[hipSOLVER][rocSOLVER] Pin build-time dependency fetches to immutable commits#8794
Open
qjojo wants to merge 2 commits into
Open
[hipSOLVER][rocSOLVER] Pin build-time dependency fetches to immutable commits#8794qjojo wants to merge 2 commits into
qjojo wants to merge 2 commits into
Conversation
… commits Replace mutable branch/tag refs in FetchContent and ExternalProject declarations with pinned 40-char commit SHAs so configure-time fetches cannot be altered upstream: - rocm-cmake (both libs): was develop/master branch, now therock-7.13 commit - lapack: was the lapack-3.7.1 branch, now the v3.7.1 commit - googletest: was the release-1.11.0 tag, now its commit Also convert rocSOLVER's rocm-cmake fallback from a hand-built archive URL download to git FetchContent, matching rocBLAS/rocSPARSE, so git verifies the commit by SHA. Each pin carries a "pinned-dep" comment to make future bumps easy to find. Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
tfalders
approved these changes
Jun 24, 2026
tfalders
left a comment
tfalders
left a comment
Contributor
There was a problem hiding this comment.
Looks good! One minor comment.
| message(STATUS "ROCmCMakeBuildTools not found. Fetching...") | ||
| set(rocm_cmake_tag "develop" CACHE STRING "rocm-cmake tag to download") | ||
| # pinned-dep rocm-cmake: immutable commit (was the mutable "develop" branch). | ||
| # Corresponds to the therock-7.13 tag. Bump at each ROCm release cut. |
Contributor
There was a problem hiding this comment.
We might want to add something to the bump script to do the bump automatically or remind us.
Align the rocm-cmake fallback pin with the rest of the ROCm libraries (rocBLAS/rocSPARSE/hipBLAS/rocALUTION all track rocm-6.4.0) instead of a one-off therock tag, and reword the comment to reflect that this fetch is a rarely-hit fallback rather than something bumped every release. Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. ❌ Your project status has failed because the head coverage (77.89%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## develop #8794 +/- ##
========================================
Coverage 71.50% 71.50%
========================================
Files 2612 2612
Lines 407895 407904 +9
Branches 60982 60983 +1
========================================
+ Hits 291632 291653 +21
+ Misses 94879 94865 -14
- Partials 21384 21386 +2
*This pull request uses carry forward flags. Click here to find out more. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A security scan flagged that we should be pinning our external dependencies with hashes rather than relying on mutable URL or tags. This patch updates the solver libraries to reference specific commits and use more stable functionality for retrieving external dependencies.