From fc0c6306a3b60d82e4e4214cb78f0c4147bc8728 Mon Sep 17 00:00:00 2001 From: KiloClaw Security Date: Sun, 28 Jun 2026 04:20:40 +0000 Subject: [PATCH] ci: pin GitHub Actions to full commit SHAs Pin unpinned action references to immutable commit SHAs. Version tags retained as inline comments. See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions --- .github/workflows/archery.yml | 4 ++-- .github/workflows/check_labels.yml | 2 +- .github/workflows/comment_bot.yml | 6 +++--- .github/workflows/cpp.yml | 16 +++++++------- .github/workflows/cpp_extra.yml | 28 ++++++++++++------------- .github/workflows/cpp_windows.yml | 4 ++-- .github/workflows/cuda_extra.yml | 6 +++--- .github/workflows/dev.yml | 10 ++++----- .github/workflows/dev_pr.yml | 10 ++++----- .github/workflows/docs.yml | 6 +++--- .github/workflows/docs_light.yml | 6 +++--- .github/workflows/integration.yml | 18 ++++++++-------- .github/workflows/issue_bot.yml | 2 +- .github/workflows/matlab.yml | 12 +++++------ .github/workflows/package_linux.yml | 4 ++-- .github/workflows/package_odbc.yml | 10 ++++----- .github/workflows/pr_bot.yml | 6 +++--- .github/workflows/pr_review_trigger.yml | 2 +- .github/workflows/python.yml | 12 +++++------ .github/workflows/r.yml | 24 ++++++++++----------- .github/workflows/r_extra.yml | 8 +++---- .github/workflows/r_nightly.yml | 8 +++---- .github/workflows/release_candidate.yml | 4 ++-- .github/workflows/report_ci.yml | 4 ++-- .github/workflows/ruby.yml | 24 ++++++++++----------- .github/workflows/stale.yml | 12 +++++------ .github/workflows/verify_rc.yml | 14 ++++++------- 27 files changed, 131 insertions(+), 131 deletions(-) diff --git a/.github/workflows/archery.yml b/.github/workflows/archery.yml index 3716b6fdb0d..b02399a22ac 100644 --- a/.github/workflows/archery.yml +++ b/.github/workflows/archery.yml @@ -58,7 +58,7 @@ jobs: timeout-minutes: 15 steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -66,7 +66,7 @@ jobs: shell: bash run: git branch $ARCHERY_DEFAULT_BRANCH origin/$ARCHERY_DEFAULT_BRANCH || true - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: '3.12' - name: Install pygit2 binary wheel diff --git a/.github/workflows/check_labels.yml b/.github/workflows/check_labels.yml index 6adc50371c2..be2d77b9820 100644 --- a/.github/workflows/check_labels.yml +++ b/.github/workflows/check_labels.yml @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout Arrow if: github.event_name == 'pull_request' - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - name: Check diff --git a/.github/workflows/comment_bot.yml b/.github/workflows/comment_bot.yml index b7336ced59e..42e47dc6721 100644 --- a/.github/workflows/comment_bot.yml +++ b/.github/workflows/comment_bot.yml @@ -36,14 +36,14 @@ jobs: pull-requests: write steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false path: arrow # fetch the tags for version number generation fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Install Archery and Crossbow dependencies @@ -64,7 +64,7 @@ jobs: if: github.event.comment.body == 'take' runs-on: ubuntu-latest steps: - - uses: actions/github-script@v9 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/cpp.yml b/.github/workflows/cpp.yml index 4764b661d97..b6a7142aeab 100644 --- a/.github/workflows/cpp.yml +++ b/.github/workflows/cpp.yml @@ -115,7 +115,7 @@ jobs: free -h lscpu - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -128,7 +128,7 @@ jobs: - name: Setup Python on hosted runner if: | matrix.runs-on == 'ubuntu-latest' - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Python on self-hosted runner @@ -176,7 +176,7 @@ jobs: timeout-minutes: 45 steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -232,7 +232,7 @@ jobs: sysctl -a | grep cpu sysctl -a | grep "hw.optional" - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -248,7 +248,7 @@ jobs: $(brew --prefix bash)/bin/bash \ ci/scripts/install_minio.sh latest ${ARROW_HOME} - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Install Google Cloud Storage Testbench @@ -365,12 +365,12 @@ jobs: /d 1 ` /f - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - - uses: msys2/setup-msys2@v2 + - uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2 with: msystem: ${{ matrix.msystem_upper }} update: true @@ -412,7 +412,7 @@ jobs: https://dl.min.io/server/minio/release/windows-amd64/archive/minio.RELEASE.2025-01-20T14-49-07Z chmod +x /usr/local/bin/minio.exe - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 id: python-install with: python-version: '3.12' diff --git a/.github/workflows/cpp_extra.yml b/.github/workflows/cpp_extra.yml index f3772f5556d..2c0c07f1111 100644 --- a/.github/workflows/cpp_extra.yml +++ b/.github/workflows/cpp_extra.yml @@ -136,7 +136,7 @@ jobs: DOCKER_VOLUME_PREFIX: ".docker/" steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -147,7 +147,7 @@ jobs: path: .docker key: cpp-extra-${{ matrix.image }} - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Archery @@ -228,7 +228,7 @@ jobs: REPO: ghcr.io/${{ github.repository }}-dev steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -242,7 +242,7 @@ jobs: path: .docker key: jni-${{ matrix.platform.runs-on }} - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Archery @@ -288,7 +288,7 @@ jobs: MACOSX_DEPLOYMENT_TARGET: "14.0" steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -387,13 +387,13 @@ jobs: UBUNTU: 24.04 steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Setup Python on hosted runner - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Archery @@ -464,7 +464,7 @@ jobs: ARROW_MIMALLOC: OFF steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -524,7 +524,7 @@ jobs: path: ${{ steps.ccache-info.outputs.cache-dir }} key: cpp-odbc-ccache-macos-${{ matrix.macos-version }}-${{ matrix.build-type }} - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Archery @@ -549,7 +549,7 @@ jobs: cpack - name: Upload ODBC PKG to the job if: matrix.build-type == 'release' - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: flight-sql-odbc-pkg-installer-${{ matrix.architecture }} path: build/cpp/ArrowFlightSQLODBC-*.pkg @@ -608,7 +608,7 @@ jobs: VCPKG_OVERLAY_TRIPLETS: ${{ github.workspace }}/ci/vcpkg steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -640,7 +640,7 @@ jobs: cd build/cpp cpack - name: Upload ODBC MSI to the job - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: flight-sql-odbc-msi-installer path: build/cpp/Apache-Arrow-Flight-SQL-ODBC-*-win64.msi @@ -688,7 +688,7 @@ jobs: if: github.event_name == 'schedule' && github.repository == 'apache/arrow' steps: - name: Download the artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: flight-sql-odbc-msi-installer - name: Prepare ODBC installer for sync @@ -707,7 +707,7 @@ jobs: tree odbc-installer - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 1 diff --git a/.github/workflows/cpp_windows.yml b/.github/workflows/cpp_windows.yml index 9a5d4353bc3..d84450c21a5 100644 --- a/.github/workflows/cpp_windows.yml +++ b/.github/workflows/cpp_windows.yml @@ -83,13 +83,13 @@ jobs: /d 1 ` /f - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Install msys2 (for tzdata for ORC tests) - uses: msys2/setup-msys2@v2 + uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2 id: setup-msys2 - name: Install cmake shell: bash diff --git a/.github/workflows/cuda_extra.yml b/.github/workflows/cuda_extra.yml index b44ae9f4d6b..707e8e2b89e 100644 --- a/.github/workflows/cuda_extra.yml +++ b/.github/workflows/cuda_extra.yml @@ -82,19 +82,19 @@ jobs: DOCKER_VOLUME_PREFIX: ".docker/" steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Cache Docker Volumes - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: .docker key: extra-${{ matrix.image }}-${{ hashFiles('cpp/**') }} restore-keys: extra-${{ matrix.image }}- - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Archery diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index bbf2b0242fb..a72b5bba918 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 15 steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -60,7 +60,7 @@ jobs: ruby-dev \ libuv1-dev - name: Cache pre-commit - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: | ~/.cache/pre-commit @@ -88,16 +88,16 @@ jobs: GIT_COMMITTER_EMAIL: "github-actions[bot]@users.noreply.github.com" steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 - name: Install Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: '3.12' - name: Install Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1 with: ruby-version: ruby - name: Install Dependencies diff --git a/.github/workflows/dev_pr.yml b/.github/workflows/dev_pr.yml index b8667f4dd52..0e23cbce493 100644 --- a/.github/workflows/dev_pr.yml +++ b/.github/workflows/dev_pr.yml @@ -43,7 +43,7 @@ jobs: name: Process runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: repository: apache/arrow ref: main @@ -53,7 +53,7 @@ jobs: if: | (github.event.action == 'opened' || github.event.action == 'edited') - uses: actions/github-script@v9 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -64,7 +64,7 @@ jobs: if: | (github.event.action == 'opened' || github.event.action == 'edited') - uses: actions/github-script@v9 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -75,7 +75,7 @@ jobs: if: | (github.event.action == 'opened' || github.event.action == 'edited') - uses: actions/github-script@v9 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: debug: true github-token: ${{ secrets.GITHUB_TOKEN }} @@ -87,7 +87,7 @@ jobs: if: | (github.event.action == 'opened' || github.event.action == 'synchronize') - uses: actions/labeler@v6 + uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6 with: repo-token: ${{ secrets.GITHUB_TOKEN }} configuration-path: .github/workflows/dev_pr/labeler.yml diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index c02c02e0438..e4a7a8075c0 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -49,7 +49,7 @@ jobs: JDK: 17 steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -57,13 +57,13 @@ jobs: run: | ci/scripts/util_free_space.sh - name: Cache Docker Volumes - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: .docker key: debian-docs-${{ hashFiles('cpp/**') }} restore-keys: debian-docs- - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Setup Archery diff --git a/.github/workflows/docs_light.yml b/.github/workflows/docs_light.yml index 2819da4d32e..91c02d2b855 100644 --- a/.github/workflows/docs_light.yml +++ b/.github/workflows/docs_light.yml @@ -50,18 +50,18 @@ jobs: PYTHON: "3.12" steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 - name: Cache Docker Volumes - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: .docker key: conda-docs-${{ hashFiles('cpp/**') }} restore-keys: conda-docs- - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Setup Archery diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 0668e927770..9ac50908b20 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -66,43 +66,43 @@ jobs: timeout-minutes: 60 steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Checkout Arrow Rust - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false repository: apache/arrow-rs path: rust - name: Checkout Arrow nanoarrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false repository: apache/arrow-nanoarrow path: nanoarrow - name: Checkout Arrow Go - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false repository: apache/arrow-go path: go - name: Checkout Arrow Java - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false repository: apache/arrow-java path: java - name: Checkout Arrow JS - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false repository: apache/arrow-js path: js - name: Checkout Arrow .NET - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false repository: apache/arrow-dotnet @@ -111,13 +111,13 @@ jobs: run: | ci/scripts/util_free_space.sh - name: Cache Docker Volumes - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: .docker key: conda-${{ hashFiles('cpp/**') }} restore-keys: conda- - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Setup Archery diff --git a/.github/workflows/issue_bot.yml b/.github/workflows/issue_bot.yml index 32e5effab34..79ccb457f53 100644 --- a/.github/workflows/issue_bot.yml +++ b/.github/workflows/issue_bot.yml @@ -33,7 +33,7 @@ jobs: permissions: issues: write steps: - - uses: actions/github-script@v9 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: script: | const moved_repos = { diff --git a/.github/workflows/matlab.yml b/.github/workflows/matlab.yml index d6f606d3311..2284ce1351e 100644 --- a/.github/workflows/matlab.yml +++ b/.github/workflows/matlab.yml @@ -51,7 +51,7 @@ jobs: if: ${{ !contains(github.event.pull_request.title, 'WIP') }} steps: - name: Check out repository - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -71,7 +71,7 @@ jobs: shell: bash run: echo "cache-dir=$(ccache --get-config cache_dir)" >> $GITHUB_OUTPUT - name: Cache ccache - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: ${{ steps.ccache-info.outputs.cache-dir }} key: matlab-ccache-ubuntu-${{ hashFiles('cpp/**', 'matlab/**') }} @@ -100,7 +100,7 @@ jobs: macos-version: "14" steps: - name: Check out repository - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -120,7 +120,7 @@ jobs: shell: bash run: echo "cache-dir=$(ccache --get-config cache_dir)" >> $GITHUB_OUTPUT - name: Cache ccache - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: ${{ steps.ccache-info.outputs.cache-dir }} key: matlab-ccache-macos-${{ hashFiles('cpp/**', 'matlab/**') }} @@ -142,7 +142,7 @@ jobs: if: ${{ !contains(github.event.pull_request.title, 'WIP') }} steps: - name: Check out repository - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -161,7 +161,7 @@ jobs: shell: bash run: echo "cache-dir=$(ccache --get-config cache_dir)" >> $GITHUB_OUTPUT - name: Cache ccache - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: | ${{ steps.ccache-info.outputs.cache-dir }} diff --git a/.github/workflows/package_linux.yml b/.github/workflows/package_linux.yml index 81c0922df6c..3e5ffd6143a 100644 --- a/.github/workflows/package_linux.yml +++ b/.github/workflows/package_linux.yml @@ -116,7 +116,7 @@ jobs: BUILD_DIR: "${{ github.workspace }}/packages.build" steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -297,7 +297,7 @@ jobs: tar cvzf ${{ matrix.id }}.tar.gz ${DISTRIBUTION} dev/release/utils-generate-checksum.sh ${{ matrix.id }}.tar.gz - name: Upload the artifacts to the job - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: ${{ matrix.id }} path: ${{ matrix.id }}.tar.gz* diff --git a/.github/workflows/package_odbc.yml b/.github/workflows/package_odbc.yml index cc2aad00aca..a9a5eb14f55 100644 --- a/.github/workflows/package_odbc.yml +++ b/.github/workflows/package_odbc.yml @@ -67,7 +67,7 @@ jobs: VCPKG_DEFAULT_TRIPLET: x64-windows steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -82,7 +82,7 @@ jobs: -Path build/cpp/${{ env.ARROW_BUILD_TYPE }}/arrow_flight_sql_odbc.dll ` -NewName arrow_flight_sql_odbc_unsigned.dll - name: Upload ODBC DLL to the job - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: flight-sql-odbc-dll path: build/cpp/${{ env.ARROW_BUILD_TYPE }}/arrow_flight_sql_odbc_unsigned.dll @@ -97,13 +97,13 @@ jobs: contents: write steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Download the artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: flight-sql-odbc-dll - name: Wait for creating GitHub Release @@ -133,7 +133,7 @@ jobs: env: *odbc_msvc_env steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/pr_bot.yml b/.github/workflows/pr_bot.yml index 0733cab90c8..7f633b165ff 100644 --- a/.github/workflows/pr_bot.yml +++ b/.github/workflows/pr_bot.yml @@ -40,7 +40,7 @@ jobs: - name: 'Download PR review payload' id: 'download' if: github.event_name == 'workflow_run' - uses: actions/github-script@v9 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: script: | const run_id = "${{ github.event.workflow_run.id }}"; @@ -73,7 +73,7 @@ jobs: curl -sL -o committers.yml $url echo "committers_path=$(pwd)/committers.yml" >> $GITHUB_OUTPUT - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: path: arrow repository: apache/arrow @@ -82,7 +82,7 @@ jobs: # fetch the tags for version number generation fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Install Archery and Crossbow dependencies diff --git a/.github/workflows/pr_review_trigger.yml b/.github/workflows/pr_review_trigger.yml index 4dc8f4f7e62..1eed6bc64d6 100644 --- a/.github/workflows/pr_review_trigger.yml +++ b/.github/workflows/pr_review_trigger.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Upload PR review Payload" - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: path: "${{ github.event_path }}" name: "pr_review_payload" diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 4f5bd1490fe..0fcb49cbaef 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -101,7 +101,7 @@ jobs: NUMPY: ${{ matrix.numpy || 'latest' }} steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -112,7 +112,7 @@ jobs: path: .docker key: python-${{ matrix.name }} - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Setup Archery @@ -188,13 +188,13 @@ jobs: MACOSX_DEPLOYMENT_TARGET: 12.0 steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: '3.11' - name: Install Dependencies @@ -272,13 +272,13 @@ jobs: /d 1 ` /f - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.13 - name: Install ccache diff --git a/.github/workflows/r.yml b/.github/workflows/r.yml index 5f685cccc60..883cdea4795 100644 --- a/.github/workflows/r.yml +++ b/.github/workflows/r.yml @@ -78,7 +78,7 @@ jobs: UBUNTU: ${{ matrix.ubuntu }} steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -87,7 +87,7 @@ jobs: run: | ci/scripts/util_free_space.sh - name: Cache Docker Volumes - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: .docker # As this key is identical on both matrix builds only one will be able to successfully cache, @@ -97,7 +97,7 @@ jobs: ubuntu-${{ matrix.ubuntu }}-r-${{ matrix.r }}-${{ hashFiles('cpp/src/**/*.cc','cpp/src/**/*.h)') }}- ubuntu-${{ matrix.ubuntu }}-r-${{ matrix.r }}- - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Setup Archery @@ -119,7 +119,7 @@ jobs: if: always() - name: Save the test output if: always() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: test-output-${{ matrix.ubuntu }}-${{ matrix.r }} path: r/check/arrow.Rcheck/tests/testthat.Rout* @@ -151,13 +151,13 @@ jobs: R_TAG: ${{ matrix.config.tag }} steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Setup Archery @@ -180,7 +180,7 @@ jobs: if: always() - name: Save the test output if: always() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: test-output-bundled path: r/check/arrow.Rcheck/tests/testthat.Rout* @@ -209,7 +209,7 @@ jobs: steps: - run: git config --global core.autocrlf false - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -219,7 +219,7 @@ jobs: ci/scripts/ccache_setup.sh echo "CCACHE_DIR=$(cygpath --absolute --windows ccache)" >> $GITHUB_ENV - name: Cache ccache - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: ccache key: r-${{ matrix.config.rtools }}-ccache-mingw-${{ matrix.config.arch }}-${{ hashFiles('cpp/src/**/*.cc','cpp/src/**/*.h)') }}-${{ github.run_id }} @@ -244,7 +244,7 @@ jobs: # So that they're unique when multiple are downloaded in the next step shell: bash run: mv libarrow.zip libarrow-rtools${{ matrix.config.rtools }}-${{ matrix.config.arch }}.zip - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: libarrow-rtools${{ matrix.config.rtools }}-${{ matrix.config.arch }}.zip path: libarrow-rtools${{ matrix.config.rtools }}-${{ matrix.config.arch }}.zip @@ -267,7 +267,7 @@ jobs: steps: - run: git config --global core.autocrlf false - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -289,7 +289,7 @@ jobs: ci/scripts/download_tz_database.sh - run: mkdir r/windows - name: Download artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: libarrow-rtools40-ucrt64.zip path: r/windows diff --git a/.github/workflows/r_extra.yml b/.github/workflows/r_extra.yml index aa5d0fd9145..2c8abc3d62b 100644 --- a/.github/workflows/r_extra.yml +++ b/.github/workflows/r_extra.yml @@ -150,19 +150,19 @@ jobs: DOCKER_VOLUME_PREFIX: ".docker/" steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Cache Docker Volumes - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: .docker key: extra-${{ matrix.image }}-${{ hashFiles('cpp/**') }} restore-keys: extra-${{ matrix.image }}- - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Archery @@ -202,7 +202,7 @@ jobs: continue-on-error: true - name: Save the test output if: always() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: test-output-{{ "${{ matrix.config.r_image }}" }} path: r/check/arrow.Rcheck/tests/testthat.Rout* diff --git a/.github/workflows/r_nightly.yml b/.github/workflows/r_nightly.yml index 783f8dbb1b9..b16a32efb1d 100644 --- a/.github/workflows/r_nightly.yml +++ b/.github/workflows/r_nightly.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 1 @@ -54,7 +54,7 @@ jobs: ref: main submodules: recursive - name: Checkout Crossbow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -62,7 +62,7 @@ jobs: repository: ursacomputing/crossbow ref: main - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: cache: 'pip' python-version: 3.12 @@ -88,7 +88,7 @@ jobs: exit 1 fi - name: Cache Repo - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: repo key: r-nightly-${{ github.run_id }} diff --git a/.github/workflows/release_candidate.yml b/.github/workflows/release_candidate.yml index f34d7fadb02..fec59354a12 100644 --- a/.github/workflows/release_candidate.yml +++ b/.github/workflows/release_candidate.yml @@ -44,7 +44,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -102,7 +102,7 @@ jobs: "${RELEASE_TARBALL}" fi - name: Upload Artifacts - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: release-candidate path: ${{ env.RELEASE_TARBALL }}* diff --git a/.github/workflows/report_ci.yml b/.github/workflows/report_ci.yml index 17efc4b5d69..c08248d4bbd 100644 --- a/.github/workflows/report_ci.yml +++ b/.github/workflows/report_ci.yml @@ -39,12 +39,12 @@ jobs: name: ${{ github.job }} steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Archery diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index 92d60fb834d..4b0bcdcfb1a 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -81,19 +81,19 @@ jobs: UBUNTU: ${{ matrix.ubuntu }} steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Cache Docker Volumes - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: .docker key: ubuntu-${{ matrix.ubuntu }}-ruby-${{ hashFiles('cpp/**') }} restore-keys: ubuntu-${{ matrix.ubuntu }}-ruby- - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3.12 - name: Setup Archery @@ -152,7 +152,7 @@ jobs: ARROW_WITH_ZSTD: ON steps: - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -184,7 +184,7 @@ jobs: run: | echo "cache-dir=$(ccache --get-config cache_dir)" >> $GITHUB_OUTPUT - name: Cache ccache - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: ${{ steps.ccache-info.outputs.cache-dir }} key: ruby-ccache-macos-${{ hashFiles('cpp/**') }} @@ -251,20 +251,20 @@ jobs: /d 1 ` /f - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 submodules: recursive - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1 with: ruby-version: ${{ matrix.ruby-version }} - name: Setup MSYS2 run: | ridk exec bash ci\scripts\msys2_setup.sh ruby - name: Cache ccache - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: ccache key: ruby-ccache-ucrt${{ matrix.mingw-n-bits }}-${{ hashFiles('cpp/**') }} @@ -288,7 +288,7 @@ jobs: Write-Output "gem-dir=$(ridk exec gem env gemdir)" | ` Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append - name: Cache RubyGems - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: ${{ steps.rubygems-info.outputs.gem-dir }} key: ruby-rubygems-ucrt${{ matrix.mingw-n-bits }}-${{ hashFiles('**/Gemfile', 'ruby/*/*.gemspec') }} @@ -370,7 +370,7 @@ jobs: /d 1 ` /f - name: Checkout Arrow - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -392,7 +392,7 @@ jobs: run: | echo "cache-dir=$(ccache --get-config cache_dir)" >> $GITHUB_OUTPUT - name: Cache ccache - uses: actions/cache@v5 + uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5 with: path: ${{ steps.ccache-info.outputs.cache-dir }} key: glib-ccache-msvc-${{ env.CACHE_VERSION }}-${{ hashFiles('cpp/**') }} @@ -401,7 +401,7 @@ jobs: # We can invalidate the current cache by updating this. CACHE_VERSION: "2024-05-09" - name: Checkout vcpkg - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 84c4d8846a5..ef4ce7d7461 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -28,7 +28,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v10 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10 with: stale-pr-message: "Thank you for your contribution. Unfortunately, this pull request has been marked as stale because it has had no activity in the past 365 days. Please remove the stale label or comment below, or this PR will be closed in 14 days. Feel free to re-open this if it has been closed in error. If you do not have repository permissions to reopen the PR, please tag a maintainer." stale-pr-label: "Status: stale-warning" @@ -46,7 +46,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v10 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10 with: stale-pr-label: "Status: stale-warning" only-pr-labels: "Status: stale-warning" @@ -63,7 +63,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v10 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10 with: # exclude PRs days-before-pr-stale: -1 @@ -82,7 +82,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v10 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10 with: # exclude PRs days-before-pr-stale: -1 @@ -99,7 +99,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v10 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10 with: # exclude PRs days-before-pr-stale: -1 @@ -118,7 +118,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v10 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10 with: # exclude PRs days-before-pr-stale: -1 diff --git a/.github/workflows/verify_rc.yml b/.github/workflows/verify_rc.yml index 04342ca3a42..8a8847b3b67 100644 --- a/.github/workflows/verify_rc.yml +++ b/.github/workflows/verify_rc.yml @@ -91,7 +91,7 @@ jobs: TEST_APT: "1" VERSION: ${{ needs.target.outputs.version }} steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0 @@ -135,7 +135,7 @@ jobs: TEST_BINARY: "1" VERSION: ${{ needs.target.outputs.version }} steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - name: Run @@ -160,10 +160,10 @@ jobs: TEST_WHEELS: "1" VERSION: ${{ needs.target.outputs.version }} steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: 3 - name: Setup Archery @@ -208,7 +208,7 @@ jobs: TEST_WHEELS: "1" VERSION: ${{ needs.target.outputs.version }} steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - name: Run @@ -228,7 +228,7 @@ jobs: TEST_WHEELS: "1" VERSION: ${{ needs.target.outputs.version }} steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false submodules: recursive @@ -263,7 +263,7 @@ jobs: TEST_YUM: "1" VERSION: ${{ needs.target.outputs.version }} steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false fetch-depth: 0