This is an automated email from the ASF dual-hosted git repository.
jiayu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sedona.git
The following commit(s) were added to refs/heads/master by this push:
new 94ccc6c761 [CI] Pin all `actions/*` workflows (#2821)
94ccc6c761 is described below
commit 94ccc6c761e1233564d430e2ea463ba9b5be72d1
Author: John Bampton <[email protected]>
AuthorDate: Thu Apr 2 02:02:52 2026 +1000
[CI] Pin all `actions/*` workflows (#2821)
---
.github/linters/zizmor.yml | 1 -
.github/workflows/basic-tests.yml | 2 +-
.github/workflows/codeql.yml | 2 +-
.github/workflows/docker-build.yml | 6 +++---
.github/workflows/docs.yml | 16 ++++++++--------
.github/workflows/example.yml | 8 ++++----
.github/workflows/first-interaction.yml | 2 +-
.github/workflows/java.yml | 10 +++++-----
.github/workflows/links.yml | 4 ++--
.github/workflows/pyflink.yml | 6 +++---
.github/workflows/python-extension.yml | 4 ++--
.github/workflows/python-wheel.yml | 10 +++++-----
.github/workflows/python.yml | 8 ++++----
.github/workflows/r.yml | 8 ++++----
14 files changed, 43 insertions(+), 44 deletions(-)
diff --git a/.github/linters/zizmor.yml b/.github/linters/zizmor.yml
index 0da493ec91..503066ba26 100644
--- a/.github/linters/zizmor.yml
+++ b/.github/linters/zizmor.yml
@@ -19,7 +19,6 @@ rules:
unpinned-uses:
config:
policies:
- actions/*: any
github/*: any
r-lib/actions/check-r-package: any
r-lib/actions/setup-r: any
diff --git a/.github/workflows/basic-tests.yml
b/.github/workflows/basic-tests.yml
index 42c3e716ab..6e8351b9d9 100644
--- a/.github/workflows/basic-tests.yml
+++ b/.github/workflows/basic-tests.yml
@@ -35,7 +35,7 @@ jobs:
runs-on: ['windows-latest']
steps:
- name: 'Checkout ${{ github.ref }} ( ${{ github.sha }} )'
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
fetch-depth: 2
persist-credentials: false
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 64f89f3900..fdaa33084b 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -40,7 +40,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
diff --git a/.github/workflows/docker-build.yml
b/.github/workflows/docker-build.yml
index 42306f9ee1..4e84bc28ae 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -59,15 +59,15 @@ jobs:
run:
shell: bash
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-java@v5
+ - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
with:
distribution: 'zulu'
java-version: 17
- name: Cache Maven packages
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 2c3032e293..29764f8364 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -40,12 +40,12 @@ jobs:
build:
runs-on: ubuntu-22.04
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
fetch-depth: 0
persist-credentials: true # zizmor: ignore[credential-persistence]
- name: Set up Java
- uses: actions/setup-java@v5
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
with:
distribution: 'zulu'
java-version: '11'
@@ -54,7 +54,7 @@ jobs:
- name: Compile ScalaDoc
run: mvn generate-sources scala:doc -pl !common,!snowflake,!flink &&
mkdir -p docs/api/scaladoc/spark && cp -r spark/common/target/site/scaladocs/*
docs/api/scaladoc/spark
- name: Set up Node.js
- uses: actions/setup-node@v6
+ uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #
v6.3.0
with:
node-version: '18'
cache: 'npm'
@@ -67,7 +67,7 @@ jobs:
run: |
cd docs-overrides
npx gulp build
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: '3.11'
- name: Install uv
@@ -121,25 +121,25 @@ jobs:
fi
- run: mkdir staging
- run: cp -r site/* staging/
- - uses: actions/upload-artifact@v7
+ - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
with:
name: generated-docs
path: staging
- name: Cache Python packages
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Cache Maven packages
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Cache Node modules
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: docs-overrides/node_modules
key: ${{ runner.os }}-node-${{
hashFiles('docs-overrides/package-lock.json') }}
diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml
index 6d16137a83..a33841d525 100644
--- a/.github/workflows/example.yml
+++ b/.github/workflows/example.yml
@@ -58,10 +58,10 @@ jobs:
sedona: 1.8.0
hadoop: 3.3.4
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-java@v5
+ - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
with:
distribution: 'zulu'
java-version: '17'
@@ -74,14 +74,14 @@ jobs:
- run: sudo apt-get update
- run: sudo apt-get install sbt
- name: Cache SBT
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/.ivy2/cache
~/.sbt
key: ${{ runner.os }}-sbt-${{ hashFiles('**/build.sbt') }}
- name: Cache Maven packages
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
diff --git a/.github/workflows/first-interaction.yml
b/.github/workflows/first-interaction.yml
index 8ca58b3a98..23d657c40d 100644
--- a/.github/workflows/first-interaction.yml
+++ b/.github/workflows/first-interaction.yml
@@ -36,7 +36,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: First Interaction
- uses: actions/first-interaction@v3
+ uses:
actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
issue_message: |
diff --git a/.github/workflows/java.yml b/.github/workflows/java.yml
index 45f92541d9..3a5736c43c 100644
--- a/.github/workflows/java.yml
+++ b/.github/workflows/java.yml
@@ -85,18 +85,18 @@ jobs:
jdk: '11'
skipTests: ''
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-java@v5
+ - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
with:
distribution: 'zulu'
java-version: ${{ matrix.jdk }}
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: '3.10'
- name: Cache Maven packages
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -118,7 +118,7 @@ jobs:
- run: cp spark-shaded/target/sedona-*.jar staging
- run: |
[ -d "flink-shaded/target/" ] && cp flink-shaded/target/sedona-*.jar
staging 2>/dev/null || true
- - uses: actions/upload-artifact@v7
+ - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
with:
name: generated-jars_spark-${{ matrix.spark }}_scala-${{
matrix.scala }}_jdk-${{ matrix.jdk }}
path: staging
diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
index 574673bdb4..af143a093c 100644
--- a/.github/workflows/links.yml
+++ b/.github/workflows/links.yml
@@ -33,7 +33,7 @@ jobs:
permissions:
issues: write # required for Broken Links Report
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- name: Link Checker
@@ -45,7 +45,7 @@ jobs:
- name: Broken Links Report
if: steps.lychee.outputs.exit_code != 0 && github.event_name ==
'schedule'
- uses: actions/github-script@v8
+ uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd #
v8.0.0
with:
script: |
const fs = require('fs');
diff --git a/.github/workflows/pyflink.yml b/.github/workflows/pyflink.yml
index 13fb2affc8..063c2dae71 100644
--- a/.github/workflows/pyflink.yml
+++ b/.github/workflows/pyflink.yml
@@ -53,14 +53,14 @@ jobs:
matrix:
python: ['3.11', '3.10']
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-java@v5
+ - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
with:
distribution: 'zulu'
java-version: '11'
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: ${{ matrix.python }}
- name: Install uv
diff --git a/.github/workflows/python-extension.yml
b/.github/workflows/python-extension.yml
index 649d962897..9e24735ef9 100644
--- a/.github/workflows/python-extension.yml
+++ b/.github/workflows/python-extension.yml
@@ -58,10 +58,10 @@ jobs:
shell: bash
working-directory: python
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: ${{ matrix.python }}
- name: Install uv
diff --git a/.github/workflows/python-wheel.yml
b/.github/workflows/python-wheel.yml
index 38c69a3f5f..989af419de 100644
--- a/.github/workflows/python-wheel.yml
+++ b/.github/workflows/python-wheel.yml
@@ -60,7 +60,7 @@ jobs:
run:
shell: bash
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- name: Set up QEMU
@@ -80,7 +80,7 @@ jobs:
CIBW_ARCHS_MACOS: 'x86_64 arm64'
with:
package-dir: python
- - uses: actions/upload-artifact@v7
+ - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
with:
name: cibw-wheels-${{ matrix.os }}-${{ strategy.job-index }}
path: ./wheelhouse/*.whl
@@ -89,7 +89,7 @@ jobs:
name: Build source distribution
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -99,7 +99,7 @@ jobs:
- name: Build sdist
run: cd python && uv build --sdist
- - uses: actions/upload-artifact@v7
+ - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
with:
name: cibw-sdist
path: python/dist/*.tar.gz
@@ -113,7 +113,7 @@ jobs:
permissions:
id-token: write # IMPORTANT: mandatory for Trusted Publishing
steps:
- - uses: actions/download-artifact@v8
+ - uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
# unpacks wheel files into artifacts
pattern: cibw-*
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
index 7369391547..db34cb9fbb 100644
--- a/.github/workflows/python.yml
+++ b/.github/workflows/python.yml
@@ -79,20 +79,20 @@ jobs:
shapely: '1'
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-java@v5
+ - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
with:
distribution: 'zulu'
java-version: '${{ matrix.java }}'
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: ${{ matrix.python }}
- name: Install uv
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 #
v7.6.0
- name: Cache Maven packages
- uses: actions/cache@v5
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
diff --git a/.github/workflows/r.yml b/.github/workflows/r.yml
index 5b2d5a9a7d..25b8fdb423 100644
--- a/.github/workflows/r.yml
+++ b/.github/workflows/r.yml
@@ -86,7 +86,7 @@ jobs:
run: |
sudo apt-get -y remove --purge default-jdk adoptopenjdk-11-hotspot
|| :
shell: bash
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- uses: r-lib/actions/[email protected]
@@ -112,12 +112,12 @@ jobs:
_R_CHECK_FORCE_SUGGESTS_: false
- name: Install apache.sedona from source
run: Rscript -e 'install.packages("./R/", repos = NULL, type =
"source")'
- - uses: actions/setup-java@v5
+ - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
with:
distribution: 'temurin'
java-version: '11'
cache: 'maven'
- - uses: actions/setup-python@v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: '3.11'
- name: Install PySpark
@@ -162,7 +162,7 @@ jobs:
NOT_CRAN='true' Rscript testthat.R
shell: bash
timeout-minutes: 30
- - uses: actions/upload-artifact@v7
+ - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
# v7.0.0
if: failure()
with:
name: Worker logs
