From 2fd0a227ffdfa84010b33760a0e9caff5d97d5e6 Mon Sep 17 00:00:00 2001 From: Carlos Gonzalez Date: Thu, 3 Oct 2024 10:51:45 +0100 Subject: [PATCH] [CP-Sec] Revert hash pinning for GitHub actions --- .../actions/build_portBLAS_action/action.yml | 2 +- .../actions/build_portDNN_action/action.yml | 2 +- .../build_vgg_resnet_action/action.yml | 4 +-- .github/actions/setup_ubuntu_build/action.yml | 2 +- .github/workflows/build_pr_cache.yml | 2 +- .github/workflows/create_llvm.yml | 6 ++-- .../workflows/create_publish_artifacts.yml | 6 ++-- .github/workflows/docs.yml | 6 ++-- .github/workflows/run_ock_demo.yml | 28 +++++++++---------- .github/workflows/run_pr_tests.yml | 6 ++-- .github/workflows/scorecard.yml | 2 +- 11 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/actions/build_portBLAS_action/action.yml b/.github/actions/build_portBLAS_action/action.yml index 7967a41e06..76a5efc3bd 100644 --- a/.github/actions/build_portBLAS_action/action.yml +++ b/.github/actions/build_portBLAS_action/action.yml @@ -46,7 +46,7 @@ runs: tar -cvzf portBLAS_build.tar.gz portBLAS_build_dir - name: Upload Artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@v4 with: name: portBLAS_build path: portBLAS_build.tar.gz diff --git a/.github/actions/build_portDNN_action/action.yml b/.github/actions/build_portDNN_action/action.yml index 5fcf8adefc..f014079c3d 100644 --- a/.github/actions/build_portDNN_action/action.yml +++ b/.github/actions/build_portDNN_action/action.yml @@ -47,7 +47,7 @@ runs: tar -cvzf portDNN_build.tar.gz portDNN_build_dir - name: Upload Artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@v4 with: name: portDNN_build path: portDNN_build.tar.gz diff --git a/.github/actions/build_vgg_resnet_action/action.yml b/.github/actions/build_vgg_resnet_action/action.yml index 956343e090..3888675059 100644 --- a/.github/actions/build_vgg_resnet_action/action.yml +++ b/.github/actions/build_vgg_resnet_action/action.yml @@ -11,7 +11,7 @@ runs: using: "composite" steps: - name: setup python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@v5 with: python-version: '3.8' @@ -88,7 +88,7 @@ runs: tar -cvzf network_artifacts.tar.gz vgg_data resnet_data Labrador_Retriever_Molly.jpg Labrador_Retriever_Molly.jpg.bin - name: Upload Artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@v4 with: name: network_build path: network_artifacts.tar.gz diff --git a/.github/actions/setup_ubuntu_build/action.yml b/.github/actions/setup_ubuntu_build/action.yml index 57befa5399..1ca12c21b2 100644 --- a/.github/actions/setup_ubuntu_build/action.yml +++ b/.github/actions/setup_ubuntu_build/action.yml @@ -32,7 +32,7 @@ runs: uses: llvm/actions/install-ninja@main - name: load llvm - uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache/restore@v4 with: path: llvm_install/** key: llvm-ubuntu-${{ inputs.ubuntu_version }}-${{ inputs.arch }}-v${{ inputs.llvm_version}}-${{ inputs.llvm_build_type }} diff --git a/.github/workflows/build_pr_cache.yml b/.github/workflows/build_pr_cache.yml index eeecf4c26a..2a20b9c75e 100644 --- a/.github/workflows/build_pr_cache.yml +++ b/.github/workflows/build_pr_cache.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 # installs tools, ninja and installs llvm (default 17, RelAssert) and sets up cache - name: setup-ubuntu diff --git a/.github/workflows/create_llvm.yml b/.github/workflows/create_llvm.yml index fead2c8094..37193522f1 100644 --- a/.github/workflows/create_llvm.yml +++ b/.github/workflows/create_llvm.yml @@ -54,7 +54,7 @@ jobs: steps: - name: Cache llvm id: cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@v4 with: path: llvm_install/** @@ -68,14 +68,14 @@ jobs: - name: Checkout repo llvm if: steps.cache.outputs.cache-hit != 'true' - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 with: repository: llvm/llvm-project ref: release/${{matrix.version}}.x - name: Checkout repo ock platform if: ${{ steps.cache.outputs.cache-hit != 'true' && matrix.arch != 'x86_64' }} - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 with: sparse-checkout: | platform diff --git a/.github/workflows/create_publish_artifacts.yml b/.github/workflows/create_publish_artifacts.yml index 915d530eae..7ed095daa7 100644 --- a/.github/workflows/create_publish_artifacts.yml +++ b/.github/workflows/create_publish_artifacts.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 # installs tools, ninja, installs llvm and sets up sccache - name: Setup ubuntu @@ -32,7 +32,7 @@ jobs: llvm_build_type: Release - name: Setup python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@v5 with: python-version: '3.8' @@ -85,7 +85,7 @@ jobs: tar -czf ock_install.tar.gz install - name: Upload Artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@v4 with: name: riscv-build path: ock_install.tar.gz diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index ae3f12a702..49be30e5e1 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -23,9 +23,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@v5 with: python-version: 3.9 @@ -44,6 +44,6 @@ jobs: cmake --build build_doc --target doc_html - name: Upload artifact - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 + uses: actions/upload-pages-artifact@v3 with: path: ${{github.workspace}}/build_doc/doc/html diff --git a/.github/workflows/run_ock_demo.yml b/.github/workflows/run_ock_demo.yml index e42c217aa2..7c9e1b0aa4 100644 --- a/.github/workflows/run_ock_demo.yml +++ b/.github/workflows/run_ock_demo.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 # installs tools, ninja, installs llvm and sets up sccahe - name: setup ubuntu @@ -31,7 +31,7 @@ jobs: llvm_build_type: RelAssert - name: setup python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@v5 with: python-version: '3.8' @@ -91,7 +91,7 @@ jobs: tar -cvzf ock_demo_artifacts.tar.gz ock_install_dir -C examples/technical_blogs/ock_demo_blog getting_started.md envvars - name: Upload OCK artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@v4 with: name: ock_demo_build path: ock_demo_artifacts.tar.gz @@ -101,10 +101,10 @@ jobs: needs: run_riscv_m1_ock_demo steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 - name: Download OCK artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 + uses: actions/download-artifact@v4 with: name: ock_demo_build @@ -122,10 +122,10 @@ jobs: needs: run_riscv_m1_ock_demo steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 - name: Download OCK artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 + uses: actions/download-artifact@v4 with: name: ock_demo_build @@ -145,15 +145,15 @@ jobs: needs: [run_riscv_m1_ock_demo, build_portDNN] steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 - name: Download OCK artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 + uses: actions/download-artifact@v4 with: name: ock_demo_build - name: Download portDNN build artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 + uses: actions/download-artifact@v4 with: name: portDNN_build @@ -174,22 +174,22 @@ jobs: GH_TOKEN: ${{ secrets.GH_TOKEN }} steps: - name: Download OCK artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 + uses: actions/download-artifact@v4 with: name: ock_demo_build - name: Download portDNN build artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 + uses: actions/download-artifact@v4 with: name: portDNN_build - name: Download portBLAS build artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 + uses: actions/download-artifact@v4 with: name: portBLAS_build - name: Download network artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 + uses: actions/download-artifact@v4 with: name: network_build diff --git a/.github/workflows/run_pr_tests.yml b/.github/workflows/run_pr_tests.yml index 60eb0cc2c9..57d429ee44 100644 --- a/.github/workflows/run_pr_tests.yml +++ b/.github/workflows/run_pr_tests.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 # installs tools, ninja, installs llvm and sets up sccahe - name: setup-ubuntu @@ -75,7 +75,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 # installs tools, ninja, installs llvm and sets up sccahe - name: setup-ubuntu @@ -102,7 +102,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@v4 - name: setup-ubuntu-clang-format run: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 29ce490cba..54a0933fc9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -39,7 +39,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@v4 with: name: SARIF file path: results.sarif