From 63c02bb820b9aec7d7c780474153e6d30a316aa4 Mon Sep 17 00:00:00 2001 From: mhucka Date: Sun, 23 Nov 2025 00:48:04 +0000 Subject: [PATCH 1/3] Update versions of GitHub Actions used in workflows --- .github/workflows/ci.yaml | 20 ++++++++++---------- .github/workflows/cirq_compatibility.yml | 2 +- .github/workflows/osv-scanner.yaml | 12 ++++++------ .github/workflows/pr-labeler.yaml | 2 +- .github/workflows/scorecard-scanner.yaml | 8 ++++---- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2e383f21f..4a9106311 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -62,7 +62,7 @@ jobs: timeout-minutes: 20 steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -97,7 +97,7 @@ jobs: timeout-minutes: 15 steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -118,7 +118,7 @@ jobs: timeout-minutes: 15 steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -140,7 +140,7 @@ jobs: timeout-minutes: 15 steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -164,7 +164,7 @@ jobs: timeout-minutes: 15 steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -187,7 +187,7 @@ jobs: timeout-minutes: 15 steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -225,7 +225,7 @@ jobs: - '3.13' steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: submodules: recursive @@ -311,7 +311,7 @@ jobs: parallel_opt: [openmp, nopenmp] steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: submodules: recursive @@ -366,7 +366,7 @@ jobs: tests:all steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: submodules: recursive @@ -418,7 +418,7 @@ jobs: BUILDKIT_PROGRESS: ${{inputs.debug && 'plain'}} steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: submodules: recursive diff --git a/.github/workflows/cirq_compatibility.yml b/.github/workflows/cirq_compatibility.yml index 79bdf56ed..271e953a4 100644 --- a/.github/workflows/cirq_compatibility.yml +++ b/.github/workflows/cirq_compatibility.yml @@ -40,7 +40,7 @@ jobs: timeout-minutes: 30 steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 1 submodules: recursive diff --git a/.github/workflows/osv-scanner.yaml b/.github/workflows/osv-scanner.yaml index 28df09ed3..b5e83a46c 100644 --- a/.github/workflows/osv-scanner.yaml +++ b/.github/workflows/osv-scanner.yaml @@ -62,7 +62,7 @@ jobs: SHELLOPTS: ${{inputs.debug && 'xtrace' || '' }} steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -73,7 +73,7 @@ jobs: - name: Run OSV scanner on existing code # yamllint disable rule:line-length - uses: google/osv-scanner-action/osv-scanner-action@9bb69575e74019c2ad085a1860787043adf47ccb # v2.2.4 + uses: google/osv-scanner-action/osv-scanner-action@b77c075a1235514558f0eb88dbd31e22c45e0cd2 # v2.3.0 continue-on-error: true with: scan-args: |- @@ -91,7 +91,7 @@ jobs: - name: Run OSV scanner on new code # yamllint disable rule:line-length - uses: google/osv-scanner-action/osv-scanner-action@9bb69575e74019c2ad085a1860787043adf47ccb # v2.2.4 + uses: google/osv-scanner-action/osv-scanner-action@b77c075a1235514558f0eb88dbd31e22c45e0cd2 # v2.3.0 continue-on-error: true with: scan-args: |- @@ -103,7 +103,7 @@ jobs: - name: Run the OSV scanner reporter for the job summary page # yamllint disable rule:line-length - uses: google/osv-scanner-action/osv-reporter-action@9bb69575e74019c2ad085a1860787043adf47ccb # v2.2.4 + uses: google/osv-scanner-action/osv-reporter-action@b77c075a1235514558f0eb88dbd31e22c45e0cd2 # v2.3.0 with: scan-args: |- --output=markdown:output.md @@ -116,7 +116,7 @@ jobs: - name: Run the OSV scanner reporter for the code-scanning dashboard # yamllint disable rule:line-length - uses: google/osv-scanner-action/osv-reporter-action@9bb69575e74019c2ad085a1860787043adf47ccb # v2.2.4 + uses: google/osv-scanner-action/osv-reporter-action@b77c075a1235514558f0eb88dbd31e22c45e0cd2 # v2.3.0 with: scan-args: |- --output=osv-results.sarif @@ -128,7 +128,7 @@ jobs: - name: Upload results to the repository's code-scanning results dashboard id: upload_artifact # yamllint disable rule:line-length - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 + uses: github/codeql-action/upload-sarif@ba454b8ab46733eb6145342877cd148270bb77ab # codeql-bundle-v2.23.5 with: sarif_file: osv-results.sarif diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml index 2d2874d5d..f24cb42a6 100644 --- a/.github/workflows/pr-labeler.yaml +++ b/.github/workflows/pr-labeler.yaml @@ -61,7 +61,7 @@ jobs: SHELLOPTS: ${{inputs.debug && 'xtrace' || '' }} steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: sparse-checkout: | ./dev_tools/ci/size-labeler.sh diff --git a/.github/workflows/scorecard-scanner.yaml b/.github/workflows/scorecard-scanner.yaml index 40ce8b7f0..01f640c5d 100644 --- a/.github/workflows/scorecard-scanner.yaml +++ b/.github/workflows/scorecard-scanner.yaml @@ -57,7 +57,7 @@ jobs: timeout-minutes: 15 steps: - name: Check out a copy of the git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -73,11 +73,11 @@ jobs: - name: Upload results to code-scanning dashboard # yamllint disable rule:line-length - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 + uses: github/codeql-action/upload-sarif@ba454b8ab46733eb6145342877cd148270bb77ab # codeql-bundle-v2.23.5 with: sarif_file: scorecard-results.sarif - - if: github.event.inputs.debug == true + - if: github.event.inputs.debug == true || runner.debug == true name: Upload results as artifacts to the workflow Summary page # yamllint disable rule:line-length uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 @@ -91,7 +91,7 @@ jobs: write-summary: name: Scorecard results needs: run-scorecard - runs-on: ubuntu-24.04 + runs-on: ubuntu-slim timeout-minutes: 5 steps: - name: Write the Scorecard report page link to the workflow summary From 9840315813d9298484bd12c1dfabcbb18e84532c Mon Sep 17 00:00:00 2001 From: mhucka Date: Sun, 23 Nov 2025 01:25:24 +0000 Subject: [PATCH 2/3] Try to resolve linter error That shouldn't have been an error, but maybe something changed. --- .github/actions/set-up-bazel/action.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/actions/set-up-bazel/action.yaml b/.github/actions/set-up-bazel/action.yaml index acde37f61..536d6b256 100644 --- a/.github/actions/set-up-bazel/action.yaml +++ b/.github/actions/set-up-bazel/action.yaml @@ -27,7 +27,6 @@ inputs: default: true bazel-version: description: 'Version of Bazel to use:' - type: string required: false default: '' From ea5006b6732ae40a29dd98b4f01d53e1cb47bb8c Mon Sep 17 00:00:00 2001 From: mhucka Date: Sun, 23 Nov 2025 01:26:41 +0000 Subject: [PATCH 3/3] Try to resolve linter error That shouldn't have been an error, but maybe something changed. --- .github/actions/set-up-bazel/action.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/actions/set-up-bazel/action.yaml b/.github/actions/set-up-bazel/action.yaml index 536d6b256..8c0b8acf1 100644 --- a/.github/actions/set-up-bazel/action.yaml +++ b/.github/actions/set-up-bazel/action.yaml @@ -22,7 +22,6 @@ description: Installs Bazel and sets up multiple caches inputs: debug: description: 'Run with debugging options' - type: boolean required: false default: true bazel-version: