Skip to content

Upgrade GitHub Actions to latest versions #744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
salmanmkc wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Upgrade GitHub Actions to latest versions #744

salmanmkc wants to merge 3 commits into from

Conversation

@salmanmkc
Copy link
Contributor

@salmanmkc salmanmkc commented Dec 16, 2025
edited
Loading

Summary

Upgrade GitHub Actions to their latest versions for improved features, bug fixes, and security updates.

Changes

Action Old Version(s) New Version Files
actions/upload-pages-artifact v3 v4 workflow files
docker/build-push-action 0565240 2634353 workflow files
docker/login-action 343f7c4 5e57cd1 workflow files
docker/metadata-action 96383f4 c299e40 workflow files
docker/setup-buildx-action f95db51 e468171 workflow files
pypa/gh-action-pypi-publish release/v1 ed0c539 workflow files

Why upgrade?

Keeping GitHub Actions up to date ensures:

  • Security: Latest security patches and fixes
  • Features: Access to new functionality and improvements
  • Compatibility: Better support for current GitHub features
  • Performance: Optimizations and efficiency improvements

Note on pypa/gh-action-pypi-publish

This action uses branch-based versioning (release/v1.x) rather than tags. The v1 tag does not exist in this repository.

This PR pins to the SHA of release/v1.13 for security best practices:

uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # release/v1.13

Testing

These changes only affect CI/CD workflow configurations and should not impact application functionality.

@copy-pr-bot
Copy link

copy-pr-bot bot commented Dec 16, 2025

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@salmanmkc salmanmkc force-pushed the upgrade-github-actions-node24-general branch from 197caa2 to 7946504 Compare December 16, 2025 12:13
@lanluo-nvidia
Copy link
Collaborator

lanluo-nvidia commented Dec 16, 2025

/ok to test 7946504

lanluo-nvidia
lanluo-nvidia approved these changes Dec 16, 2025
View reviewed changes
Copy link
Collaborator

@lanluo-nvidia lanluo-nvidia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@salmanmkc
Copy link
Contributor Author

salmanmkc commented Dec 16, 2025

LGTM

Thanks!

@salmanmkc
Fix pypa/gh-action-pypi-publish to use SHA pinning
feea4f3 
Pin to release/v1.13 for security best practices.
The v1 tag doesn't exist - only release/v1 branch exists.

Signed-off-by: Salman Muin Kayser Chishti <[email protected]>
@salmanmkc
Copy link
Contributor Author

salmanmkc commented Dec 17, 2025

Updated this PR to fix the pypa/gh-action-pypi-publish version.

The v1 tag doesn't exist in that repo - it uses branch-based versioning (release/v1).

Changed to SHA pinning: @ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13

lanluo-nvidia
lanluo-nvidia approved these changes Dec 18, 2025
View reviewed changes
Copy link
Collaborator

@lanluo-nvidia lanluo-nvidia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lanluo-nvidia lanluo-nvidia lanluo-nvidia approved these changes

@parthchadha parthchadha Awaiting requested review from parthchadha parthchadha is a code owner

@pranavm-nvidia pranavm-nvidia Awaiting requested review from pranavm-nvidia pranavm-nvidia is a code owner

@jhalakpatel jhalakpatel Awaiting requested review from jhalakpatel jhalakpatel is a code owner

@yizhuoz004 yizhuoz004 Awaiting requested review from yizhuoz004 yizhuoz004 is a code owner

@shelkesagar29 shelkesagar29 Awaiting requested review from shelkesagar29 shelkesagar29 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@salmanmkc @lanluo-nvidia