Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update and pin dependencies #18454

Merged
merged 13 commits into from
Sep 6, 2024
Merged

Update and pin dependencies #18454

merged 13 commits into from
Sep 6, 2024

Conversation

marbre
Copy link
Member

@marbre marbre commented Sep 6, 2024
edited
Loading

Pins (and updates some) dependencies as suggested by OpenSSF Scorecard, see https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies.

@marbre
Pin actions/checkout with hash
68c2658
@marbre
Update actions/upload-artifact and pin with hash
bf1380f 
With v4.4.0 and later, hidden files are excluded by default.
@marbre
Update actions/setup-python and pin with hash
52c5273
@marbre
Update actions/download-artifact and pin with hash
434d21a
@marbre
Pin ad-m/github-push-action with hash
bc62f81
@marbre
Pin mymindstorm/setup-emsdk with hash
be36d08
@marbre
Pin hendrikmuhs/ccache-action with hash
32590ba
@marbre
Pin nttld/setup-ndk with hash
67f3934
@marbre
Pin pre-commit/action with hash
57fea93
@marbre
Update sarisia/actions-status-discord and pin with hash
802afd3
@marbre
Pin ilammy/msvc-dev-cmd with hash
c4ac145
@marbre
Update peter-evans/create-pull-request and pin with hash
6588027
@marbre
Update benc-uk/workflow-dispatch
43584e7 
With v1.2.3 the action was switched to node20, whereas running older
node versions generated a warning and actions were even forced to run on
a newer version.
@marbre marbre added the infrastructure Relating to build systems, CI, or testing label Sep 6, 2024
@marbre marbre marked this pull request as ready for review September 6, 2024 16:03
@marbre
Copy link
Member Author

marbre commented Sep 6, 2024

@ScottTodd the failing Bump submodule - torch-mlir / bump_submodule (pull_request) should be unrelated. Anything else we need to explicitly run?

@ScottTodd
Copy link
Member

@ScottTodd the failing Bump submodule - torch-mlir / bump_submodule (pull_request) should be unrelated. Anything else we need to explicitly run?

Nope, should be good to merge. We can monitor for any errors after merging.

@ScottTodd
Copy link
Member

Actually, can you link to the policy / scorecard context in the PR description?

@marbre marbre merged commit b78def2 into iree-org:main Sep 6, 2024
43 of 44 checks passed
@marbre marbre deleted the pin-update-dependencies branch September 6, 2024 16:53
IanWood1 pushed a commit to IanWood1/iree that referenced this pull request Sep 8, 2024
@marbre @IanWood1
Update and pin dependencies (iree-org#18454)
5ac0c97 
Pins (and updates some) dependencies as suggested by OpenSSF Scorecard,
see
https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies.
josemonsalve2 pushed a commit to josemonsalve2/iree that referenced this pull request Sep 14, 2024
@marbre @josemonsalve2
Update and pin dependencies (iree-org#18454)
ef3f0ce 
Pins (and updates some) dependencies as suggested by OpenSSF Scorecard,
see
https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ScottTodd ScottTodd ScottTodd approved these changes

Assignees
No one assigned
Labels
infrastructure Relating to build systems, CI, or testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marbre @ScottTodd