From ab6d853cdca830772dcafcae11000678445d7eb6 Mon Sep 17 00:00:00 2001 From: homksei Date: Wed, 3 Jul 2024 09:46:08 +0200 Subject: [PATCH] chore: pin some dependencies by hash * Update `github-action-renovate-config-validator` action to specific commit hash * Pin actions in `nightly-build.yml` by hash * Specify `Miniconda` version and add checksum verification in `onedal-dev.Dockerfile` --- .github/workflows/nightly-build.yml | 12 ++++++------ .github/workflows/renovate-validation.yml | 2 +- dev/docker/onedal-dev.Dockerfile | 5 ++++- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml index dc9e6a06057..d0d69621f0a 100644 --- a/.github/workflows/nightly-build.yml +++ b/.github/workflows/nightly-build.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout oneDAL - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: repository: oneapi-src/oneDAL - name: Install DPC++ @@ -51,7 +51,7 @@ jobs: source /opt/intel/oneapi/compiler/latest/env/vars.sh .ci/scripts/build.sh --compiler icx --optimizations avx2 --target onedal - name: Archive build - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: __release_lnx path: ./__release_lnx @@ -64,7 +64,7 @@ jobs: steps: - name: Checkout oneDAL - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: repository: oneapi-src/oneDAL - name: Install DPC++ @@ -96,7 +96,7 @@ jobs: call .\dpcpp\compiler\latest\bin\sycl-ls.exe call .\.ci\scripts\build.bat onedal_dpc vc avx2 - name: Archive build - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: __release_win path: .\__release_win_vc @@ -105,12 +105,12 @@ jobs: run: | tar -cvzf icx.zip .\dpcpp - name: Archive DPC++ - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: icx_compiler path: .\icx.zip - name: Archive Intel OpenCL CPU runtime - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: opencl_rt_installer path: .\opencl_rt.msi diff --git a/.github/workflows/renovate-validation.yml b/.github/workflows/renovate-validation.yml index 3d273fcce43..4b6077d0b69 100644 --- a/.github/workflows/renovate-validation.yml +++ b/.github/workflows/renovate-validation.yml @@ -25,6 +25,6 @@ jobs: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Validate - uses: suzuki-shunsuke/github-action-renovate-config-validator@v1.1.0 + uses: suzuki-shunsuke/github-action-renovate-config-validator@b54483862375f51910a60c4f498e927d4f3df466 # v1.0.1 with: config_file_path: .github/renovate.json diff --git a/dev/docker/onedal-dev.Dockerfile b/dev/docker/onedal-dev.Dockerfile index fb6c02394cc..83f9ed1d9bb 100644 --- a/dev/docker/onedal-dev.Dockerfile +++ b/dev/docker/onedal-dev.Dockerfile @@ -17,6 +17,7 @@ FROM ubuntu:22.04@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658 ARG workdirectory="/sources/oneDAL" +ARG miniconda_version="py312_24.5.0-0" COPY . ${workdirectory} @@ -28,7 +29,9 @@ RUN apt-get update && \ # Install miniconda ENV CONDA_DIR /opt/conda -RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O ~/miniconda.sh && \ + +RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-${miniconda_version}-Linux-x86_64.sh -O ~/miniconda.sh && \ + echo "4b3b3b1b99215e85fd73fb2c2d7ebf318ac942a457072de62d885056556eb83e" ~/miniconda.sh | sha256sum -c - && \ /bin/bash ~/miniconda.sh -b -p /opt/conda # Put conda in path to use conda activate