From 55857fa3567fc6f945d6557a10403096d58cf59b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:48:54 +0000 Subject: [PATCH 1/2] Bump the actions-dependencies group across 1 directory with 10 updates Bumps the actions-dependencies group with 10 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.3` | `5.0.4` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.44.0` | `1.45.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | | [Schneegans/dynamic-badges-action](https://github.com/schneegans/dynamic-badges-action) | `1.7.0` | `1.8.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` | Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128) Updates `actions/cache` from 5.0.3 to 5.0.4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `crate-ci/typos` from 1.44.0 to 1.45.0 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](https://github.com/crate-ci/typos/compare/631208b7aac2daa8b707f55e7331f9112b0e062d...02ea592e44b3a53c302f697cddca7641cd051c3d) Updates `github/codeql-action` from 4.32.6 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...c10b8064de6f491fea524254123dbe5e09572f13) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `Schneegans/dynamic-badges-action` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/schneegans/dynamic-badges-action/releases) - [Changelog](https://github.com/Schneegans/dynamic-badges-action/blob/master/changelog.md) - [Commits](https://github.com/schneegans/dynamic-badges-action/compare/e9a478b16159b4d31420099ba146cdc50f134483...0e50b8bad39e7e1afd3e4e9c2b7dd145fad07501) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121) Updates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](https://github.com/actions/upload-pages-artifact/compare/7b1f4a764d45c48632c6b24a0339c27f5614fb0b...fc324d3547104276b827a68afc52ff2a11cc49c9) --- updated-dependencies: - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-dependencies - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-dependencies - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: crate-ci/typos dependency-version: 1.45.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-dependencies - dependency-name: Schneegans/dynamic-badges-action dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/docs.yml | 2 +- .github/workflows/nightly.yml | 8 ++++---- .github/workflows/reusable_basic.yml | 6 +++--- .github/workflows/reusable_benchmarks.yml | 4 ++-- .github/workflows/reusable_checks.yml | 2 +- .github/workflows/reusable_codeql.yml | 8 ++++---- .github/workflows/reusable_compatibility.yml | 4 ++-- .github/workflows/reusable_coverage.yml | 6 +++--- .github/workflows/reusable_dax.yml | 2 +- .github/workflows/reusable_dockers_build.yml | 2 +- .github/workflows/reusable_docs_build.yml | 2 +- .github/workflows/reusable_fast.yml | 4 ++-- .github/workflows/reusable_gpu.yml | 6 +++--- .github/workflows/reusable_multi_numa.yml | 2 +- .github/workflows/reusable_proxy_lib.yml | 2 +- .github/workflows/reusable_qemu.yml | 2 +- .github/workflows/reusable_trivy.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 18 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 196fae109..0b63042e0 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -37,4 +37,4 @@ jobs: steps: - name: Deploy the documentation to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b1c583b5c..67a8a7a14 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -131,7 +131,7 @@ jobs: fetch-depth: 0 - name: Restore vcpkg cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: cache with: path: vcpkg_pkgs_cache.zip @@ -243,7 +243,7 @@ jobs: - name: Save vcpkg cache if: steps.cache.outputs.cache-hit != 'true' - uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{github.workspace}}/vcpkg_pkgs_cache.zip key: ${{ steps.cache.outputs.cache-primary-key }} @@ -273,7 +273,7 @@ jobs: fetch-depth: 0 - name: Restore vcpkg cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: cache with: path: vcpkg_pkgs_cache.zip @@ -354,7 +354,7 @@ jobs: - name: Save vcpkg cache if: steps.cache.outputs.cache-hit != 'true' - uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{github.workspace}}/vcpkg_pkgs_cache.zip key: ${{ steps.cache.outputs.cache-primary-key }} diff --git a/.github/workflows/reusable_basic.yml b/.github/workflows/reusable_basic.yml index a54262411..24c20e133 100644 --- a/.github/workflows/reusable_basic.yml +++ b/.github/workflows/reusable_basic.yml @@ -185,7 +185,7 @@ jobs: mkdir -p ${{env.COVERAGE_DIR}} mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}} - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ matrix.build_type == 'Debug' && matrix.compiler.c == 'gcc' }} with: name: ${{env.COVERAGE_NAME}}-${{matrix.os}}-shared-${{matrix.shared_library}} @@ -286,7 +286,7 @@ jobs: arch: x64 - name: Restore vcpkg cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: cache with: path: vcpkg_pkgs_cache.zip @@ -436,7 +436,7 @@ jobs: - name: Save vcpkg cache if: steps.cache.outputs.cache-hit != 'true' - uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{github.workspace}}/vcpkg_pkgs_cache.zip key: ${{ steps.cache.outputs.cache-primary-key }} diff --git a/.github/workflows/reusable_benchmarks.yml b/.github/workflows/reusable_benchmarks.yml index 1a2d2e0fd..6998a5281 100644 --- a/.github/workflows/reusable_benchmarks.yml +++ b/.github/workflows/reusable_benchmarks.yml @@ -59,7 +59,7 @@ jobs: echo "bench_params=$params" >> $GITHUB_ENV - name: Add comment to PR - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: ${{ always() && inputs.pr_no != 0 }} with: script: | @@ -214,7 +214,7 @@ jobs: run: cat ${{ github.workspace }}/benchmark_results.md || true - name: Add comment to PR - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: ${{ always() && inputs.pr_no != 0 }} with: script: | diff --git a/.github/workflows/reusable_checks.yml b/.github/workflows/reusable_checks.yml index 7c4f07afa..af8089ee9 100644 --- a/.github/workflows/reusable_checks.yml +++ b/.github/workflows/reusable_checks.yml @@ -57,7 +57,7 @@ jobs: ./scripts/check_license/check_headers.sh . "Apache-2.0 WITH LLVM-exception" -v - name: Run a spell check - uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0 + uses: crate-ci/typos@02ea592e44b3a53c302f697cddca7641cd051c3d # v1.45.0 with: config: ./.github/workflows/.spellcheck-conf.toml diff --git a/.github/workflows/reusable_codeql.yml b/.github/workflows/reusable_codeql.yml index b7bb1ab7f..c35e05d04 100644 --- a/.github/workflows/reusable_codeql.yml +++ b/.github/workflows/reusable_codeql.yml @@ -41,14 +41,14 @@ jobs: python-version: "3.10" - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: cpp trap-caching: false - name: "[Win] Restore vcpkg cache" if: matrix.os == 'windows-latest' - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: cache with: path: vcpkg_pkgs_cache.zip @@ -108,7 +108,7 @@ jobs: run: cmake --build ${{env.BUILD_DIR}} --config Release -j - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - name: "[Win] Prepare vcpkg cache" if: matrix.os == 'windows-latest' && steps.cache.outputs.cache-hit != 'true' @@ -117,7 +117,7 @@ jobs: - name: "[Win] Save vcpkg cache" if: matrix.os == 'windows-latest' && steps.cache.outputs.cache-hit != 'true' - uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{github.workspace}}/vcpkg_pkgs_cache.zip key: ${{ steps.cache.outputs.cache-primary-key }} diff --git a/.github/workflows/reusable_compatibility.yml b/.github/workflows/reusable_compatibility.yml index 409c75a4e..afc7a1c43 100644 --- a/.github/workflows/reusable_compatibility.yml +++ b/.github/workflows/reusable_compatibility.yml @@ -150,7 +150,7 @@ jobs: path: ${{github.workspace}}/tag_version - name: Restore vcpkg cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: cache with: path: vcpkg_pkgs_cache.zip @@ -292,7 +292,7 @@ jobs: - name: Save vcpkg cache if: steps.cache.outputs.cache-hit != 'true' - uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{github.workspace}}/vcpkg_pkgs_cache.zip key: ${{ steps.cache.outputs.cache-primary-key }} diff --git a/.github/workflows/reusable_coverage.yml b/.github/workflows/reusable_coverage.yml index fec123855..481a97eb0 100644 --- a/.github/workflows/reusable_coverage.yml +++ b/.github/workflows/reusable_coverage.yml @@ -32,7 +32,7 @@ jobs: sudo apt-get install -y lcov - name: Download all coverage artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: exports-coverage-* path: coverage @@ -51,7 +51,7 @@ jobs: echo "COV_OUT=$(tail -n1 output.txt | grep -oP "lines[.]+: [\d.]+%" | cut -d ' ' -f2 | tr -d '%')" >> $GITHUB_OUTPUT - name: Upload coverage report - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage_html_report path: coverage/coverage_report @@ -59,7 +59,7 @@ jobs: # Only update the badge on push (event is passed only for total coverage) - name: Update coverity badge if: ${{ success() && inputs.trigger == 'push' }} - uses: Schneegans/dynamic-badges-action@e9a478b16159b4d31420099ba146cdc50f134483 # v1.7.0 + uses: Schneegans/dynamic-badges-action@0e50b8bad39e7e1afd3e4e9c2b7dd145fad07501 # v1.8.0 with: auth: ${{ secrets.BB_GIST_TOKEN }} gistID: 3f66c77d7035df39aa75dda8a2ac75b3 diff --git a/.github/workflows/reusable_dax.yml b/.github/workflows/reusable_dax.yml index 3e95b038a..57cec5f13 100644 --- a/.github/workflows/reusable_dax.yml +++ b/.github/workflows/reusable_dax.yml @@ -142,7 +142,7 @@ jobs: mkdir -p ${{env.COVERAGE_DIR}} mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}} - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ matrix.build_type == 'Debug' }} with: name: ${{env.COVERAGE_NAME}}-shared-${{matrix.shared_library}} diff --git a/.github/workflows/reusable_dockers_build.yml b/.github/workflows/reusable_dockers_build.yml index 46a266f00..5b909bafe 100644 --- a/.github/workflows/reusable_dockers_build.yml +++ b/.github/workflows/reusable_dockers_build.yml @@ -34,7 +34,7 @@ jobs: # Login and push require login/pass to GHCR - omit these steps on forks - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' && github.repository == 'oneapi-src/unified-memory-framework' }} - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: bb-ur diff --git a/.github/workflows/reusable_docs_build.yml b/.github/workflows/reusable_docs_build.yml index ef8815aee..e1af3aebb 100644 --- a/.github/workflows/reusable_docs_build.yml +++ b/.github/workflows/reusable_docs_build.yml @@ -78,6 +78,6 @@ jobs: - name: Upload artifact if: ${{ inputs.upload == true }} - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: build/docs_build/generated/html diff --git a/.github/workflows/reusable_fast.yml b/.github/workflows/reusable_fast.yml index c495e1911..7dd2374db 100644 --- a/.github/workflows/reusable_fast.yml +++ b/.github/workflows/reusable_fast.yml @@ -109,7 +109,7 @@ jobs: fetch-depth: 0 - name: Restore vcpkg cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: cache with: path: vcpkg_pkgs_cache.zip @@ -185,7 +185,7 @@ jobs: - name: Save vcpkg cache if: steps.cache.outputs.cache-hit != 'true' - uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{github.workspace}}/vcpkg_pkgs_cache.zip key: ${{ steps.cache.outputs.cache-primary-key }} diff --git a/.github/workflows/reusable_gpu.yml b/.github/workflows/reusable_gpu.yml index 073ecbd28..cb52fd346 100644 --- a/.github/workflows/reusable_gpu.yml +++ b/.github/workflows/reusable_gpu.yml @@ -75,7 +75,7 @@ jobs: - name: "[Win] Restore vcpkg cache" if: matrix.os == 'Windows' - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: cache with: path: vcpkg_pkgs_cache.zip @@ -184,7 +184,7 @@ jobs: mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}} - name: "[Lin] Upload coverage" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ matrix.os == 'Ubuntu' }} with: name: ${{env.COVERAGE_NAME}}-shared-${{matrix.shared_library}} @@ -197,7 +197,7 @@ jobs: - name: "[Win] Save vcpkg cache" if: matrix.os == 'Windows' && steps.cache.outputs.cache-hit != 'true' - uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{github.workspace}}/vcpkg_pkgs_cache.zip key: ${{ steps.cache.outputs.cache-primary-key }} diff --git a/.github/workflows/reusable_multi_numa.yml b/.github/workflows/reusable_multi_numa.yml index 40eda6c2e..54cc3cf60 100644 --- a/.github/workflows/reusable_multi_numa.yml +++ b/.github/workflows/reusable_multi_numa.yml @@ -81,7 +81,7 @@ jobs: mkdir -p ${{env.COVERAGE_DIR}} mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}} - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ matrix.build_type == 'Debug' && matrix.os == 'ubuntu-22.04' }} with: name: ${{env.COVERAGE_NAME}}-${{matrix.os}}-shared-${{matrix.shared_library}} diff --git a/.github/workflows/reusable_proxy_lib.yml b/.github/workflows/reusable_proxy_lib.yml index 157f9ebc6..658d45f8c 100644 --- a/.github/workflows/reusable_proxy_lib.yml +++ b/.github/workflows/reusable_proxy_lib.yml @@ -87,7 +87,7 @@ jobs: mkdir -p ${{env.COVERAGE_DIR}} mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}} - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ matrix.build_type == 'Debug' }} with: name: ${{env.COVERAGE_NAME}}-proxy_lib_pool-${{matrix.proxy_lib_pool}} diff --git a/.github/workflows/reusable_qemu.yml b/.github/workflows/reusable_qemu.yml index e31874c70..5a0c89402 100644 --- a/.github/workflows/reusable_qemu.yml +++ b/.github/workflows/reusable_qemu.yml @@ -149,7 +149,7 @@ jobs: done ls -al ./coverage - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: exports-coverage-qemu-${{matrix.os}} path: coverage diff --git a/.github/workflows/reusable_trivy.yml b/.github/workflows/reusable_trivy.yml index 80f7d8150..b6edf7431 100644 --- a/.github/workflows/reusable_trivy.yml +++ b/.github/workflows/reusable_trivy.yml @@ -38,6 +38,6 @@ jobs: cat trivy-results.sarif - name: Upload results - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8d506693b..fc47824f2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -41,7 +41,7 @@ jobs: # Upload the results as artifacts to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # 7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # 7.0.1 with: name: Scorecard results path: scorecard_results.sarif @@ -49,6 +49,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: scorecard_results.sarif From 8dc8a3ccae22e475c54a3758d03c847a5b2e625d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Stolarczuk?= Date: Tue, 14 Apr 2026 10:38:27 +0200 Subject: [PATCH 2/2] [CI] zizmor fixes in benchmark's workflow --- .github/workflows/reusable_benchmarks.yml | 26 ++++++++++++++++------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/.github/workflows/reusable_benchmarks.yml b/.github/workflows/reusable_benchmarks.yml index 6998a5281..1bcf32fa6 100644 --- a/.github/workflows/reusable_benchmarks.yml +++ b/.github/workflows/reusable_benchmarks.yml @@ -49,6 +49,7 @@ jobs: steps: - name: Establish bench params + id: bench_params run: | params="${{ inputs.bench_script_params }}" if [ -n "${{ inputs.bench_script_compare }}" ]; then @@ -56,16 +57,19 @@ jobs: fi echo "params=$params" - echo "bench_params=$params" >> $GITHUB_ENV + echo "PARAMS=$params" >> $GITHUB_OUTPUT - name: Add comment to PR uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: ${{ always() && inputs.pr_no != 0 }} + env: + PR_NO: ${{ inputs.pr_no }} + PARAMS: ${{ steps.bench_params.outputs.PARAMS }} with: script: | - const pr_no = '${{ inputs.pr_no }}'; + const pr_no = '${PR_NO}'; const url = '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'; - const params = `${{ env.bench_params }}`; + const params = `${PARAMS}`; const body = `Compute Benchmarks run (with params: ${params}):\n${url}`; github.rest.issues.createComment({ @@ -199,6 +203,7 @@ jobs: env: LD_LIBRARY_PATH: ${{ env.SYCL_DIR }}/lib CPATH: ${{ env.SYCL_DIR }}/include + BENCH_PARAMS: ${{ steps.bench_params.outputs.PARAMS }} run: > taskset -c ${{ env.CORES }} ./sc/devops/scripts/benchmarks/main.py ~/bench_workdir_umf @@ -206,7 +211,7 @@ jobs: --output-markdown ${{ (inputs.compatibility == 0) && format('--umf {0}/ --timeout 3000 --output-html remote', env.BUILD_DIR) || '' }} ${{ (inputs.compatibility == 1) && format('--sycl {0} --timeout 7200', env.SYCL_DIR) || '' }} - ${{ env.bench_params }} + ${BENCH_PARAMS} # In case it failed to add a comment, we can still print the results. - name: Print benchmark results @@ -216,6 +221,11 @@ jobs: - name: Add comment to PR uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: ${{ always() && inputs.pr_no != 0 }} + env: + PR_NO: ${{ inputs.pr_no }} + BENCH_PARAMS: ${{ steps.bench_params.outputs.PARAMS }} + BENCH_OUTCOME: ${{ steps.benchmarks.outcome }} + JOB_STATUS: ${{ job.status }} with: script: | let markdown = "" @@ -225,11 +235,11 @@ jobs: } catch(err) { } - const pr_no = '${{ inputs.pr_no }}'; + const pr_no = '$PR_NO'; const url = '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'; - const test_status = '${{ steps.benchmarks.outcome }}'; - const job_status = '${{ job.status }}'; - const params = `${{ env.bench_params }}`; + const test_status = '${BENCH_OUTCOME}'; + const job_status = '${JOB_STATUS}'; + const params = `${BENCH_PARAMS}`; const body = `Compute Benchmarks run (${params}):\n${url}\nJob status: ${job_status}. Test status: ${test_status}.\n ${markdown}`; github.rest.issues.createComment({