ci : pin dependency to specific version

[ngxson]

Pin some workflows to specific version, for better security and stability.

This also fixes the problem with latest editorconfig version, ref: editorconfig-checker/editorconfig-checker#409

[ngxson]

Hmm, the action for editorconfig-checker only have v2 tag, but the underlay package has multiple versions. This is a bad practice, I'll need to adapt this.

[ngxson]

Alright, this fixed the editorconfig workflow

[ggerganov]

Btw, while at this, should we move the release action to the ggml-org organization:

llama.cpp/.github/workflows/build.yml

Lines 1238 to 1242 in 02f0430

	- name: Create release
	id: create_release
	uses: anzz1/action-create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

[ngxson]

Yeah we should, for security reason. Actually I was surprised because github does not have an official action for that.

[ngxson]

Hmm no sorry, they do have: https://github.com/actions/create-release

We should use this one then

[ngxson]

Oh I didn't see, it's deprecated. We should make a fork in ggml-org then.

[ngxson]

Let's fork or clone https://github.com/anzz1/action-create-release to ggml-org

[ggerganov]

Let's fork or clone anzz1/action-create-release to ggml-org

Done: https://github.com/ggml-org/action-create-release

Maybe we should do the same for all actions that can modify the output artifacts. Not sure if there is any other than the action-create-release.

[ngxson]

Yup it would be nice if you can fork these actions too:

• https://github.com/hendrikmuhs/ccache-action (used in windows-2019-cmake-cuda)
• https://github.com/jlumbroso/free-disk-space (used for building docker image)

Thanks.

[ggerganov]

I forked the https://github.com/ggml-org/free-disk-space. The https://github.com/hendrikmuhs/ccache-action repo seems to be active, so I guess it is OK to keep using the source repo.