From 9736f06c9c53b485731c2dff95af7c05457be158 Mon Sep 17 00:00:00 2001 From: Matthew Douglas <38992547+matthewdouglas@users.noreply.github.com> Date: Thu, 18 Jun 2026 13:44:29 -0400 Subject: [PATCH] CI: pin GitHub Actions to SHA, add dependabot for automatic updates --- .github/dependabot.yml | 12 ++++++++ .github/dependabot.yml.disabled | 11 ------- .github/workflows/lint.yml | 6 ++-- .github/workflows/python-package.yml | 46 ++++++++++++++-------------- .github/workflows/test-runner.yml | 14 ++++----- 5 files changed, 45 insertions(+), 44 deletions(-) create mode 100644 .github/dependabot.yml delete mode 100644 .github/dependabot.yml.disabled diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..cfd37832b --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + cooldown: + default-days: 7 + groups: + actions: + patterns: + - "*" diff --git a/.github/dependabot.yml.disabled b/.github/dependabot.yml.disabled deleted file mode 100644 index 8a36c3689..000000000 --- a/.github/dependabot.yml.disabled +++ /dev/null @@ -1,11 +0,0 @@ -version: 2 -updates: - - package-ecosystem: pip - directory: "/" - schedule: - interval: "weekly" - groups: - major: - update-types: [major] - minor-patch: - update-types: [minor, patch] diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 01084d44f..40d541c9b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,10 +10,10 @@ jobs: Lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" - - uses: pre-commit/action@v3.0.0 + - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 env: RUFF_OUTPUT_FORMAT: github diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 81b65d253..4b104cb30 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -34,16 +34,16 @@ jobs: os: [ubuntu-22.04, ubuntu-22.04-arm, windows-2025, windows-11-arm, macos-15] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Setup MSVC if: runner.os == 'Windows' - uses: ilammy/msvc-dev-cmd@v1.13.0 # to use cl + uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 with: arch: ${{ runner.arch == 'ARM64' && 'arm64' || 'x64' }} - name: Build C++ run: bash .github/scripts/build-cpu.sh - name: Upload build artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: shared_library_${{ runner.os }}_${{ runner.arch }} path: output/* @@ -62,7 +62,7 @@ jobs: ["11.8.0", "12.0.1", "12.1.1", "12.2.2", "12.3.2", "12.4.1", "12.5.1", "12.6.3", "12.8.1", "12.9.1", "13.0.2", "13.2.0"] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # Windows: We install Cuda on the agent (slow) - uses: Jimver/cuda-toolkit@3d45d157f327c09c04b50ee6ccdea2d9d017ec76 # v0.2.35 if: runner.os == 'Windows' @@ -77,7 +77,7 @@ jobs: log-file-suffix: ${{ runner.os }}-${{ runner.arch }}-${{matrix.cuda_version}}.txt - name: Setup MSVC if: runner.os == 'Windows' - uses: ilammy/msvc-dev-cmd@v1.13.0 # to use cl + uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 with: toolset: "14.44" - name: Build C++ @@ -85,7 +85,7 @@ jobs: env: CUDA_VERSION: ${{ matrix.cuda_version }} - name: Upload build artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: shared_library_cuda_${{ runner.os }}_${{ runner.arch }}_${{ matrix.cuda_version }} path: output/* @@ -98,7 +98,7 @@ jobs: os: [ubuntu-22.04, windows-2022] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Build C++ (Linux) if: runner.os == 'Linux' run: bash .github/scripts/build-xpu.sh @@ -107,7 +107,7 @@ jobs: run: .github/scripts/build-xpu-windows.bat shell: cmd - name: Upload build artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: shared_library_xpu_${{ runner.os }}_${{ runner.arch }} path: output/* @@ -124,7 +124,7 @@ jobs: rocm_version: "7.2.1" runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clean up disk space if: runner.os == 'Linux' run: | @@ -144,7 +144,7 @@ jobs: df -h - name: Setup MSVC if: runner.os == 'Windows' - uses: ilammy/msvc-dev-cmd@v1.13.0 + uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 with: toolset: "14.44" - name: Build C++ @@ -152,7 +152,7 @@ jobs: env: ROCM_VERSION: ${{ matrix.rocm_version }} - name: Upload build artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: shared_library_rocm_${{ runner.os }}_${{ runner.arch }}_${{ matrix.rocm_version }} path: output/* @@ -176,9 +176,9 @@ jobs: # dictated by the packaged code itself, not the Python version used for packaging. runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Download build artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: merge-multiple: true pattern: "shared_library*_${{ runner.os }}_${{ runner.arch }}*" @@ -189,7 +189,7 @@ jobs: ls -lR output/ cp output/${{ runner.os }}/${{ runner.arch }}/* bitsandbytes/ - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" cache: pip @@ -202,7 +202,7 @@ jobs: echo "PLATFORM_TAG=$PLATFORM_TAG" wheel tags --remove --abi-tag=none --python-tag=py3 --platform-tag=$PLATFORM_TAG dist/bitsandbytes-*.whl - name: Upload build artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: bdist_wheel_${{ runner.os }}_${{ runner.arch }} path: dist/bitsandbytes-*.whl @@ -220,7 +220,7 @@ jobs: - build-wheels steps: - name: Download and rename artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: tmp/ pattern: "bdist_wheel_*" @@ -261,7 +261,7 @@ jobs: - name: Inspect wheels directory after renaming files run: ls -alFR wheels/ - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: path: repo @@ -341,7 +341,7 @@ jobs: cat body.md - name: Create new pre-release and upload artifacts - uses: softprops/action-gh-release@v2.2.1 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: files: wheels/*.whl prerelease: true @@ -360,14 +360,14 @@ jobs: env: PIP_DISABLE_PIP_VERSION_CHECK: 1 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Download wheel - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: bdist_wheel_${{ runner.os }}_${{ runner.arch }} path: wheels/ - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" - run: pip install auditwheel @@ -387,13 +387,13 @@ jobs: id-token: write steps: - name: Download distribution artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: dist/ pattern: "bdist_wheel_*" merge-multiple: true - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: print-hash: true diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index 9745fe1b3..266fc6830 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -93,7 +93,7 @@ jobs: echo "test_runner=${TEST_RUNNER}" >> $GITHUB_OUTPUT echo "artifact_name=${ARTIFACT}" >> $GITHUB_OUTPUT - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # Windows + CUDA: Install CUDA Toolkit @@ -109,7 +109,7 @@ jobs: # Windows: Setup MSVC (needed for both CPU and CUDA builds) - name: Setup MSVC if: startsWith(inputs.platform, 'windows') - uses: ilammy/msvc-dev-cmd@v1.13.0 + uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 with: arch: ${{ inputs.platform == 'windows-arm64' && 'arm64' || 'x64' }} toolset: ${{ (inputs.platform == 'windows' && inputs.backend == 'cuda') && '14.44' || '' }} @@ -128,7 +128,7 @@ jobs: CUDA_TARGETS: "75;80;89" - name: Upload build artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ steps.config.outputs.artifact_name }} path: output/${{ runner.os }}/${{ runner.arch }}/* @@ -146,17 +146,17 @@ jobs: if: inputs.backend == 'cuda' run: nvidia-smi - - uses: actions/checkout@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Download build artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ needs.build.outputs.artifact_name }} path: bitsandbytes/ merge-multiple: true - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: # Python for Windows ARM64 is only available from 3.12+ python-version: ${{ inputs.platform == 'windows-arm64' && '3.12' || '3.10' }} @@ -164,7 +164,7 @@ jobs: # Windows: Setup MSVC for torch.compile - name: Setup MSVC if: startsWith(inputs.platform, 'windows') - uses: ilammy/msvc-dev-cmd@v1.13.0 + uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 with: arch: ${{ inputs.platform == 'windows-arm64' && 'arm64' || 'x64' }}