This is an automated email from the ASF dual-hosted git repository.
ryankert01 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/mahout.git
The following commit(s) were added to refs/heads/main by this push:
new 165c959f5 ci: pin all GitHub Actions to commit hashes per ASF policy
(#1369)
165c959f5 is described below
commit 165c959f585b4c60ceb8b7b77698b0612c5cc225
Author: Ryan Huang <[email protected]>
AuthorDate: Mon Jun 1 17:26:02 2026 +0800
ci: pin all GitHub Actions to commit hashes per ASF policy (#1369)
Resolves #1368. All third-party actions are pinned to their full 40-char
commit SHA (with version tag preserved as a comment) and verified against
the Apache infrastructure-actions allowlist.
---
.github/workflows/label.yml | 2 +-
.github/workflows/links.yml | 4 ++--
.github/workflows/notebook-testing.yml | 4 ++--
.github/workflows/pre-commit.yml | 4 ++--
.github/workflows/python-testing.yml | 8 ++++----
.github/workflows/website-build.yml | 4 ++--
.github/workflows/website.yml | 4 ++--
.github/workflows/wheel-build.yml | 10 +++++-----
8 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
index 0c6572a99..f777d5d0e 100644
--- a/.github/workflows/label.yml
+++ b/.github/workflows/label.yml
@@ -7,7 +7,7 @@ jobs:
triage:
runs-on: ubuntu-latest
steps:
- - uses: github/[email protected]
+ - uses: github/issue-labeler@c1b0f9f52a63158c4adc09425e858e87b32e9685 #
v3.4
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
configuration-path: .github/labeler.yml
diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
index 91a54676d..b96bce374 100644
--- a/.github/workflows/links.yml
+++ b/.github/workflows/links.yml
@@ -16,7 +16,7 @@ jobs:
permissions:
issues: write # required for Broken Links Report
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Link Checker
id: lychee
@@ -27,7 +27,7 @@ jobs:
- name: Broken Links Report
if: steps.lychee.outputs.exit_code != 0 && github.event_name ==
'schedule'
- uses: actions/github-script@v8
+ uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd #
v8
with:
script: |
const fs = require('fs');
diff --git a/.github/workflows/notebook-testing.yml
b/.github/workflows/notebook-testing.yml
index f2054b005..ab28142df 100644
--- a/.github/workflows/notebook-testing.yml
+++ b/.github/workflows/notebook-testing.yml
@@ -23,10 +23,10 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Set up Python with uv
- uses: astral-sh/setup-uv@v7
+ uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b #
v8.1.0
with:
python-version: "3.12"
enable-cache: true
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 846ef22b2..bf594c9b6 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -30,10 +30,10 @@ jobs:
python-version: ["3.10"]
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Set up Python ${{ matrix.python-version }}
- uses: actions/setup-python@v6
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6
with:
python-version: ${{ matrix.python-version }}
diff --git a/.github/workflows/python-testing.yml
b/.github/workflows/python-testing.yml
index a453f169c..23061d612 100644
--- a/.github/workflows/python-testing.yml
+++ b/.github/workflows/python-testing.yml
@@ -46,10 +46,10 @@ jobs:
# during the slower maturin build below.
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install Rust toolchain
- uses: dtolnay/rust-toolchain@stable
+ uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8
# stable
- name: Cargo check (no-CUDA stubs)
working-directory: qdp
@@ -65,10 +65,10 @@ jobs:
python-version: ["3.10", "3.11", "3.12"]
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Set up Python ${{ matrix.python-version }}
- uses: actions/setup-python@v6
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6
with:
python-version: ${{ matrix.python-version }}
diff --git a/.github/workflows/website-build.yml
b/.github/workflows/website-build.yml
index e0a2833ed..5a9fb89a4 100644
--- a/.github/workflows/website-build.yml
+++ b/.github/workflows/website-build.yml
@@ -29,10 +29,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup Node.js
- uses: actions/setup-node@v4
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: '20'
cache: 'npm'
diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml
index 6259302a6..d6a668970 100644
--- a/.github/workflows/website.yml
+++ b/.github/workflows/website.yml
@@ -31,12 +31,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Setup Node.js
- uses: actions/setup-node@v4
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: '20'
cache: 'npm'
diff --git a/.github/workflows/wheel-build.yml
b/.github/workflows/wheel-build.yml
index bdc864d4b..d78ce766c 100644
--- a/.github/workflows/wheel-build.yml
+++ b/.github/workflows/wheel-build.yml
@@ -30,9 +30,9 @@ jobs:
build-qumat:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6
with:
python-version: "3.12"
@@ -41,7 +41,7 @@ jobs:
pip install uv
uv build
- - uses: actions/upload-artifact@v5
+ - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
# v5
with:
name: qumat
path: dist/*
@@ -54,7 +54,7 @@ jobs:
matrix:
python-version: ["3.10", "3.11", "3.12"]
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: PyO3/maturin-action@v1
with:
@@ -83,7 +83,7 @@ jobs:
fi
sccache: true
- - uses: actions/upload-artifact@v5
+ - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
# v5
with:
name: qumat-qdp-cp${{ matrix.python-version }}
path: qdp/qdp-python/dist/*.whl
