diff --git a/.github/workflows/build_push_docker_image_Ubuntu.yml b/.github/workflows/build_push_docker_image_Ubuntu.yml index 9098fa7088e8..4c382d3e4db7 100644 --- a/.github/workflows/build_push_docker_image_Ubuntu.yml +++ b/.github/workflows/build_push_docker_image_Ubuntu.yml @@ -23,20 +23,20 @@ jobs: id: extract_branch - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Log in - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: file: .github/workflows/UbuntuDockerfile push: true diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml index d614dd07b3a4..f25585ada356 100644 --- a/.github/workflows/ci-post-commit-analyzer.yml +++ b/.github/workflows/ci-post-commit-analyzer.yml @@ -41,7 +41,7 @@ jobs: LLVM_VERSION: 18 steps: - name: Checkout Source - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Setup ccache uses: hendrikmuhs/ccache-action@v1 @@ -87,7 +87,7 @@ jobs: scan-build --generate-index-only build/analyzer-results - name: Upload Results - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 #v4.3.0 if: always() with: name: analyzer-results diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 800e92915735..48ce72304b39 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -65,7 +65,7 @@ jobs: fetch-depth: 1 - name: Get subprojects that have doc changes id: docs-changed-subprojects - uses: tj-actions/changed-files@v39 + uses: tj-actions/changed-files@v45 with: files_yaml: | llvm: diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index 8f32d020975f..05e4cd1e172b 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -38,7 +38,7 @@ jobs: [{"body" : "$COMMENT"}] EOF - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + - uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 #v4.3.0 if: always() with: name: workflow-args diff --git a/.github/workflows/flang-tests.yml b/.github/workflows/flang-tests.yml index 216d5711e8d0..aa5996da24aa 100644 --- a/.github/workflows/flang-tests.yml +++ b/.github/workflows/flang-tests.yml @@ -23,7 +23,7 @@ jobs: version: 12 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - if: matrix.cc == 'clang' run: | diff --git a/.github/workflows/issue-write.yml b/.github/workflows/issue-write.yml index 5334157a7fd2..ef0d7e986fda 100644 --- a/.github/workflows/issue-write.yml +++ b/.github/workflows/issue-write.yml @@ -39,7 +39,7 @@ jobs: - name: 'Comment on PR' if: steps.download-artifact.outputs.artifact-id != '' - uses: actions/github-script@v3 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/libcxx-build-and-test.yaml b/.github/workflows/libcxx-build-and-test.yaml index 1456f245cf7c..2a307395320a 100644 --- a/.github/workflows/libcxx-build-and-test.yaml +++ b/.github/workflows/libcxx-build-and-test.yaml @@ -72,7 +72,7 @@ jobs: env: CC: ${{ matrix.cc }} CXX: ${{ matrix.cxx }} - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + - uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 # v4.3.0 if: always() with: name: ${{ matrix.config }}-${{ matrix.cxx }}-results @@ -116,7 +116,7 @@ jobs: env: CC: ${{ matrix.cc }} CXX: ${{ matrix.cxx }} - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + - uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 # v4.3.0 if: always() # Upload artifacts even if the build or test suite fails with: name: ${{ matrix.config }}-${{ matrix.cxx }}-results @@ -180,7 +180,7 @@ jobs: env: CC: clang-19 CXX: clang++-19 - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + - uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 # v4.3.0 if: always() with: name: ${{ matrix.config }}-results diff --git a/.github/workflows/libcxx-restart-preempted-jobs.yaml b/.github/workflows/libcxx-restart-preempted-jobs.yaml index 21879ce19c27..5057f9e7c867 100644 --- a/.github/workflows/libcxx-restart-preempted-jobs.yaml +++ b/.github/workflows/libcxx-restart-preempted-jobs.yaml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Restart Job" - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #v7.0.1 + uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 #v3.2.0 with: script: | const failure_regex = /Process completed with exit code 1./ diff --git a/.github/workflows/llvm-bugs.yml b/.github/workflows/llvm-bugs.yml index c392078fa452..4797eea4e3d3 100644 --- a/.github/workflows/llvm-bugs.yml +++ b/.github/workflows/llvm-bugs.yml @@ -20,7 +20,7 @@ jobs: check-latest: true - run: npm install mailgun.js form-data - name: Send notification - uses: actions/github-script@v6 + uses: actions/github-script@v7 env: MAILGUN_API_KEY: ${{ secrets.LLVM_BUGS_KEY }} with: diff --git a/.github/workflows/new-prs.yml b/.github/workflows/new-prs.yml index 88175d6f8d64..f7497e44d9cf 100644 --- a/.github/workflows/new-prs.yml +++ b/.github/workflows/new-prs.yml @@ -67,7 +67,7 @@ jobs: github.event.pull_request.draft == false && github.event.pull_request.commits < 10 steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@v5 with: configuration-path: .github/new-prs-labeler.yml # workaround for https://github.com/actions/labeler/issues/112 diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index 22357e5d99e4..dde5de6058f0 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -27,7 +27,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v39 + uses: tj-actions/changed-files@v45 with: separator: "," skip_initial_fetch: true @@ -88,7 +88,7 @@ jobs: --end-rev $END_REV \ --changed-files "$CHANGED_FILES" - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + - uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 #v4.3.0 if: always() with: name: workflow-args diff --git a/.github/workflows/pr-request-release-note.yml b/.github/workflows/pr-request-release-note.yml index 2fa501dda16b..c5ee33eaa79f 100644 --- a/.github/workflows/pr-request-release-note.yml +++ b/.github/workflows/pr-request-release-note.yml @@ -19,7 +19,7 @@ jobs: # We need to pull the script from the main branch, so that we ensure # we get the latest version of this script. - name: Checkout Scripts - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: sparse-checkout: | llvm/utils/git/requirements.txt @@ -41,7 +41,7 @@ jobs: request-release-note \ --pr-number ${{ github.event.pull_request.number}} - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + - uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 #v4.3.0 if: always() with: name: workflow-args diff --git a/.github/workflows/pre-compile_llvm.yml b/.github/workflows/pre-compile_llvm.yml index 1f8959539378..f735795767c6 100644 --- a/.github/workflows/pre-compile_llvm.yml +++ b/.github/workflows/pre-compile_llvm.yml @@ -71,7 +71,7 @@ jobs: mv llvm_build.tar.gz classic-flang-llvm-project/classic-flang-llvm-project/. - name: Upload llvm - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: llvm_build_${{ matrix.target }}_${{ matrix.cc }}_${{ matrix.version }}_${{ steps.extract_branch.outputs.branch }} path: llvm_build.tar.gz @@ -92,7 +92,7 @@ jobs: # target: AArch64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup Windows uses: llvm/actions/setup-windows@main @@ -124,7 +124,7 @@ jobs: Copy-Item llvm_build.7z -Destination $pwd/classic-flang-llvm-project/ - name: Upload llvm - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: llvm_build_win_${{ matrix.arch }}_clangcl_${{ steps.extract_branch.outputs.branch }} path: ${{ github.workspace }}\llvm_build.7z diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index fcd371d49e6c..c033fbc1f1c8 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -69,7 +69,7 @@ jobs: python-version: '3.12' - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install Dependencies shell: bash @@ -161,7 +161,7 @@ jobs: steps: - name: Checkout Actions - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ (github.event_name == 'pull_request' && github.sha) || 'main' }} sparse-checkout: | @@ -182,7 +182,7 @@ jobs: run: mv workflows ../workflows-main - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ needs.prepare.outputs.ref }} @@ -392,7 +392,7 @@ jobs: # and other steps expect D:\files. mv ${{ steps.setup-stage.outputs.build-prefix }}/build/tools/clang/stage2-bins/${{ needs.prepare.outputs.release-binary-filename }} . - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0 + - uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 #v4.3.0 with: name: ${{ runner.os }}-${{ runner.arch }}-release-binary # Due to path differences on Windows when running in bash vs running on node, @@ -436,7 +436,7 @@ jobs: - name: Attest Build Provenance id: provenance - uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0 + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 with: subject-path: ${{ needs.prepare.outputs.release-binary-filename }} @@ -445,13 +445,13 @@ jobs: mv ${{ steps.provenance.outputs.bundle-path }} ${{ needs.prepare.outputs.release-binary-filename }}.jsonl - name: Upload Build Provenance - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #v4.3.3 + uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 #v4.3.3 with: name: ${{ needs.prepare.outputs.release-binary-filename }}-attestation path: ${{ needs.prepare.outputs.release-binary-filename }}.jsonl - name: Checkout Release Scripts - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: sparse-checkout: | llvm/utils/release/github-upload-release.py diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml index 70e5f08b6f72..ecf15ee78d42 100644 --- a/.github/workflows/release-documentation.yml +++ b/.github/workflows/release-documentation.yml @@ -34,7 +34,7 @@ jobs: upload: ${{ inputs.upload && !contains(inputs.release-version, 'rc') }} steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Setup Python env uses: actions/setup-python@v5 @@ -59,14 +59,14 @@ jobs: ./llvm/utils/release/build-docs.sh -release "${{ inputs.release-version }}" -no-doxygen - name: Create Release Notes Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: release-notes path: docs-build/html-export/ - name: Clone www-releases if: env.upload - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: repository: ${{ github.repository_owner }}/www-releases ref: main diff --git a/.github/workflows/release-doxygen.yml b/.github/workflows/release-doxygen.yml index ea95e5bb12b2..b1b60ca85e69 100644 --- a/.github/workflows/release-doxygen.yml +++ b/.github/workflows/release-doxygen.yml @@ -40,7 +40,7 @@ jobs: upload: ${{ inputs.upload && !contains(inputs.release-version, 'rc') }} steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Setup Python env uses: actions/setup-python@v5 diff --git a/.github/workflows/release-lit.yml b/.github/workflows/release-lit.yml index 9d6f3140e688..a73298b5a48f 100644 --- a/.github/workflows/release-lit.yml +++ b/.github/workflows/release-lit.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: "llvmorg-${{ inputs.release-version }}" diff --git a/.github/workflows/release-sources.yml b/.github/workflows/release-sources.yml index a6c86823f99d..7e7495f9f88a 100644 --- a/.github/workflows/release-sources.yml +++ b/.github/workflows/release-sources.yml @@ -71,7 +71,7 @@ jobs: attestations: write steps: - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ needs.inputs.outputs.ref }} fetch-tags: true @@ -92,14 +92,14 @@ jobs: - name: Attest Build Provenance if: github.event_name != 'pull_request' id: provenance - uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0 + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 with: subject-path: "*.xz" - if: github.event_name != 'pull_request' run: | mv ${{ steps.provenance.outputs.bundle-path }} . - name: Create Tarball Artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #v4.3.3 + uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 #v4.3.3 with: path: | *.xz diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml index 780dd0ff6325..67ce84a4147a 100644 --- a/.github/workflows/release-tasks.yml +++ b/.github/workflows/release-tasks.yml @@ -38,7 +38,7 @@ jobs: sudo apt-get install python3-github - name: Checkout LLVM - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Create Release env: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ff61cf83a6af..ac904b1b138c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,12 +31,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 # v3.1.0 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: results.sarif