(arrow-nanoarrow) branch main updated: chore(ci): pin docker workflows to ASF allowlist versions (#862)

Sun, 05 Apr 2026 18:40:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

paleolimbot pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-nanoarrow.git


The following commit(s) were added to refs/heads/main by this push:
     new 23fc93c5 chore(ci): pin docker workflows to ASF allowlist versions 
(#862)
23fc93c5 is described below

commit 23fc93c5c57ae4fa05a85c8b81ff8a51cc168f46
Author: Bryce Mecum <[email protected]>
AuthorDate: Sun Apr 5 18:40:44 2026 -0700

    chore(ci): pin docker workflows to ASF allowlist versions (#862)
    
    Fixes CI jobs that are currently failing due to errors like [this
    one](https://github.com/apache/arrow-nanoarrow/actions/runs/23967665227),
    
    > The actions docker/setup-buildx-action@v3, docker/login-action@v3, and
    docker/setup-qemu-action@v3 are not allowed in apache/arrow-nanoarrow
    because all actions must be from a repository owned by your enterprise,
    created by GitHub, or match one of the patterns
    
    Updates references to workflows that need to be pinned to ASF
    allowlisted refs from
    https://github.com/apache/infrastructure-actions/blob/main/actions.yml.
    All other workflows are from `actions/*` so those should be fine (though
    outdated).
    
    Closes https://github.com/apache/arrow-nanoarrow/issues/860
---
 .github/workflows/docker-build.yaml | 8 ++++----
 .github/workflows/verify.yaml       | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker-build.yaml 
b/.github/workflows/docker-build.yaml
index 783ea8cf..71d5f24d 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -69,12 +69,12 @@ jobs:
           docker context create builders
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: 
docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
         with:
           endpoint: builders
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # 
v4.0.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -82,7 +82,7 @@ jobs:
 
       - name: Set up QEMU
         if: matrix.config.arch == 's390x'
-        uses: docker/setup-qemu-action@v3
+        uses: 
docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
 
       - name: Build
         env:
@@ -108,7 +108,7 @@ jobs:
     needs: build-docker
     steps:
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
+      uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # 
v4.0.0
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml
index aaefa7d7..9dc4da4c 100644
--- a/.github/workflows/verify.yaml
+++ b/.github/workflows/verify.yaml
@@ -159,7 +159,7 @@ jobs:
 
       - name: Set up QEMU
         if: matrix.config.arch != 'amd64'
-        uses: docker/setup-qemu-action@v2
+        uses: 
docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
 
       - name: Run docker compose verify
         env:

Reply via email to