CI: apply gha-update by andyfaff · Pull Request #8 · numpy/numpy-release

andyfaff · 2025-08-26T09:00:41Z

updates hashes and appends version numbers

mattip

LGTM, as an exercise I tried looking up these hashes.

I could not find the action/download-artifact source repo to verify the hash, is it from github itself?

mattip · 2025-08-26T13:10:00Z

    steps:
      - name: Checkout numpy-release
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0


Matches the hash from https://github.com/actions/checkout/releases/tag/v5.0.0

mattip · 2025-08-26T13:12:59Z


      - name: Build wheels
-        uses: pypa/cibuildwheel@c923d83ad9c1bc00211c5041d0c3f73294ff88f6
+        uses: pypa/cibuildwheel@c923d83ad9c1bc00211c5041d0c3f73294ff88f6 # v3.1.4


Matches the hash from https://github.com/pypa/cibuildwheel/releases/tag/v3.1.4

mattip · 2025-08-26T13:14:52Z

        # win-arm64 is unsupported by micromamba at the moment
        if: github.event_name == 'schedule' && matrix.buildplat[1] != 'win_arm64'
-        uses: mamba-org/setup-micromamba@b09ef9b599704322748535812ca03efb2625677b
+        uses: mamba-org/setup-micromamba@b09ef9b599704322748535812ca03efb2625677b # v2.0.5


Matches the hash from https://github.com/mamba-org/setup-micromamba/releases/tag/v2.0.5

mattip · 2025-08-26T13:19:09Z

    steps:
      - name: Download sdist and wheels
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v.4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0


I could not actually find this action, do you know where to verify the hash?

https://github.com/actions/download-artifact/tags

mattip · 2025-08-26T13:21:06Z


      - name: Publish
-        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc  # v1.12.4
+        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4


Matches the hash from https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.12.4

mattip · 2025-08-26T21:44:25Z

Thanks @andyfaff

updates hashes and appends version numbers

CI: apply gha-update

92b55fe

updates hashes and appends version numbers

mattip approved these changes Aug 26, 2025

View reviewed changes

mattip merged commit 3f3fa0d into numpy:main Aug 26, 2025
157 of 158 checks passed

andyfaff deleted the gha-update branch August 26, 2025 22:03

rgommers pushed a commit that referenced this pull request Sep 8, 2025

CI: apply gha-update (#8)

8a94a75

updates hashes and appends version numbers

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI: apply gha-update#8

CI: apply gha-update#8
mattip merged 1 commit into
numpy:mainfrom
andyfaff:gha-update

andyfaff commented Aug 26, 2025

Uh oh!

mattip left a comment

Uh oh!

mattip Aug 26, 2025

Uh oh!

mattip Aug 26, 2025

Uh oh!

mattip Aug 26, 2025

Uh oh!

mattip Aug 26, 2025

Uh oh!

andyfaff Aug 26, 2025

Uh oh!

mattip Aug 26, 2025

Uh oh!

Uh oh!

mattip commented Aug 26, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

andyfaff commented Aug 26, 2025

Uh oh!

mattip left a comment

Choose a reason for hiding this comment

Uh oh!

mattip Aug 26, 2025

Choose a reason for hiding this comment

Uh oh!

mattip Aug 26, 2025

Choose a reason for hiding this comment

Uh oh!

mattip Aug 26, 2025

Choose a reason for hiding this comment

Uh oh!

mattip Aug 26, 2025

Choose a reason for hiding this comment

Uh oh!

andyfaff Aug 26, 2025

Choose a reason for hiding this comment

Uh oh!

mattip Aug 26, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

mattip commented Aug 26, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants