From 736887e7ef4fd45bdae13f48f99c79be4b4f73b6 Mon Sep 17 00:00:00 2001 From: "Hans J. Johnson" Date: Mon, 8 Jun 2026 13:04:48 -0500 Subject: [PATCH] COMP: Pin mutable CI action references to fixed versions Replace floating/mutable GitHub Actions refs with fixed versions so CI is reproducible and not silently affected by upstream action changes: - pypa/gh-action-pypi-publish: @master -> @v1.14.0. This action performs the credentialed PyPI publish (user: __token__), so a moving branch ref is the highest-risk floating reference in the tree. - lukka/get-cmake: @latest (x4) -> @v4.3.3, the release @latest currently resolves to (no behavior change, just frozen). - lukka/get-cmake in test-gpu.yml: @v3.22.2 -> @v4.3.3. v3.22.2 bundles an @actions/cache that calls the retired Actions cache API and aborts fatally; it is dormant only because that job is gated. - InsightSoftwareConsortium/ITKClangFormatLinterAction: @main -> pinned commit SHA (the action publishes no release tags). - Jimver/cuda-toolkit: @v0.2.21 -> @v0.2.35. - actions/setup-python in test-notebooks.yml: @v3 -> @v5 to match the other jobs. --- .github/workflows/build-test-package.yml | 12 ++++++------ .github/workflows/clang-format-linter.yml | 2 +- .github/workflows/test-gpu.yml | 2 +- .github/workflows/test-notebooks.yml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-test-package.yml b/.github/workflows/build-test-package.yml index a8a233e..a53cc36 100644 --- a/.github/workflows/build-test-package.yml +++ b/.github/workflows/build-test-package.yml @@ -68,7 +68,7 @@ jobs: python -m pip install ninja - name: Get specific version of CMake, Ninja - uses: lukka/get-cmake@latest + uses: lukka/get-cmake@v4.3.3 - name: Download OpenCL-SDK if: matrix.os == 'macos-15' @@ -321,11 +321,11 @@ jobs: shell: bash - name: Get specific version of CMake, Ninja - uses: lukka/get-cmake@latest + uses: lukka/get-cmake@v4.3.3 - name: Install CUDA toolkit if: matrix.backend == 1 - uses: Jimver/cuda-toolkit@v0.2.21 + uses: Jimver/cuda-toolkit@v0.2.35 with: method: network sub-packages: '["nvcc", "cudart", "cudart-dev", "nvrtc", "nvrtc-dev"]' @@ -409,7 +409,7 @@ jobs: steps: - name: Get specific version of CMake, Ninja - uses: lukka/get-cmake@latest + uses: lukka/get-cmake@v4.3.3 - uses: actions/checkout@v5 with: @@ -551,7 +551,7 @@ jobs: sudo xcode-select -s "${XCODE_APP}/Contents/Developer" - name: Get specific version of CMake, Ninja - uses: lukka/get-cmake@latest + uses: lukka/get-cmake@v4.3.3 - name: 'Fetch build script' run: | @@ -602,7 +602,7 @@ jobs: - name: Publish 🐍 Python 📦 package to PyPI if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') - uses: pypa/gh-action-pypi-publish@master + uses: pypa/gh-action-pypi-publish@v1.14.0 with: user: __token__ password: ${{ secrets.pypi_password }} diff --git a/.github/workflows/clang-format-linter.yml b/.github/workflows/clang-format-linter.yml index 7d1df4f..93723bb 100644 --- a/.github/workflows/clang-format-linter.yml +++ b/.github/workflows/clang-format-linter.yml @@ -9,6 +9,6 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: InsightSoftwareConsortium/ITKClangFormatLinterAction@main + - uses: InsightSoftwareConsortium/ITKClangFormatLinterAction@bab3a0bb26af8a23c7cc2c1d4265834415089eb5 # main with: itk-branch: main diff --git a/.github/workflows/test-gpu.yml b/.github/workflows/test-gpu.yml index 522917a..5e49f30 100644 --- a/.github/workflows/test-gpu.yml +++ b/.github/workflows/test-gpu.yml @@ -34,7 +34,7 @@ jobs: - uses: actions/checkout@v5 - name: Get specific version of CMake, Ninja - uses: lukka/get-cmake@v3.22.2 + uses: lukka/get-cmake@v4.3.3 - name: Download OpenCL-ICD-Loader run: | diff --git a/.github/workflows/test-notebooks.yml b/.github/workflows/test-notebooks.yml index 409e657..c483cc7 100644 --- a/.github/workflows/test-notebooks.yml +++ b/.github/workflows/test-notebooks.yml @@ -21,7 +21,7 @@ jobs: shell: bash - uses: actions/checkout@v5 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v5 with: python-version: '3.10'