diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index 2567ab6..8a8031e 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: enable-cache: false @@ -38,10 +38,10 @@ jobs: echo "codes=$(uvx toml2json ./ruff.toml | jq -r '.lint.ignore | map(select(test("^S\\d+"))) | join(",")')" >> "$GITHUB_OUTPUT" - name: Perform Bandit Analysis using Ruff - uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3.6.1 + uses: astral-sh/ruff-action@0ce1b0bf8b818ef400413f810f8a11cdbda0034b # v4.0.0 with: args: "check --select S --ignore ${{ steps.ignore-codes.outputs.codes }} --output-format sarif --output-file results.sarif" - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v4.35.1 + uses: github/codeql-action/upload-sarif@v4.35.3 with: sarif_file: results.sarif diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 70a9e51..04328be 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -59,7 +59,7 @@ jobs: # xref: https://github.com/orgs/community/discussions/42856#discussioncomment-7678867 - name: Adding additional GHA cache-related env vars - uses: actions/github-script@v8 + uses: actions/github-script@v9 with: script: | core.exportVariable('ACTIONS_CACHE_SERVICE_V2', 'on'); @@ -127,7 +127,7 @@ jobs: pip install twine - name: Build nvmath-python wheel - uses: pypa/cibuildwheel@ee02a1537ce3071a004a6b08c41e72f0fdc42d9a # v3.4.0 + uses: pypa/cibuildwheel@8d2b08b68458a16aeb24b64e68a09ab1c8e82084 # v3.4.1 with: package-dir: . output-dir: ${{ env.NVMATH_PYTHON_ARTIFACTS_DIR }} @@ -203,7 +203,7 @@ jobs: twine check --strict ${{ env.NVMATH_PYTHON_ARTIFACTS_DIR }}/*.whl - name: Upload nvmath-python build artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ env.NVMATH_PYTHON_ARTIFACT_NAME }} path: ${{ env.NVMATH_PYTHON_ARTIFACTS_DIR }}/*.whl diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0bde485..b72779c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,13 +31,13 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@34950e1b113b30df4edee1a6d3a605242df0c40b # v3.31.8 + uses: github/codeql-action/init@a723e99345b89ee0bbcbd68ee4e63f9a56b42a25 # v3.31.8 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} queries: security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@34950e1b113b30df4edee1a6d3a605242df0c40b # v3.31.8 + uses: github/codeql-action/analyze@a723e99345b89ee0bbcbd68ee4e63f9a56b42a25 # v3.31.8 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/test-sdist-linux.yml b/.github/workflows/test-sdist-linux.yml index 10bc2e2..d8c9ef1 100644 --- a/.github/workflows/test-sdist-linux.yml +++ b/.github/workflows/test-sdist-linux.yml @@ -41,13 +41,13 @@ jobs: # nvmath.bindings contains Cython extensions that need CTK headers at # wheel-from-sdist time. This uses sccache to speed up repeat builds. - name: Enable sccache - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # 0.0.9 + uses: mozilla-actions/sccache-action@9e7fa8a12102821edf02ca5dbea1acd0f89a2696 # 0.0.10 with: disable_annotations: 'true' # xref: https://github.com/orgs/community/discussions/42856#discussioncomment-7678867 - name: Adding additional GHA cache-related env vars - uses: actions/github-script@v8 + uses: actions/github-script@v9 with: script: | core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL'])