 100644
--- a/.github/workflows/pkgci_unit_test.yml
+++ b/.github/workflows/pkgci_unit_test.yml
@@ -26,14 +26,14 @@
VENV_DIR: ${{ github.workspace }}/.venv
steps:
- name: Checking out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: false
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
# Must match the subset of versions built in pkgci_build_packages.
python-version: "3.11"
- - uses: actions/download-artifact@v4.1.7
+ - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: linux_x86_64_release_packages
path: ${{ env.PACKAGE_DOWNLOAD_DIR }}
diff --git a/.github/workflows/publish_website.yml b/.github/workflows/publish_website.yml
index 86b71e5..6b185b0 100644
--- a/.github/workflows/publish_website.yml
+++ b/.github/workflows/publish_website.yml
@@ -35,7 +35,7 @@
CXX: clang++
steps:
- name: Checkout out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
token: ${{ secrets.WRITE_ACCESS_TOKEN }}
@@ -43,7 +43,7 @@
# We have to explicitly fetch the gh-pages branch as well to preserve history
run: git fetch --no-tags --prune --depth=1 origin "gh-pages:gh-pages"
- name: Setting up Python
- uses: actions/setup-python@v5.1.0
+ uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
python-version: 3.x
cache: "pip"
@@ -59,7 +59,7 @@
--repo="${GITHUB_REPOSITORY}" \
--output=docs/website/docs/pip-release-links.html
- name: ccache
- uses: hendrikmuhs/ccache-action@v1.2
+ uses: hendrikmuhs/ccache-action@ed74d11c0b343532753ecead8a951bb09bb34bc9 # v1.2.14
with:
key: ${{ github.job }}
- name: Building documentation files
diff --git a/.github/workflows/samples.yml b/.github/workflows/samples.yml
index 7cb87e2..cd1263e 100644
--- a/.github/workflows/samples.yml
+++ b/.github/workflows/samples.yml
@@ -31,9 +31,9 @@
runs-on: ubuntu-20.04
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: "Setting up Python"
- uses: actions/setup-python@v5.1.0
+ uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
python-version: "3.11"
- name: "Testing Colab Notebooks"
@@ -46,13 +46,13 @@
CXX: clang++
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: "Checking out runtime submodules"
run: ./build_tools/scripts/git/update_runtime_submodules.sh
- name: "Installing build dependencies"
run: sudo apt update && sudo apt install -y ninja-build
- name: "Setting up Python"
- uses: actions/setup-python@v5.1.0
+ uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
python-version: "3.11"
- name: "Testing Samples"
@@ -69,14 +69,14 @@
shell: bash
steps:
- name: "Check out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: "Mark git safe.directory"
run: git config --global --add safe.directory '*'
- name: "Check out runtime submodules"
run: ./build_tools/scripts/git/update_runtime_submodules.sh
- name: "Installing build dependencies"
run: sudo apt update && sudo apt install -y ninja-build
- - uses: actions/setup-python@v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
python-version: "3.11"
- name: "Setup Python venv"
@@ -89,7 +89,7 @@
iree-compiler \
iree-runtime
- name: "Setup emsdk"
- uses: mymindstorm/setup-emsdk@v14
+ uses: mymindstorm/setup-emsdk@6ab9eb1bda2574c4ddb79809fc9247783eaf9021 # v14
with:
version: 3.1.44
- name: "Test experimental web samples"
diff --git a/.github/workflows/schedule_candidate_release.yml b/.github/workflows/schedule_candidate_release.yml
index 80d17b2..133473d 100644
--- a/.github/workflows/schedule_candidate_release.yml
+++ b/.github/workflows/schedule_candidate_release.yml
@@ -17,7 +17,7 @@
runs-on: ubuntu-20.04
steps:
- name: Checking out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ secrets.WRITE_ACCESS_TOKEN }}
fetch-depth: 0
@@ -64,7 +64,7 @@
prerelease: true
- name: "Invoke workflow :: Build Release Packages"
- uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2.2
+ uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4
with:
workflow: Build Release Packages
token: ${{ secrets.WRITE_ACCESS_TOKEN }}
diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml
index 49f7287..02d1e67 100644
--- a/.github/workflows/setup.yml
+++ b/.github/workflows/setup.yml
@@ -52,7 +52,7 @@
write-caches: ${{ steps.configure.outputs.write-caches }}
steps:
- name: "Checking out repository"
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# We need the parent commit to do a diff
fetch-depth: 2
diff --git a/.github/workflows/validate_and_publish_release.yml b/.github/workflows/validate_and_publish_release.yml
index ffcf39f..1d8afcc 100644
--- a/.github/workflows/validate_and_publish_release.yml
+++ b/.github/workflows/validate_and_publish_release.yml
@@ -35,7 +35,7 @@
ls -R
- name: Set up python
id: set_up_python
- uses: actions/setup-python@v5.1.0
+ uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.1.0
with:
python-version: "3.9"
- name: Install python packages
@@ -122,7 +122,7 @@
release_id: ${{ github.event.inputs.release_id }}
- name: Checking out repository
- uses: actions/checkout@v4.1.7
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ secrets.WRITE_ACCESS_TOKEN }}
# Get all history. Otherwise the latest-snapshot branch can't be
@@ -130,7 +130,7 @@
fetch-depth: 0
- name: Updating latest-snapshot branch
- uses: ad-m/github-push-action@v0.8.0
+ uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0
with:
github_token: ${{ secrets.WRITE_ACCESS_TOKEN }}
branch: latest-snapshot
