frozenleaves/pytorch
1
0
Fork 0
mirror of https://github.com/pytorch/pytorch.git synced 2025-10-20 12:54:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Pin to SHA for actions outside of PyTorch (#152110)

Browse Source 
Pin actions from repos external to the PyTorch project to their shasums for security. This is a best practice as Git tags are not immutable.

https://openssf.org/blog/2024/08/12/mitigating-attack-vectors-in-github-workflows/

Pull Request resolved: https://github.com/pytorch/pytorch/pull/152110
Approved by: https://github.com/seemethere, https://github.com/ZainRizvi
This commit is contained in:
Thanh Ha
2025-04-28 17:57:28 +00:00
committed by PyTorch MergeBot
parent 2246cb6e14
commit 79e8dc7d53
46 changed files with 122 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/_binary-build-linux.yml vendored
View File

@ -185,7 +185,7 @@ jobs:
fi
- name: Checkout PyTorch to pytorch dir
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
submodules: recursive
@ -213,7 +213,7 @@ jobs:
- name: configure aws credentials
id: aws_creds
if: ${{ steps.filter.outputs.is-test-matrix-empty == 'False' && inputs.build_environment != 'linux-s390x-binary-manywheel' && startsWith(github.event.ref, 'refs/tags/ciflow/') }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_s3_and_ecr_read_only
aws-region: us-east-1
@ -283,7 +283,7 @@ jobs:
# Ensure the working directory gets chowned back to the current user
docker run --rm -v "${RUNNER_TEMP}/artifacts:/v" -w /v "${ALPINE_IMAGE}" chown -R "$(id -u):$(id -g)" .
- uses: actions/upload-artifact@v4.4.0
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
if: ${{ steps.filter.outputs.is-test-matrix-empty == 'False' }}
with:
name: ${{ inputs.build_name }}

6
.github/workflows/_binary-test-linux.yml vendored
View File

@ -162,7 +162,7 @@ jobs:
mkdir "${GITHUB_WORKSPACE}"
- name: Checkout PyTorch to pytorch dir
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
submodules: recursive
@ -189,7 +189,7 @@ jobs:
- name: Download Build Artifacts
if: ${{ steps.filter.outputs.is-test-matrix-empty == 'False' }}
uses: actions/download-artifact@v4.1.7
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ inputs.build_name }}
path: "${{ runner.temp }}/artifacts/"
@ -201,7 +201,7 @@ jobs:
- name: configure aws credentials
id: aws_creds
if: ${{ steps.filter.outputs.is-test-matrix-empty == 'False' && inputs.build_environment != 'linux-s390x-binary-manywheel' && startsWith(github.event.ref, 'refs/tags/ciflow/') }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_s3_and_ecr_read_only
aws-region: us-east-1

6
.github/workflows/_binary-upload.yml vendored
View File

@ -95,14 +95,14 @@ jobs:
- name: Configure AWS credentials(PyTorch account) for nightly
if: ${{ github.event_name == 'push' && github.event.ref == 'refs/heads/nightly' }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels
aws-region: us-east-1
- name: Configure AWS credentials(PyTorch account) for RC builds
if: ${{ github.event_name == 'push' && (startsWith(github.event.ref, 'refs/tags/') && !startsWith(github.event.ref, 'refs/tags/ciflow/')) }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels
aws-region: us-east-1
@ -112,7 +112,7 @@ jobs:
# NB: When the previous build job is skipped, there won't be any artifacts and
# this step will fail. Binary build jobs can only be skipped on CI, not nightly
continue-on-error: true
uses: actions/download-artifact@v4.1.7
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ inputs.build_name }}
path: "${{ runner.temp }}/artifacts/"

10
.github/workflows/_docs.yml vendored
View File

@ -102,7 +102,7 @@ jobs:
- name: configure aws credentials
if : ${{ inputs.aws-role-to-assume != '' }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: ${{ inputs.aws-role-to-assume }}
role-session-name: gha-linux-test
@ -185,14 +185,14 @@ jobs:
- name: configure aws credentials
if : ${{ inputs.upload-aws-role-to-assume != '' }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: ${{ inputs.upload-aws-role-to-assume }}
role-session-name: gha-linux-test
aws-region: us-east-1
- name: Upload Python Docs Preview
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
if: ${{ github.event_name == 'pull_request' && matrix.docs_type == 'python' && steps.build-docs.outcome == 'success' }}
with:
retention-days: 14
@ -202,7 +202,7 @@ jobs:
s3-prefix: pytorch/pytorch/${{ github.event.pull_request.number }}
- name: Upload C++ Docs Preview
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
if: ${{ github.event_name == 'pull_request' && matrix.docs_type == 'cpp' && steps.build-docs.outcome == 'success' }}
with:
retention-days: 14
@ -212,7 +212,7 @@ jobs:
s3-prefix: pytorch/pytorch/${{ github.event.pull_request.number }}/cppdocs
- name: Upload functorch Docs Preview
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
if: ${{ github.event_name == 'pull_request' && matrix.docs_type == 'functorch' && steps.build-docs.outcome == 'success' }}
with:
retention-days: 14

6
.github/workflows/_linux-build.yml vendored
View File

@ -125,7 +125,7 @@ jobs:
if: inputs.build-environment != 'linux-s390x-binary-manywheel'
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
if: ${{ inputs.aws-role-to-assume != '' && inputs.build-environment != 'linux-s390x-binary-manywheel' }}
with:
role-to-assume: ${{ inputs.aws-role-to-assume }}
@ -286,7 +286,7 @@ jobs:
zip -1 -r artifacts.zip dist/ build/custom_test_artifacts build/lib build/bin .additional_ci_files
- name: Store PyTorch Build Artifacts on S3
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
if: inputs.build-generates-artifacts && steps.build.outcome != 'skipped' && inputs.build-environment != 'linux-s390x-binary-manywheel'
with:
name: ${{ inputs.build-environment }}
@ -296,7 +296,7 @@ jobs:
s3-bucket: ${{ inputs.s3-bucket }}
- name: Store PyTorch Build Artifacts for s390x
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: inputs.build-generates-artifacts && steps.build.outcome != 'skipped' && inputs.build-environment == 'linux-s390x-binary-manywheel'
with:
name: ${{ inputs.build-environment }}

4
.github/workflows/_linux-test.yml vendored
View File

@ -99,7 +99,7 @@ jobs:
- name: configure aws credentials
if : ${{ inputs.aws-role-to-assume != '' && inputs.build-environment != 'linux-s390x-binary-manywheel' }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: ${{ inputs.aws-role-to-assume }}
role-session-name: gha-linux-test
@ -408,7 +408,7 @@ jobs:
find . -iname "core.[1-9]*" -exec docker exec "${DOCKER_CONTAINER_ID}" sh -c "gdb python {} -ex 'bt' -ex 'q'" \;
- name: Store Core dumps on S3
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
if: failure()
with:
name: coredumps-${{ matrix.config }}-${{ matrix.shard }}-${{ matrix.num_shards }}-${{ matrix.runner }}

6
.github/workflows/_mac-build.yml vendored
View File

@ -89,7 +89,7 @@ jobs:
pip-requirements-file: .github/requirements/pip-requirements-${{ runner.os }}.txt
- name: Install sccache (only for non-forked PRs, and pushes to trunk)
uses: nick-fields/retry@v3.0.0
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
if: ${{ github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository }}
with:
timeout_minutes: 5
@ -171,7 +171,7 @@ jobs:
zip -1 -r artifacts.zip dist/ build/.ninja_log build/compile_commands.json .additional_ci_files
- name: Store PyTorch Build Artifacts on GHA
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: inputs.build-generates-artifacts && steps.build.outcome != 'skipped'
with:
name: ${{ env.BUILD_ENVIRONMENT }}
@ -180,7 +180,7 @@ jobs:
path: artifacts.zip
- name: Upload sccache stats to GHA
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
# Only if sccache is installed, see above
if: ${{ (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && steps.build.outcome != 'skipped' }}
with:

2
.github/workflows/_mac-test-mps.yml vendored
View File

@ -66,7 +66,7 @@ jobs:
sysctl machdep.cpu.brand_string kern.osproductversion
- name: Checkout PyTorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
show-progress: false

8
.github/workflows/_rocm-test.yml vendored
View File

@ -79,7 +79,7 @@ jobs:
- name: configure aws credentials
id: aws_creds
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_s3_and_ecr_read_only
aws-region: us-east-1
@ -88,7 +88,7 @@ jobs:
- name: Login to Amazon ECR
id: login-ecr
continue-on-error: true
uses: aws-actions/amazon-ecr-login@v2
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
- name: Calculate docker image
id: calculate-docker-image
@ -285,7 +285,7 @@ jobs:
find . -iname "core.[1-9]*" -exec docker exec "${CONTAINER_NAME}" sh -c "gdb python {} -ex 'bt' -ex 'q'" \;
- name: Store Core dumps on GitHub
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: failure()
with:
name: coredumps-${{ matrix.config }}-${{ matrix.shard }}-${{ matrix.num_shards }}-${{ matrix.runner }}
@ -294,7 +294,7 @@ jobs:
path: ./**/core.[1-9]*
- name: Authenticate with AWS
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_upload-benchmark-results
# The max duration enforced by the server side

2
.github/workflows/_win-build.yml vendored
View File

@ -173,7 +173,7 @@ jobs:
# Upload to github so that people can click and download artifacts
- name: Upload artifacts to s3
if: steps.build.outcome != 'skipped'
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
with:
retention-days: 14
if-no-files-found: error

4
.github/workflows/_win-test.yml vendored
View File

@ -96,7 +96,7 @@ jobs:
# TODO: Move to a requirements.txt file for windows
- name: Install pip dependencies
uses: nick-fields/retry@v3.0.0
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
shell: bash
timeout_minutes: 5
@ -117,7 +117,7 @@ jobs:
echo "monitor-script-pid=${!}" >> "${GITHUB_OUTPUT}"
- name: Download PyTorch Build Artifacts
uses: seemethere/download-artifact-s3@v4
uses: seemethere/download-artifact-s3@1da556a7aa0a088e3153970611f6c432d58e80e6 # v4.2.0
with:
name: ${{ inputs.build-environment }}
path: C:\${{ github.run_id }}\build-results

6
.github/workflows/_xpu-test.yml vendored
View File

@ -73,14 +73,14 @@ jobs:
- name: configure aws credentials
id: aws_creds
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_s3_and_ecr_read_only
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
- name: Calculate docker image
id: calculate-docker-image
@ -297,7 +297,7 @@ jobs:
docker stop "${{ env.CONTAINER_NAME }}"
- name: Store Core dumps on GitHub
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: failure()
with:
name: coredumps-${{ matrix.config }}-${{ matrix.shard }}-${{ matrix.num_shards }}-${{ matrix.runner }}

2
.github/workflows/assigntome-docathon.yml vendored
View File

@ -12,7 +12,7 @@ jobs:
issues: write
steps:
- name: Check for "/assigntome" in comment
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:

2
.github/workflows/auto_request_review.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
steps:
- name: Request review based on files changes and/or groups the author belongs to
# v0.7.0
uses: necojackarc/auto-request-review@e08cdffa277d50854744de3f76230260e61c67f4
uses: necojackarc/auto-request-review@e08cdffa277d50854744de3f76230260e61c67f4 # v0.7.0
with:
token: ${{ secrets.GITHUB_TOKEN }}

6
.github/workflows/build-magma-linux.yml vendored
View File

@ -37,20 +37,20 @@ jobs:
cuda_version: ["128", "126", "124", "118"]
steps:
- name: Checkout PyTorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Magma Cuda
working-directory: .ci/magma
run: |
# Produces artifacts under magma/output/linux-64/magma-cuda*.bz2
make magma-cuda${{ matrix.cuda_version }}
- name: Save as artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
path: .ci/magma/output/linux-64/magma-cuda*.bz2
name: artifact_${{ matrix.cuda_version }}
- name: Configure AWS credentials(PyTorch account)
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_s3_ossci_linux_windows_read_write
aws-region: us-east-1

6
.github/workflows/build-magma-rocm-linux.yml vendored
View File

@ -37,20 +37,20 @@ jobs:
rocm_version: ["64", "63"]
steps:
- name: Checkout PyTorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Magma Rocm
working-directory: .ci/magma-rocm
run: |
# Produces artifacts under magma-rocm/output/linux-64/magma-rocm*.bz2
make magma-rocm${{ matrix.rocm_version }}
- name: Save as artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
path: .ci/magma-rocm/output/linux-64/magma-rocm*.bz2
name: artifact_${{ matrix.rocm_version }}
- name: Configure AWS credentials(PyTorch account)
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_s3_ossci_linux_windows_read_write
aws-region: us-east-1

10
.github/workflows/build-magma-windows.yml vendored
View File

@ -29,7 +29,7 @@ jobs:
CONFIG: ${{ matrix.config }}
steps:
- name: Checkout pytorch/pytorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Enable MSVC dev commands to enable cl.exe # FYI incompatible with shell: bash
uses: ilammy/msvc-dev-cmd@dd5e2fa0a7de1e7929605d9ecc020e749d9856a3
- name: Install CUDA Toolkit
@ -37,7 +37,7 @@ jobs:
- name: Build MAGMA and push to S3
run: .github/scripts/windows/build_magma.bat
- name: Save as artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
path: magma_*_cuda*_*.7z
name: artifact_${{ matrix.cuda_version }}_${{ matrix.config }}
@ -49,12 +49,12 @@ jobs:
needs: build-windows-magma
steps:
- name: Checkout PyTorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download all artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
- name: Configure AWS credentials(PyTorch account)
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_s3_ossci_linux_windows_read_write
aws-region: us-east-1

14
.github/workflows/build-triton-wheel.yml vendored
View File

@ -161,7 +161,7 @@ jobs:
fi
docker exec -t "${container_name}" chown -R 1000.1000 /artifacts/wheelhouse
- uses: actions/upload-artifact@v4.4.0
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: pytorch-triton-wheel-${{ matrix.py_vers }}-${{ matrix.device }}-${{ env.PLATFORM }}
if-no-files-found: error
@ -215,7 +215,7 @@ jobs:
# in https://github.com/actions/checkout/issues/1018
git config --global core.fsmonitor false
- name: Checkout PyTorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
submodules: false
@ -248,7 +248,7 @@ jobs:
.github/scripts/windows/build_triton.bat
mkdir -p "${RUNNER_TEMP}/artifacts/"
mv ./*.whl "${RUNNER_TEMP}/artifacts/"
- uses: actions/upload-artifact@v4.4.0
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: pytorch-triton-wheel-${{ matrix.py_vers }}-${{ matrix.device }}
if-no-files-found: error
@ -267,24 +267,24 @@ jobs:
image: continuumio/miniconda3:4.12.0
environment: ${{ (github.event_name == 'push' && github.event.ref == 'refs/heads/main') && 'nightly-wheel-upload' || '' }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Configure AWS credentials(PyTorch account) for main
if: ${{ github.event_name == 'push' && github.event.ref == 'refs/heads/main' }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels
aws-region: us-east-1
- name: Configure AWS credentials(PyTorch account) for RC builds
if: ${{ github.event_name == 'push' && (startsWith(github.event.ref, 'refs/tags/') && !startsWith(github.event.ref, 'refs/tags/ciflow/')) }}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels
aws-region: us-east-1
- name: Download Build Artifacts
uses: actions/download-artifact@v4.1.7
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
# Download all available artifacts
path: ${{ runner.temp }}/artifacts-all

2
.github/workflows/check-labels.yml vendored
View File

@ -44,7 +44,7 @@ jobs:
fetch-depth: 1
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.9'
architecture: x64

4
.github/workflows/check_mergeability_ghstack.yml vendored
View File

@ -10,7 +10,7 @@ jobs:
if: github.repository_owner == 'pytorch'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
@ -50,7 +50,7 @@ jobs:
fi
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.9'
cache: pip

4
.github/workflows/cherry-pick.yml vendored
View File

@ -14,13 +14,13 @@ jobs:
steps:
- name: Checkout repo
id: checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
token: ${{ secrets.GH_PYTORCHBOT_CHERRY_PICK_TOKEN }}
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.11'
cache: pip

12
.github/workflows/create_release.yml vendored
View File

@ -36,7 +36,7 @@ jobs:
outputs:
pt_release_name: ${{ steps.release_name.outputs.pt_release_name }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
show-progress: false
submodules: 'recursive'
@ -69,12 +69,12 @@ jobs:
echo "Created source archive $PT_RELEASE_FILE with content: $(ls -a "$PT_RELEASE_NAME")"
- name: Upload source distribution for release
if: ${{ github.event_name == 'release' }}
uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2
with:
files: ${{env.PT_RELEASE_FILE}}
- name: Upload source distribution to GHA artifacts for release tags
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && contains(github.ref, 'rc') }}
uses: actions/upload-artifact@v4.4.0
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: ${{ env.PT_RELEASE_FILE }}
path: ${{ env.PT_RELEASE_FILE }}
@ -93,15 +93,15 @@ jobs:
- get-label-type
- release
steps:
- uses: actions/download-artifact@v4.1.7
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ needs.release.outputs.pt_release_name }}
- name: Configure AWS credentials(PyTorch account)
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::749337293305:role/gha_pytorch_source_code_upload_role
aws-region: us-east-1
- uses: seemethere/upload-artifact-s3@v5
- uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
with:
s3-bucket: pytorch
s3-prefix: source_code/test

4
.github/workflows/delete_old_branches.yml vendored
View File

@ -22,12 +22,12 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.11'
architecture: x64

4
.github/workflows/docathon-sync-label.yml vendored
View File

@ -14,11 +14,11 @@ jobs:
pull-requests: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: 3.x
- name: Install dependencies

2
.github/workflows/docker-builds.yml vendored
View File

@ -117,7 +117,7 @@ jobs:
with:
docker-image: ${{ steps.build-docker-image.outputs.docker-image }}
- uses: nick-fields/retry@v3.0.0
- uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
name: Push to https://https://ghcr.io/
id: push-to-ghcr-io
if: ${{ github.event_name == 'push' }}

4
.github/workflows/docker-cache-mi300.yml vendored
View File

@ -26,7 +26,7 @@ jobs:
- name: configure aws credentials
id: aws_creds
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_s3_and_ecr_read_only
aws-region: us-east-1
@ -35,7 +35,7 @@ jobs:
- name: Login to Amazon ECR
id: login-ecr
continue-on-error: false
uses: aws-actions/amazon-ecr-login@v2
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
- name: Calculate docker image
id: calculate-docker-image

8
.github/workflows/docker-release.yml vendored
View File

@ -88,7 +88,7 @@ jobs:
# [see note: pytorch repo ref]
# deep clone (fetch-depth 0) required for git merge-base
- name: Checkout PyTorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
submodules: 'recursive'
@ -96,18 +96,18 @@ jobs:
uses: ./.github/actions/setup-linux
- name: Login to GitHub Container Registry
if: ${{ env.WITH_PUSH == 'true' }}
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: pytorch
password: ${{ secrets.GHCR_PAT }}
# Setup multi-arch image builds
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
env:
QEMU_BINARY_PATH: ${{ runner.temp }}/bin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
version: latest
driver-opts: image=moby/buildkit:v0.19.0

2
.github/workflows/lint-autoformat.yml vendored
View File

@ -37,7 +37,7 @@ jobs:
- name: Suggest changes
if: steps.git-check.outputs.changes == 'true'
continue-on-error: true
uses: parkerbxyz/suggest-changes@v1
uses: parkerbxyz/suggest-changes@a2ec1653b0c4cc8287d682f0066dba4a173cc7f3 # v1.0.8
with:
comment: "Please commit the suggested changes from pytorch's linter."

6
.github/workflows/lint.yml vendored
View File

@ -207,7 +207,7 @@ jobs:
submodules: false
fetch-depth: 1
- name: Setup Python 3.9
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.9'
architecture: x64
@ -252,7 +252,7 @@ jobs:
echo "MIN_PYTHON_VERSION=$(python3 .github/scripts/get_ci_variable.py --min-python-version)" >> "${GITHUB_OUTPUT}"
- name: Setup Old Python version
if: matrix.test_type == 'older_python_version'
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: 3.8
architecture: x64
@ -262,7 +262,7 @@ jobs:
**/requirements.txt
- name: Setup Min Python version
if: matrix.test_type != 'older_python_version'
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ steps.get-min-python-version.outputs.MIN_PYTHON_VERSION }}
architecture: x64

10
.github/workflows/llm_td_retrieval.yml vendored
View File

@ -27,7 +27,7 @@ jobs:
needs: get-label-type
steps:
- name: Clone PyTorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: pytorch/pytorch
fetch-depth: 0
@ -37,14 +37,14 @@ jobs:
uses: ./pytorch/.github/actions/setup-linux
- name: Clone CodeLlama
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: osalpekar/codellama
ref: main
path: codellama
- name: Clone Target Determination Code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: osalpekar/llm-target-determinator
ref: v0.0.2
@ -72,7 +72,7 @@ jobs:
aws s3 cp "s3://target-determinator-assets/CodeLlama-7b-Python" "CodeLlama-7b-Python" --recursive --no-progress
- name: Fetch indexes
uses: nick-fields/retry@v3.0.0
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
max_attempts: 3
retry_wait_seconds: 10
@ -105,7 +105,7 @@ jobs:
zip -r mappings.zip mappings
- name: Upload results to s3
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
if: ${{ steps.run_retriever.outcome == 'success' }}
with:
name: llm_results

6
.github/workflows/nightly-s3-uploads.yml vendored
View File

@ -28,7 +28,7 @@ jobs:
fetch-depth: 1
submodules: false
- uses: actions/setup-python@v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.11'
cache: pip
@ -37,13 +37,13 @@ jobs:
pip3 install requests==2.32.2 boto3==1.35.42
- name: Authenticate with AWS
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_upload_external_contrib_stats
aws-region: us-east-1
- name: Upload external contribution stats
uses: nick-fields/retry@v3.0.0
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:

4
.github/workflows/revert.yml vendored
View File

@ -13,14 +13,14 @@ jobs:
GH_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
steps:
- name: Checkout repo
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
id: checkout
with:
fetch-depth: 0
token: ${{ secrets.MERGEBOT_TOKEN }}
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.9'
architecture: x64

2
.github/workflows/runner-determinator-validator.yml vendored
View File

@ -20,7 +20,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Hardcode runner-determinator script
id: hardcode-script

2
.github/workflows/runner_determinator_script_sync.yaml vendored
View File

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: |
.github

8
.github/workflows/scorecards.yml vendored
View File

@ -25,12 +25,12 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # tag=v2.0.3
uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # v2.0.3
with:
results_file: results.sarif
results_format: sarif
@ -42,7 +42,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: SARIF file
path: results.sarif
@ -50,6 +50,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
with:
sarif_file: results.sarif

2
.github/workflows/stale.yml vendored
View File

@ -27,7 +27,7 @@ jobs:
pull-requests: write
steps:
- uses: actions/github-script@v7
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
// Do some dumb retries on requests.

8
.github/workflows/target-determination-indexer.yml vendored
View File

@ -26,7 +26,7 @@ jobs:
environment: target-determinator-env
steps:
- name: Clone PyTorch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: pytorch
@ -59,21 +59,21 @@ jobs:
uses: pytorch/test-infra/.github/actions/setup-nvidia@main
- name: Clone CodeLlama
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: osalpekar/codellama
ref: 1ec50e0cfc0fadc3b6ceb146617e2119ab26eb34
path: codellama
- name: Clone Target Determination Code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: osalpekar/llm-target-determinator
ref: v0.0.2
path: llm-target-determinator
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_target_determinator_s3_read_write
aws-region: us-east-1

6
.github/workflows/target_determination.yml vendored
View File

@ -49,7 +49,7 @@ jobs:
job_identifier: ${{ github.workflow }}
- name: Download LLM Artifacts from S3
uses: seemethere/download-artifact-s3@v4
uses: seemethere/download-artifact-s3@1da556a7aa0a088e3153970611f6c432d58e80e6 # v4.2.0
continue-on-error: true
with:
name: llm_results
@ -76,7 +76,7 @@ jobs:
python3 tools/testing/do_target_determination_for_s3.py
- name: Upload TD results to s3
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
if: steps.td.outcome == 'success'
with:
name: td_results
@ -85,7 +85,7 @@ jobs:
path: td_results.json
- name: Store TD results on GHA
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: steps.td.outcome == 'success'
with:
name: td_results.json

8
.github/workflows/trymerge.yml vendored
View File

@ -16,13 +16,13 @@ jobs:
steps:
- name: Checkout repo
id: checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
token: ${{ secrets.MERGEBOT_TOKEN }}
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.9'
check-latest: false
@ -87,7 +87,7 @@ jobs:
python3 .github/scripts/comment_on_pr.py "${PR_NUM}" "merge"
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
continue-on-error: true
with:
role-to-assume: arn:aws:iam::308535385114:role/upload_to_ossci_raw_job_status
@ -96,7 +96,7 @@ jobs:
- name: Upload merge record to s3
if: always()
continue-on-error: true
uses: seemethere/upload-artifact-s3@v5
uses: seemethere/upload-artifact-s3@baba72d0712b404f646cebe0730933554ebce96a # v5.1.0
with:
s3-bucket: ossci-raw-job-status
s3-prefix: merges/${{ github.repository }}/${{ github.event.client_payload.pr_num }}/${{ github.event.client_payload.comment_id }}/${{ github.run_id }}

4
.github/workflows/tryrebase.yml vendored
View File

@ -13,13 +13,13 @@ jobs:
steps:
- name: Checkout repo
id: checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
token: ${{ secrets.MERGEBOT_TOKEN }}
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.9'
architecture: x64

2
.github/workflows/update-viablestrict.yml vendored
View File

@ -30,7 +30,7 @@ jobs:
clickhouse-password: ${{ secrets.CLICKHOUSE_VIABLESTRICT_PASSWORD }}
- name: Authenticate to AWS with OIDC
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/upload_to_ossci_raw_job_status
aws-region: us-east-1

2
.github/workflows/update_pytorch_labels.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
submodules: false
- name: configure aws credentials
id: aws_creds
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_update_pytorch_labels
aws-region: us-east-1

6
.github/workflows/upload-test-stats.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
steps:
- name: Get workflow run conclusion
# TODO (huydhn): Pin this once https://github.com/octokit/request-action/issues/315 is resolved
uses: octokit/request-action@main
uses: octokit/request-action@05a2312de9f8207044c4c9e41fe19703986acc13 # v2.x
id: get_conclusion
with:
route: GET /repos/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}/attempts/${{ github.event.workflow_run.run_attempt }}
@ -42,13 +42,13 @@ jobs:
uses: pytorch/pytorch/.github/actions/checkout-pytorch@main
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
continue-on-error: true
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_upload-torch-test-stats
aws-region: us-east-1
- uses: actions/setup-python@v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.11'
cache: pip

6
.github/workflows/upload-torch-dynamo-perf-stats.yml vendored
View File

@ -14,7 +14,7 @@ jobs:
steps:
- name: Get workflow run conclusion
# TODO (huydhn): Pin this once https://github.com/octokit/request-action/issues/315 is resolved
uses: octokit/request-action@main
uses: octokit/request-action@05a2312de9f8207044c4c9e41fe19703986acc13 # v2.x
id: get-conclusion
with:
route: GET /repos/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}/attempts/${{ github.event.workflow_run.run_attempt }}
@ -38,13 +38,13 @@ jobs:
fetch-depth: 1
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
continue-on-error: true
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_workflow_upload-torch-test-stats
aws-region: us-east-1
- uses: actions/setup-python@v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.11'
cache: pip

4
.github/workflows/upload_test_stats_intermediate.yml vendored
View File

@ -22,7 +22,7 @@ jobs:
fetch-depth: 1
submodules: false
- uses: actions/setup-python@v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.11'
cache: pip
@ -31,7 +31,7 @@ jobs:
pip3 install requests==2.32.2 boto3==1.35.42
- name: Authenticate with AWS
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::308535385114:role/gha_upload_test_stats_intermediate_workflow
aws-region: us-east-1

6
.github/workflows/weekly.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
environment: update-commit-hash
steps:
- name: Checkout repo
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: update-xla-commit-hash
@ -37,12 +37,12 @@ jobs:
environment: update-commit-hash
steps:
- name: Checkout repo
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
token: ${{ secrets.UPDATEBOT_TOKEN }}
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.9'
- name: Install requirements