From 1a6167cc5c2ac604ac0f18eb736029c3846c42e1 Mon Sep 17 00:00:00 2001 From: Aniket Singh Yadav Date: Mon, 4 May 2026 17:44:31 +0530 Subject: [PATCH 1/4] pin full commit sha instead of tags --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/lint.yaml | 10 +++++----- .github/workflows/main.yaml | 18 +++++++++--------- .github/workflows/pages.yaml | 12 ++++++------ 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 30a97315d0..9a11c7aa18 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,11 +41,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -59,7 +59,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v4 + uses: github/codeql-action/autobuild@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -72,4 +72,4 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 518d9d6d18..d574034dc9 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -21,9 +21,9 @@ jobs: pull-requests: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: misspell # Check spelling - uses: reviewdog/action-misspell@v1 + uses: reviewdog/action-misspell@0789410278cba39afd488d97a0e305ba35776bbf # v1 with: github_token: ${{ secrets.github_token }} locale: "US" @@ -31,7 +31,7 @@ jobs: level: info filter_mode: diff_context - name: shellcheck # Static check shell scripts - uses: reviewdog/action-shellcheck@v1 + uses: reviewdog/action-shellcheck@4410ae3f82f068bdb0234069a9bf2367923fb39a # v1 with: github_token: ${{ secrets.github_token }} reporter: github-pr-check @@ -44,9 +44,9 @@ jobs: permissions: security-events: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 with: # Version range or exact version of Python to use, using SemVer's version range syntax. Reads from .python-version if unset. python-version: "3.10" diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index ae8fbbdaaf..b6df9a1d51 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -57,9 +57,9 @@ jobs: nox-tag: test-onnx-ir-git runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ matrix.python-version }} - name: Install nox @@ -73,17 +73,17 @@ jobs: CREATE_REPRODUCTION_REPORT: "${{ matrix.os == 'ubuntu-latest' && '1' || '0' }}" - name: Upload coverage to Codecov if: always() - uses: codecov/codecov-action@v6 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6 with: token: ${{ secrets.CODECOV_TOKEN }} - name: Upload test results to Codecov if: ${{ !cancelled() }} - uses: codecov/test-results-action@v1 + uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1 with: token: ${{ secrets.CODECOV_TOKEN }} - name: Upload torchlib error reports if: always() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: Error reports (${{ matrix.name }}-${{ matrix.os }}) path: error_reports @@ -95,9 +95,9 @@ jobs: os: [ubuntu-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 with: python-version: "3.10" cache: pip @@ -119,9 +119,9 @@ jobs: update_readme: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 - name: Update readme run: | python docs/update_readme.py diff --git a/.github/workflows/pages.yaml b/.github/workflows/pages.yaml index ba9307afdd..ce58d45daf 100644 --- a/.github/workflows/pages.yaml +++ b/.github/workflows/pages.yaml @@ -25,14 +25,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Pages - uses: actions/configure-pages@v6 + uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6 - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 with: python-version: "3.10" - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install dependencies run: | python -m pip install --upgrade pip setuptools wheel @@ -42,9 +42,9 @@ jobs: - name: Build documentation run: python -m sphinx docs dist/html - name: Upload documentation archive - uses: actions/upload-pages-artifact@v5 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5 with: path: 'dist/html' - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v5 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5 From af95d1eba778498fc907155d8147bb197f6233c4 Mon Sep 17 00:00:00 2001 From: Aniket <148300120+Aniketsy@users.noreply.github.com> Date: Mon, 4 May 2026 18:36:21 +0530 Subject: [PATCH 2/4] Update .github/workflows/main.yaml --- .github/workflows/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index b6df9a1d51..d8357214f4 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -78,7 +78,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} - name: Upload test results to Codecov if: ${{ !cancelled() }} - uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1 + uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1 with: token: ${{ secrets.CODECOV_TOKEN }} - name: Upload torchlib error reports From df7077b1eda5a2f1b2156ef212f4995af4315a26 Mon Sep 17 00:00:00 2001 From: Aniket <148300120+Aniketsy@users.noreply.github.com> Date: Mon, 4 May 2026 18:36:31 +0530 Subject: [PATCH 3/4] Update .github/workflows/main.yaml --- .github/workflows/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index d8357214f4..e8a08b232a 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -59,7 +59,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Python ${{ matrix.python-version }} - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 with: python-version: ${{ matrix.python-version }} - name: Install nox From c6a45415a663ca1d6b99d7002f1441ccc8b63caf Mon Sep 17 00:00:00 2001 From: Aniket <148300120+Aniketsy@users.noreply.github.com> Date: Wed, 6 May 2026 15:49:22 +0530 Subject: [PATCH 4/4] Update .github/workflows/lint.yaml --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index d574034dc9..0da2d8be0f 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -79,7 +79,7 @@ jobs: # To toggle linter comments in the files page, press `i` on the keyboard if: always() continue-on-error: true - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@ed410739ba306e4ebe5e123421a6bd694e494a2 # v4 with: # Path to SARIF file relative to the root of the repository sarif_file: lintrunner.sarif