https://github.com/actions/checkout/releases/tag/v5.0.0 was released a
couple of days ago (still new, sufficient bake time that there probably
is not a significant security issue). There are few changes, with the
most notable ones being dependency bumps, specifically the node version
bump to v24. This requires actions runner v2.327.1. I will land this
after all of the infrastructure has been moved over to the new runner
version.
This patch bumps workflows depending upon the Linux CI container to
ubuntu 24.04. The 22.04 container is no longer being built as it was
recently bumped to 24.04, so this patch moves all of these workflows
over to the new container to keep them updated and ensure they are using
an actually maintained version of the container image.
This patch haspins all actions in most of the LLVM Github workflows.
This is something we try to do, but no one has gone through and combed
through all of the workflows before this patch.
Notably, this patch does not bump any major versions of actions just in
case there are subtle breaking changes introduced between versions that
could impact us. Also, this patch omits the libc/libc++ workflows so
that they can be split into separate PRs for the respective subproject
maintainers to review.
This job will run once per day on the main branch, and for every commit
on a release branch. It currently only builds llvm, but could add more
sub-projects in the future.
OpenSSF Best Practices recommends running a static analyzer on software
before it is released:
https://www.bestpractices.dev/en/criteria/0#0.static_analysis
