This is an automated email from the ASF dual-hosted git repository.
CTTY pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iceberg-rust.git
The following commit(s) were added to refs/heads/main by this push:
new 03be59e57 CI: Use specific patch versions in workflow action comments
(#2412)
03be59e57 is described below
commit 03be59e5794e6eb4161982d746cfa81becd9634e
Author: Kevin Liu <[email protected]>
AuthorDate: Wed May 6 13:54:50 2026 -0400
CI: Use specific patch versions in workflow action comments (#2412)
## Which issue does this PR close?
<!--
We generally require a GitHub issue to be filed for all bug fixes and
enhancements and this helps us generate change logs for our releases.
You can link an issue to this PR using the GitHub syntax. For example
`Closes #123` indicates that this PR will close issue #123.
-->
- Closes #.
## What changes are included in this PR?
Similar to https://github.com/apache/iceberg/pull/16229
The workflow files use SHA-pinned actions (immutable), but the
human-readable comments referenced only major versions (e.g., `# v6`, `#
v5`).
**When maintainers move these mutable tags to a new commit, zizmor fails
in CI because the SHA no longer matches the stated tag.**
<!--
Provide a summary of the modifications in this PR. List the main changes
such as new features, bug fixes, refactoring, or any other updates.
-->
## Are these changes tested?
<!--
Specify what test covers (unit test, integration test, etc.).
If tests are not included in your PR, please explain why (for example,
are they covered by existing tests)?
-->
---
.github/actions/overwrite-package-version/action.yml | 2 +-
.github/workflows/asf-allowlist-check.yml | 2 +-
.github/workflows/audit.yml | 2 +-
.github/workflows/bindings_python_ci.yml | 8 ++++----
.github/workflows/ci.yml | 18 +++++++++---------
.github/workflows/ci_typos.yml | 2 +-
.github/workflows/codeql.yml | 2 +-
.github/workflows/publish.yml | 2 +-
.github/workflows/release_python.yml | 10 +++++-----
.github/workflows/release_python_nightly.yml | 8 ++++----
.github/workflows/website.yml | 6 +++---
11 files changed, 31 insertions(+), 31 deletions(-)
diff --git a/.github/actions/overwrite-package-version/action.yml
b/.github/actions/overwrite-package-version/action.yml
index aed736ecf..f14c428ec 100644
--- a/.github/actions/overwrite-package-version/action.yml
+++ b/.github/actions/overwrite-package-version/action.yml
@@ -25,7 +25,7 @@ runs:
using: "composite"
steps:
- name: Setup Python
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
+ uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 #
v5.6.0
with:
python-version: '3.12'
diff --git a/.github/workflows/asf-allowlist-check.yml
b/.github/workflows/asf-allowlist-check.yml
index 65dbe8bcb..8d7952a9d 100644
--- a/.github/workflows/asf-allowlist-check.yml
+++ b/.github/workflows/asf-allowlist-check.yml
@@ -40,7 +40,7 @@ jobs:
asf-allowlist-check:
runs-on: ubuntu-24.04
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses:
apache/infrastructure-actions/allowlist-check@4e9c961f587f72b170874b6f5cd4ac15f7f26eb8
# main
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 3f9865ed8..e77fe7839 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -47,7 +47,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository == 'apache/iceberg-rust'
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- name: Setup Rust toolchain
diff --git a/.github/workflows/bindings_python_ci.yml
b/.github/workflows/bindings_python_ci.yml
index e1c885357..8d5395afe 100644
--- a/.github/workflows/bindings_python_ci.yml
+++ b/.github/workflows/bindings_python_ci.yml
@@ -47,7 +47,7 @@ jobs:
check-rust:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- name: Check format
@@ -60,7 +60,7 @@ jobs:
check-python:
runs-on: ubuntu-slim
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b #
v8.1.0
@@ -89,10 +89,10 @@ jobs:
- macos-latest
- windows-latest
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: 3.12
- uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b #
v1.51.0
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 47f55d658..3482e3348 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -53,7 +53,7 @@ jobs:
- ubuntu-latest
- macos-latest
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -67,7 +67,7 @@ jobs:
run: make check-toml
- name: Install protoc
- uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3
+ uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -93,7 +93,7 @@ jobs:
- macos-latest
- windows-latest
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -104,7 +104,7 @@ jobs:
uses: swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- name: Install protoc
- uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3
+ uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -121,7 +121,7 @@ jobs:
- macos-latest
- windows-latest
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -144,7 +144,7 @@ jobs:
- { name: "doc", args: "--doc --all-features --workspace" }
name: Tests (${{ matrix.test-suite.name }})
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -152,7 +152,7 @@ jobs:
uses: ./.github/actions/setup-builder
- name: Install protoc
- uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3
+ uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -191,11 +191,11 @@ jobs:
name: Verify MSRV
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- name: Install protoc
- uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3
+ uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Get MSRV
diff --git a/.github/workflows/ci_typos.yml b/.github/workflows/ci_typos.yml
index fff347e63..9de6462eb 100644
--- a/.github/workflows/ci_typos.yml
+++ b/.github/workflows/ci_typos.yml
@@ -43,7 +43,7 @@ jobs:
env:
FORCE_COLOR: 1
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- name: Check typos
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 7e9c8208c..49212916a 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -41,7 +41,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 83e1031d1..944e0a2f5 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -47,7 +47,7 @@ jobs:
- "crates/catalog/sql"
- "crates/integrations/datafusion"
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
diff --git a/.github/workflows/release_python.yml
b/.github/workflows/release_python.yml
index 1961b2250..7e7bb11d4 100644
--- a/.github/workflows/release_python.yml
+++ b/.github/workflows/release_python.yml
@@ -41,7 +41,7 @@ jobs:
cargo-version: ${{ steps.validate.outputs.cargo-version }}
is-rc: ${{ steps.validate.outputs.is-rc }}
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
persist-credentials: false
@@ -103,7 +103,7 @@ jobs:
runs-on: ubuntu-latest
needs: [validate-release-tag]
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -152,7 +152,7 @@ jobs:
}
- { os: ubuntu-latest, target: "armv7l" }
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -173,7 +173,7 @@ jobs:
rm Cargo.toml
mv Cargo.toml.tmp Cargo.toml
- - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: 3.12
- name: Get MSRV
@@ -224,7 +224,7 @@ jobs:
steps:
- name: Download all the dists
- uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+ uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: wheels-*
merge-multiple: true
diff --git a/.github/workflows/release_python_nightly.yml
b/.github/workflows/release_python_nightly.yml
index 1dd6c8e2a..c5fa93df3 100644
--- a/.github/workflows/release_python_nightly.yml
+++ b/.github/workflows/release_python_nightly.yml
@@ -40,7 +40,7 @@ jobs:
needs: set-version
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -77,7 +77,7 @@ jobs:
}
- { os: ubuntu-latest, target: "armv7l" }
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
@@ -85,7 +85,7 @@ jobs:
with:
timestamp: ${{ needs.set-version.outputs.TIMESTAMP }}
- - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
with:
python-version: 3.12
@@ -140,7 +140,7 @@ jobs:
steps:
- name: Download all the dists
- uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+ uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: wheels-*
merge-multiple: true
diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml
index 71fb9503c..6f2e97089 100644
--- a/.github/workflows/website.yml
+++ b/.github/workflows/website.yml
@@ -39,17 +39,17 @@ jobs:
permissions:
contents: write
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
persist-credentials: false
- name: Setup mdBook
- uses:
peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2
+ uses:
peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
with:
mdbook-version: "0.4.36"
- name: Install protoc
- uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3
+ uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b #
v3.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
