ci : pin dependency to specific version

[ngxson]

Pin some workflows to specific version, for better security and stability.

This also fixes the problem with latest editorconfig version, ref: editorconfig-checker/editorconfig-checker#409

[ngxson]

Hmm, the action for editorconfig-checker only have v2 tag, but the underlay package has multiple versions. This is a bad practice, I'll need to adapt this.

[ngxson]

Alright, this fixed the editorconfig workflow

[ggerganov]

Btw, while at this, should we move the release action to the ggml-org organization: https://github.com/ggerganov/llama.cpp/blob/02f04301417e7fb44fa1025bc1b0aef866e2ca89/.github/workflows/build.yml#L1238-L1242

[ngxson]

Yeah we should, for security reason. Actually I was surprised because github does not have an official action for that.

[ngxson]

Hmm no sorry, they do have: https://github.com/actions/create-release

We should use this one then

[ngxson]

Oh I didn't see, it's deprecated. We should make a fork in ggml-org then.

[ngxson]

Let's fork or clone https://github.com/anzz1/action-create-release to ggml-org

[ggerganov]

Let's fork or clone anzz1/action-create-release to ggml-org

Done: https://github.com/ggml-org/action-create-release

Maybe we should do the same for all actions that can modify the output artifacts. Not sure if there is any other than the action-create-release.

[ngxson]

Yup it would be nice if you can fork these actions too:

• https://github.com/hendrikmuhs/ccache-action (used in windows-2019-cmake-cuda)
• https://github.com/jlumbroso/free-disk-space (used for building docker image)

Thanks.

[ggerganov]

I forked the https://github.com/ggml-org/free-disk-space. The https://github.com/hendrikmuhs/ccache-action repo seems to be active, so I guess it is OK to keep using the source repo.