diff --git a/.github/workflows/audit-zizmor.yml b/.github/workflows/audit-zizmor.yml index 015e20641bc..3d0ab3230b9 100644 --- a/.github/workflows/audit-zizmor.yml +++ b/.github/workflows/audit-zizmor.yml @@ -23,4 +23,4 @@ jobs: .github - name: Run zizmor - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 diff --git a/.github/workflows/auto-cherry-picker.yaml b/.github/workflows/auto-cherry-picker.yaml index 2edb549f62b..fb4ba62039d 100644 --- a/.github/workflows/auto-cherry-picker.yaml +++ b/.github/workflows/auto-cherry-picker.yaml @@ -31,7 +31,7 @@ jobs: - run: npm install ./build-support/cherry_pick - id: get-prereqs name: Get Cherry-Pick prerequisites - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.WORKER_PANTS_CHERRY_PICK_PAT }} script: | @@ -116,7 +116,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - run: npm install ./build-support/cherry_pick - name: Run Script - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.WORKER_PANTS_CHERRY_PICK_PAT }} script: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2529a3cb718..7a0cf76ad78 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -76,14 +76,14 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-wheels-and-pex-Linux-ARM64 overwrite: 'true' path: .pants.d/workdir/*.log - if: needs.release_info.outputs.is-release == 'true' name: Attest the pantsbuild.pants wheel - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: dist/deploy/wheels/pantsbuild.pants/**/pantsbuild_pants-*.whl - if: needs.release_info.outputs.is-release == 'true' @@ -101,7 +101,7 @@ jobs: echo "PEX_SCIE_FILENAME=$PEX_SCIE_FILENAME" | tee -a "$GITHUB_ENV" - if: needs.release_info.outputs.is-release == 'true' name: Attest the Pants Pex artifact - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: dist/src.python.pants/* - if: needs.release_info.outputs.is-release == 'true' @@ -213,14 +213,14 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-wheels-and-pex-Linux-x86_64 overwrite: 'true' path: .pants.d/workdir/*.log - if: needs.release_info.outputs.is-release == 'true' name: Attest the pantsbuild.pants wheel - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: dist/deploy/wheels/pantsbuild.pants/**/pantsbuild_pants-*.whl - if: needs.release_info.outputs.is-release == 'true' @@ -238,7 +238,7 @@ jobs: echo "PEX_SCIE_FILENAME=$PEX_SCIE_FILENAME" | tee -a "$GITHUB_ENV" - if: needs.release_info.outputs.is-release == 'true' name: Attest the Pants Pex artifact - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: dist/src.python.pants/* - if: needs.release_info.outputs.is-release == 'true' @@ -267,7 +267,7 @@ jobs: --data-binary "@$WHL"; - if: needs.release_info.outputs.is-release == 'true' name: Attest the pantsbuild.pants.testutil wheel - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: dist/deploy/wheels/pantsbuild.pants/**/pantsbuild_pants_testutil*.whl - if: needs.release_info.outputs.is-release == 'true' @@ -375,14 +375,14 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-wheels-and-pex-macOS14-ARM64 overwrite: 'true' path: .pants.d/workdir/*.log - if: needs.release_info.outputs.is-release == 'true' name: Attest the pantsbuild.pants wheel - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: dist/deploy/wheels/pantsbuild.pants/**/pantsbuild_pants-*.whl - if: needs.release_info.outputs.is-release == 'true' @@ -400,7 +400,7 @@ jobs: echo "PEX_SCIE_FILENAME=$PEX_SCIE_FILENAME" | tee -a "$GITHUB_ENV" - if: needs.release_info.outputs.is-release == 'true' name: Attest the Pants Pex artifact - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: dist/src.python.pants/* - if: needs.release_info.outputs.is-release == 'true' @@ -498,7 +498,7 @@ jobs: run: | ./pants run src/python/pants_release/generate_release_announcement.py -- --output-dir=${{ runner.temp }} - name: Announce release to Slack - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 with: method: chat.postMessage payload-file-path: ${{ runner.temp }}/slack_announcement.json diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ca96205a748..d9f196af775 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -101,13 +101,13 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-bootstrap-Linux-ARM64 overwrite: 'true' path: .pants.d/workdir/*.log - name: Upload native binaries - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-ARM64 path: |- @@ -210,13 +210,13 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-bootstrap-Linux-x86_64 overwrite: 'true' path: .pants.d/workdir/*.log - name: Upload native binaries - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: |- @@ -326,13 +326,13 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-bootstrap-macOS14-ARM64 overwrite: 'true' path: .pants.d/workdir/*.log - name: Upload native binaries - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: native_binaries.${{ matrix.python-version }}.macOS14-ARM64 path: |- @@ -418,7 +418,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-wheels-and-pex-Linux-ARM64 overwrite: 'true' @@ -508,7 +508,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-wheels-and-pex-Linux-x86_64 overwrite: 'true' @@ -608,7 +608,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-wheels-and-pex-macOS14-ARM64 overwrite: 'true' @@ -627,13 +627,13 @@ jobs: with: fetch-depth: 10 - name: Install MSYS2 - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda + uses: msys2/setup-msys2@e9898307ac31d1a803454791be09ab9973336e1c with: install: base-devel mingw-w64-ucrt-x86_64-toolchain mingw-w64-ucrt-x86_64-nasm mingw-w64-ucrt-x86_64-cmake mingw-w64-ucrt-x86_64-protobuf msystem: UCRT64 update: true - name: Set Up Rust Toolchain - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: rust-src-dir: src/rust target: x86_64-pc-windows-gnu @@ -790,7 +790,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -805,7 +805,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-lint-Linux-x86_64 overwrite: 'true' @@ -915,7 +915,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-ARM64 path: src/python/pants @@ -942,7 +942,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-Linux-ARM64 overwrite: 'true' @@ -1044,7 +1044,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -1071,7 +1071,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-0_10-Linux-x86_64 overwrite: 'true' @@ -1173,7 +1173,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -1200,7 +1200,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-1_10-Linux-x86_64 overwrite: 'true' @@ -1302,7 +1302,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -1329,7 +1329,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-2_10-Linux-x86_64 overwrite: 'true' @@ -1431,7 +1431,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -1458,7 +1458,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-3_10-Linux-x86_64 overwrite: 'true' @@ -1560,7 +1560,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -1587,7 +1587,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-4_10-Linux-x86_64 overwrite: 'true' @@ -1689,7 +1689,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -1716,7 +1716,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-5_10-Linux-x86_64 overwrite: 'true' @@ -1818,7 +1818,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -1845,7 +1845,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-6_10-Linux-x86_64 overwrite: 'true' @@ -1947,7 +1947,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -1974,7 +1974,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-7_10-Linux-x86_64 overwrite: 'true' @@ -2076,7 +2076,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -2103,7 +2103,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-8_10-Linux-x86_64 overwrite: 'true' @@ -2205,7 +2205,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.Linux-x86_64 path: src/python/pants @@ -2232,7 +2232,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-9_10-Linux-x86_64 overwrite: 'true' @@ -2301,7 +2301,7 @@ jobs: 3.13 3.14 - name: Download native binaries - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: native_binaries.${{ matrix.python-version }}.macOS14-ARM64 path: src/python/pants @@ -2328,7 +2328,7 @@ jobs: - continue-on-error: true if: always() name: Upload pants.log - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-python-test-macOS14-ARM64 overwrite: 'true'