From 1806c1651a0d3a3dfd6fedc050e6915e26eb0e80 Mon Sep 17 00:00:00 2001 From: Benjamin Bossan Date: Thu, 11 Sep 2025 11:12:23 +0200 Subject: [PATCH] CHORE Update and pin (commit hash) GitHub actions (#2779) Some GH actions didn't have a pinned commit hash while others did because of Zizmor. Now all actions have pinned commit hashes. --- .github/workflows/build_docker_images.yml | 8 ++++---- .github/workflows/build_documentation.yml | 2 +- .github/workflows/build_pr_documentation.yml | 2 +- .github/workflows/deploy_method_comparison_app.yml | 2 +- .github/workflows/integrations_tests.yml | 8 ++++---- .github/workflows/nightly-bnb.yml | 4 ++-- .github/workflows/nightly.yml | 4 ++-- .github/workflows/stale.yml | 4 ++-- .github/workflows/test-docker-build.yml | 4 ++-- .github/workflows/tests-main.yml | 4 ++-- .github/workflows/tests.yml | 12 ++++++------ .github/workflows/torch_compile_tests.yml | 2 +- .github/workflows/trufflehog.yml | 2 +- .github/workflows/upload_pr_documentation.yml | 2 +- .github/workflows/zizmor.yaml | 2 +- 15 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml index 3b039be5..98f5ee7d 100644 --- a/.github/workflows/build_docker_images.yml +++ b/.github/workflows/build_docker_images.yml @@ -24,7 +24,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Login to DockerHub @@ -57,7 +57,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Login to DockerHub @@ -90,7 +90,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Login to DockerHub @@ -123,7 +123,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Login to DockerHub diff --git a/.github/workflows/build_documentation.yml b/.github/workflows/build_documentation.yml index 42e7972b..650febf8 100644 --- a/.github/workflows/build_documentation.yml +++ b/.github/workflows/build_documentation.yml @@ -11,7 +11,7 @@ permissions: {} jobs: build: - uses: huggingface/doc-builder/.github/workflows/build_main_documentation.yml@main + uses: huggingface/doc-builder/.github/workflows/build_main_documentation.yml@ba4b74d11c46d884a4cf6497687c090f55f027d9 # main from 2025-09-05 with: commit_sha: ${{ github.sha }} package: peft diff --git a/.github/workflows/build_pr_documentation.yml b/.github/workflows/build_pr_documentation.yml index 3fe27e8a..c406681d 100644 --- a/.github/workflows/build_pr_documentation.yml +++ b/.github/workflows/build_pr_documentation.yml @@ -11,7 +11,7 @@ permissions: {} jobs: build: - uses: huggingface/doc-builder/.github/workflows/build_pr_documentation.yml@main + uses: huggingface/doc-builder/.github/workflows/build_pr_documentation.yml@ba4b74d11c46d884a4cf6497687c090f55f027d9 # main from 2025-09-05 with: commit_sha: ${{ github.event.pull_request.head.sha }} pr_number: ${{ github.event.number }} diff --git a/.github/workflows/deploy_method_comparison_app.yml b/.github/workflows/deploy_method_comparison_app.yml index a86ba351..e1f8b3dd 100644 --- a/.github/workflows/deploy_method_comparison_app.yml +++ b/.github/workflows/deploy_method_comparison_app.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 # full history needed for subtree persist-credentials: false diff --git a/.github/workflows/integrations_tests.yml b/.github/workflows/integrations_tests.yml index 3d61c8d9..a1f5dd0e 100644 --- a/.github/workflows/integrations_tests.yml +++ b/.github/workflows/integrations_tests.yml @@ -17,13 +17,13 @@ jobs: transformers-version: ['main', 'latest'] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.event.inputs.branch }} repository: ${{ github.event.pull_request.head.repo.full_name }} persist-credentials: false - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.10" cache: "pip" @@ -54,13 +54,13 @@ jobs: diffusers-version: ['main'] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.event.inputs.branch }} repository: ${{ github.event.pull_request.head.repo.full_name }} persist-credentials: false - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.10" cache: "pip" diff --git a/.github/workflows/nightly-bnb.yml b/.github/workflows/nightly-bnb.yml index e633688d..c2944f33 100644 --- a/.github/workflows/nightly-bnb.yml +++ b/.github/workflows/nightly-bnb.yml @@ -33,7 +33,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Pip install @@ -158,7 +158,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Pip install diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 6039660d..dabfea90 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -30,7 +30,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Pip install @@ -80,7 +80,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Pip install diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 054c4b53..8c8398b2 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -17,12 +17,12 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: 3.11 diff --git a/.github/workflows/test-docker-build.yml b/.github/workflows/test-docker-build.yml index b7c111ad..5b3e4f58 100644 --- a/.github/workflows/test-docker-build.yml +++ b/.github/workflows/test-docker-build.yml @@ -16,7 +16,7 @@ jobs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Get changed files @@ -55,7 +55,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Build Docker image diff --git a/.github/workflows/tests-main.yml b/.github/workflows/tests-main.yml index 959ca2c1..c3ef140b 100644 --- a/.github/workflows/tests-main.yml +++ b/.github/workflows/tests-main.yml @@ -15,11 +15,11 @@ jobs: tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Python 3.11 - uses: actions/setup-python@v4 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: 3.11 cache: "pip" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 88b1d2b7..163ebb0c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -19,11 +19,11 @@ jobs: check_code_quality: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.11" cache: "pip" @@ -45,11 +45,11 @@ jobs: os: ["ubuntu-latest", "macos-13", "windows-latest"] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Model cache - uses: actions/cache/restore@v4 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: # Avoid caching HF_HOME/modules and Python cache files to prevent interoperability # issues and potential cache poisioning. We also avoid lock files to prevent runs @@ -68,7 +68,7 @@ jobs: [ -f "$(which shasum)" ] && SHASUM=shasum find "${{ env.HF_HOME }}/hub" -type f -exec "$SHASUM" {} \; > cache_content_initial || true - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ matrix.python-version }} cache: "pip" @@ -122,7 +122,7 @@ jobs: # make sure that cache cleaning doesn't break the pipeline python scripts/ci_clean_cache.py -d || true - name: Update model cache - uses: actions/cache/save@v4 + uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 # Only let one runner (preferably the one that covers most tests) update the model cache # after *every* run. This way we make sure that our cache is never outdated and we don't # have to keep track of hashes. diff --git a/.github/workflows/torch_compile_tests.yml b/.github/workflows/torch_compile_tests.yml index 02243de6..5f5b0565 100644 --- a/.github/workflows/torch_compile_tests.yml +++ b/.github/workflows/torch_compile_tests.yml @@ -35,7 +35,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.event.inputs.branch }} repository: ${{ github.event.pull_request.head.repo.full_name }} diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 6a146980..099b7766 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml index 7659af7e..0d9eadf8 100644 --- a/.github/workflows/upload_pr_documentation.yml +++ b/.github/workflows/upload_pr_documentation.yml @@ -10,7 +10,7 @@ permissions: {} jobs: build: - uses: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml@main + uses: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml@ba4b74d11c46d884a4cf6497687c090f55f027d9 # main from 2025-09-05 with: package_name: peft secrets: diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 3984c996..b5d7d8b4 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -19,7 +19,7 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Install zizmor