diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index a575779d56..750030b80f 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -34,7 +34,7 @@ jobs: }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Load branch name id: get-branch @@ -54,7 +54,7 @@ jobs: if: github.repository_owner == 'nvidia' && github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Load branch from environment name if: inputs.backport-branch == null diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index c9fee3938a..2e12d94796 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -20,10 +20,10 @@ jobs: security-events: write steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 + uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 with: enable-cache: false @@ -38,10 +38,10 @@ jobs: echo "codes=$(uvx toml2json ./ruff.toml | jq -r '.lint.ignore | map(select(test("^S\\d+"))) | join(",")')" >> "$GITHUB_OUTPUT" - name: Perform Bandit Analysis using Ruff - uses: astral-sh/ruff-action@57714a7c8a2e59f32539362ba31877a1957dded1 # v3.5.1 + uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3.6.1 with: args: "check --select S --ignore ${{ steps.ignore-codes.outputs.codes }} --output-format sarif --output-file results.sarif" - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@v4.32.0 with: sarif_file: results.sarif diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 356431e8e4..b24f7cc56a 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -54,7 +54,7 @@ jobs: exit 1 fi - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 ref: ${{ inputs.git-tag }} @@ -62,7 +62,7 @@ jobs: # TODO: This workflow runs on GH-hosted runner and cannot use the proxy cache - name: Set up miniforge - uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f # v3.2.0 + uses: conda-incubator/setup-miniconda@fc2d68f6413eb2d87b895e92f8584b5b94a10167 # v3.3.0 with: activate-environment: cuda-python-docs environment-file: ./cuda_python/docs/environment-docs.yml @@ -259,7 +259,7 @@ jobs: - name: Deploy doc update if: ${{ github.ref_name == 'main' || inputs.is-release }} - uses: JamesIves/github-pages-deploy-action@9d877eea73427180ae43cf98e8914934fe157a1a # v4.7.6 + uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0 with: git-config-name: cuda-python-bot git-config-email: cuda-python-bot@users.noreply.github.com diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 438cf4b14b..d5726545f3 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -40,7 +40,7 @@ jobs: (inputs.host-platform == 'win-64' && 'windows-2022') }} steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -67,7 +67,7 @@ jobs: - name: Set up Python id: setup-python1 - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: # WAR: setup-python is not relocatable, and cibuildwheel hard-wires to 3.12... # see https://github.com/actions/setup-python/issues/871 @@ -150,7 +150,7 @@ jobs: cuda-version: ${{ inputs.cuda-version }} - name: Build cuda.bindings wheel - uses: pypa/cibuildwheel@63fd63b352a9a8bdcc24791c9dbee952ee9a8abc # v3.3.0 + uses: pypa/cibuildwheel@298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e # v3.3.1 with: package-dir: ./cuda_bindings/ output-dir: ${{ env.CUDA_BINDINGS_ARTIFACTS_DIR }} @@ -204,7 +204,7 @@ jobs: if-no-files-found: error - name: Build cuda.core wheel - uses: pypa/cibuildwheel@63fd63b352a9a8bdcc24791c9dbee952ee9a8abc # v3.3.0 + uses: pypa/cibuildwheel@298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e # v3.3.1 with: package-dir: ./cuda_core/ output-dir: ${{ env.CUDA_CORE_ARTIFACTS_DIR }} @@ -292,7 +292,7 @@ jobs: - name: Set up Python id: setup-python2 - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} @@ -383,7 +383,7 @@ jobs: rmdir $OLD_BASENAME - name: Build cuda.core wheel - uses: pypa/cibuildwheel@63fd63b352a9a8bdcc24791c9dbee952ee9a8abc # v3.3.0 + uses: pypa/cibuildwheel@298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e # v3.3.1 with: package-dir: ./cuda_core/ output-dir: ${{ env.CUDA_CORE_ARTIFACTS_DIR }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 80d8cc7ba2..bf6bb8fca5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: CUDA_PREV_BUILD_VER: ${{ steps.get-vars.outputs.cuda_prev_build_ver }} steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Get CUDA build versions @@ -43,7 +43,7 @@ jobs: doc-only: ${{ steps.get-should-skip.outputs.doc_only }} steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Compute whether to skip builds and tests id: get-should-skip env: diff --git a/.github/workflows/cleanup-pr-previews.yml b/.github/workflows/cleanup-pr-previews.yml index 872b2fe37d..a0811a0de2 100644 --- a/.github/workflows/cleanup-pr-previews.yml +++ b/.github/workflows/cleanup-pr-previews.yml @@ -28,7 +28,7 @@ jobs: if: github.repository_owner == 'NVIDIA' steps: - name: Checkout repository - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 with: # Fetch all history and branches for worktree operations fetch-depth: 0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a79182b5ef..a26db389ba 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,16 +28,16 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 + uses: github/codeql-action/init@f985be5b50bd175586d44aac9ac52926adf12893 # v3.31.8 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} queries: security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 + uses: github/codeql-action/analyze@f985be5b50bd175586d44aac9ac52926adf12893 # v3.31.8 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index c7f3162ecd..1782263486 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -49,7 +49,7 @@ jobs: apt-get install -y git - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install dependencies uses: ./.github/actions/install_unix_deps @@ -75,7 +75,7 @@ jobs: echo "CUDA_PYTHON_COVERAGE=1" >> $GITHUB_ENV - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PY_VER }} env: @@ -151,7 +151,7 @@ jobs: path: docs/coverage/ - name: Deploy to gh-pages - uses: JamesIves/github-pages-deploy-action@9d877eea73427180ae43cf98e8914934fe157a1a # v4.7.6 + uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0 with: git-config-name: cuda-python-bot git-config-email: cuda-python-bot@users.noreply.github.com diff --git a/.github/workflows/release-upload.yml b/.github/workflows/release-upload.yml index ab69a82e7f..0894e595fc 100644 --- a/.github/workflows/release-upload.yml +++ b/.github/workflows/release-upload.yml @@ -41,7 +41,7 @@ jobs: ARCHIVE_NAME: ${{ github.event.repository.name }}-${{ inputs.git-tag }} steps: - name: Checkout Source - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 ref: ${{ inputs.git-tag }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 715d4e0bd0..68ce7c5716 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -50,7 +50,7 @@ jobs: run-id: ${{ steps.lookup-run-id.outputs.run-id }} steps: - name: Checkout Source - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # fetch-depth: 0 is required so the lookup-run-id script can access all git tags fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -157,7 +157,7 @@ jobs: id-token: write steps: - name: Checkout Source - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download component wheels env: diff --git a/.github/workflows/test-wheel-linux.yml b/.github/workflows/test-wheel-linux.yml index 49a0298b34..1ba20112ba 100644 --- a/.github/workflows/test-wheel-linux.yml +++ b/.github/workflows/test-wheel-linux.yml @@ -36,7 +36,7 @@ jobs: OLD_BRANCH: ${{ steps.compute-matrix.outputs.OLD_BRANCH }} steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Validate Test Type run: | @@ -87,7 +87,7 @@ jobs: run: nvidia-smi - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup proxy cache uses: nv-gha-runners/setup-proxy-cache@main @@ -214,7 +214,7 @@ jobs: ls -lahR $CUDA_CORE_CYTHON_TESTS_DIR - name: Set up Python ${{ matrix.PY_VER }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.PY_VER }} env: diff --git a/.github/workflows/test-wheel-windows.yml b/.github/workflows/test-wheel-windows.yml index 488a62db16..2cc7a125e4 100644 --- a/.github/workflows/test-wheel-windows.yml +++ b/.github/workflows/test-wheel-windows.yml @@ -33,7 +33,7 @@ jobs: MATRIX: ${{ steps.compute-matrix.outputs.MATRIX }} steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Validate Test Type run: | @@ -69,7 +69,7 @@ jobs: runs-on: "windows-${{ matrix.ARCH }}-gpu-${{ matrix.GPU }}-${{ matrix.DRIVER }}-${{ matrix.GPU_COUNT }}" steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup proxy cache uses: nv-gha-runners/setup-proxy-cache@main @@ -201,7 +201,7 @@ jobs: Get-ChildItem -Recurse -Force $env:CUDA_CORE_CYTHON_TESTS_DIR | Select-Object Mode, LastWriteTime, Length, FullName - name: Set up Python ${{ matrix.PY_VER }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.PY_VER }}