[SPARK-56724][INFRA] Make docker/* GitHub Actions up-to-date#55687
Closed
dongjoon-hyun wants to merge 1 commit into
Closed
[SPARK-56724][INFRA] Make docker/* GitHub Actions up-to-date#55687dongjoon-hyun wants to merge 1 commit into
docker/* GitHub Actions up-to-date#55687dongjoon-hyun wants to merge 1 commit into
Conversation
Member
Author
|
Could you review this PR, too, @peter-toth ? The CI failure is irrelevant . |
peter-toth
approved these changes
May 5, 2026
Member
Author
|
Thank you! Merged to master. |
dongjoon-hyun
added a commit
to apache/spark-docker
that referenced
this pull request
May 7, 2026
… hashes ### What changes were proposed in this pull request? This PR updates all `docker/*` GitHub Actions in `.github/workflows/main.yml` from major version tags to ASF-approved commit hashes registered in [`apache/infrastructure-actions/approved_patterns.yml`](https://raw.githubusercontent.com/apache/infrastructure-actions/main/approved_patterns.yml). | Action | Before | After (latest approved) | |---|---|---| | `docker/setup-qemu-action` | `v3` | `ce360397dd3f832beb865e1373c09c0e9f86d70a` (v4.0.0) | | `docker/setup-buildx-action` | `v2` | `4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd` (v4.0.0) | | `docker/build-push-action` (×3) | `v3` | `bcafcacb16a39f128d818304e6c9c0c18556b85f` (v7.1.0) | | `docker/login-action` (×2) | `v2` | `4907a6ddec9925e35a0a9e82d7399ccc52663121` (v4.1.0) | ### Why are the changes needed? ASF Infrastructure policy requires GitHub Actions to be pinned to commit hashes listed in `approved_patterns.yml`. The current `docker/*` references use legacy major version tags (`v2`/`v3`) that are out of compliance and several major versions behind upstream. Currently, CI is broken. > The actions docker/setup-qemu-actionv3, docker/setup-buildx-actionv2, docker/build-push-actionv3, and docker/login-actionv2 are not allowed in apache/spark-docker because all actions must be from a repository owned by your enterprise, created by GitHub, or match one of the patterns: For other Apache Spark repositories, we updated already but `spark-docker` seems to be outdated. - apache/spark#55687 - apache/spark-kubernetes-operator#651 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs. ### Was this patch authored or co-authored using generative AI tooling? Generated-by: Claude Opus 4.7 (1M context) Closes #110 from dongjoon-hyun/dongjoon/trusting-sinoussi-78ed6b. Authored-by: Dongjoon Hyun <dongjoon@apache.org> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
This PR upgrades four
docker/*GitHub Actions to the latest commit hashes approved by the Apache Software Foundation ininfrastructure-actions/approved_patterns.yml:docker/build-push-action10e90e3645eae34f1e60eeb005ba3a3d33f178e8(v6.19.2)bcafcacb16a39f128d818304e6c9c0c18556b85f(v7.1.0)docker/login-actionc94ce9fb468520275223c153574b00df6fe4bcc9(v3.7.0)4907a6ddec9925e35a0a9e82d7399ccc52663121(v4.1.0)docker/setup-buildx-action8d2750c68a42422c14e847fe6c8ac0403b4cbd6f(v3.12.0)4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd(v4.0.0)docker/setup-qemu-action29109295f81e9208d7d86ff1c6c12d2833863392(v3.6.0)ce360397dd3f832beb865e1373c09c0e9f86d70a(v4.0.0)Updated workflow files (25 references in total):
.github/workflows/build_and_test.yml(8 references).github/workflows/build_infra_images_cache.yml(17 references)Why are the changes needed?
The previously pinned hashes were one major version behind upstream and predate the Node.js 20 runtime that Docker actions require going forward. Apache Infrastructure has already approved the newer hashes in
approved_patterns.yml, so this PR brings Apache Spark's Docker actions onto the supported baseline while keeping ASF policy compliance.Does this PR introduce any user-facing change?
No. CI-only change; no Spark runtime, API, or release artifact is affected.
How was this patch tested?
Pass the CIs.
Was this patch authored or co-authored using generative AI tooling?
Generated-by: Claude Code (claude-opus-4-7)