Skip to content

Hashpin sensitive dependencies and configure dependabot to update them automatically #75859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jan 15, 2024
Merged

Hashpin sensitive dependencies and configure dependabot to update them automatically #75859

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e900a9a
ci: hashpin python dependencies used on release
diogoteles08 Dec 18, 2023
e80c118
feat: enable dependabot to update GH actions and release dependencies
diogoteles08 Dec 18, 2023
8b35aa9
ci: hashpin sensitive GitHub Actions
diogoteles08 Dec 15, 2023
99004d2
Update dependabot to update `/llvm/docs` deps monthly
diogoteles08 Dec 27, 2023
8f9fb93
Merge branch 'main' into ci/hashpin-sensitive-dependencies
diogoteles08 Jan 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
groups:
github-actions:
patterns:
- "*"
- package-ecosystem: "pip"
directory: "/llvm/docs"
schedule:
interval: "monthly"
groups:
llvm-docs-requirements:
patterns:
- "*"
12 changes: 6 additions & 6 deletions .github/workflows/release-binaries.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:

steps:
- name: Checkout LLVM
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Validate and parse tag
id: validate-tag
Expand Down Expand Up @@ -77,15 +77,15 @@ jobs:
- ubuntu-22.04
steps:
- name: Checkout LLVM
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ needs.prepare.outputs.ref }}

- name: Install Ninja
uses: llvm/actions/install-ninja@main
uses: llvm/actions/install-ninja@22e9f909d35b50bd1181709564bfe816eaeaae81 # main

- name: Setup sccache
uses: hendrikmuhs/ccache-action@v1
uses: hendrikmuhs/ccache-action@ca3acd2731eef11f1572ccb126356c2f9298d35e # v1.2.9
with:
max-size: 250M
key: sccache-${{ matrix.os }}-release
Expand Down Expand Up @@ -119,13 +119,13 @@ jobs:

steps:
- name: Checkout LLVM
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ needs.prepare.outputs.ref }}
path: ${{ needs.prepare.outputs.build-dir }}/llvm-project

- name: Setup sccache
uses: hendrikmuhs/ccache-action@v1
uses: hendrikmuhs/ccache-action@ca3acd2731eef11f1572ccb126356c2f9298d35e # v1.2.9
with:
max-size: 250M
key: sccache-${{ matrix.target.os }}-release
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/release-tasks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
echo "release-version=$release_version" >> "$GITHUB_OUTPUT"

- name: Checkout LLVM
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Install Dependencies
run: |
Expand All @@ -36,7 +36,7 @@ jobs:
python3-github \
ninja-build \
texlive-font-utils
pip3 install --user -r ./llvm/docs/requirements.txt
pip3 install --user --require-hashes -r ./llvm/docs/requirements-hashed.txt

- name: Create Release
run: |
Expand All @@ -48,14 +48,14 @@ jobs:
./llvm/utils/release/github-upload-release.py --token ${{ github.token }} --release ${{ steps.validate-tag.outputs.release-version }} upload --files ./*doxygen*.tar.xz

- name: Create Release Notes Artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: release-notes
path: docs-build/html-export/

- name: Clone www-releases
if: ${{ !contains(steps.validate-tag.outputs.release-version, 'rc') }}
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: ${{ github.repository_owner }}/www-releases
ref: main
Expand All @@ -79,10 +79,10 @@ jobs:
if: github.repository == 'llvm/llvm-project'
steps:
- name: Checkout LLVM
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Cpp
uses: aminya/setup-cpp@v1
uses: aminya/setup-cpp@6e563b8e5f796db317104d19605a414345807897 # v1
with:
compiler: llvm-16.0.6
cmake: true
Expand All @@ -108,14 +108,14 @@ jobs:
python3 setup.py sdist

- name: Upload lit to test.pypi.org
uses: pypa/gh-action-pypi-publish@release/v1
uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # release/v1
with:
password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }}
repository-url: https://test.pypi.org/legacy/
packages-dir: llvm/utils/lit/dist/

- name: Upload lit to pypi.org
uses: pypa/gh-action-pypi-publish@release/v1
uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # release/v1
with:
password: ${{ secrets.LLVM_LIT_PYPI_API_TOKEN }}
packages-dir: llvm/utils/lit/dist/
Loading