Skip to content

CI Use hashes to pin most Github actions #29206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

CI Use hashes to pin most Github actions #29206

wants to merge 1 commit into from

Conversation

lesteve
Copy link
Member

@lesteve lesteve commented Jun 6, 2024
edited
Loading

This will allow the Dependabot PR #29203 to update commit hashes with human readable comment instead of only major version.

I added the major.minor.patch manually based on each project release/tags. After that I used https://github.com/mheap/pin-github-action to transform into commit hashes. I double-checked everything looked allright:

Side comment: there are still 3 actions without commit hash because I am not quite sure how to do it. They have many actions in the same repo: https://github.com/github/codeql-action

❯ git grep -P 'uses:.+@v\d' .github/workflows/
.github/workflows/codeql.yml:      uses: github/codeql-action/init@v3
.github/workflows/codeql.yml:      uses: github/codeql-action/autobuild@v3
.github/workflows/codeql.yml:      uses: github/codeql-action/analyze@v3

lesteve
lesteve commented Jun 6, 2024
View reviewed changes
.github/workflows/artifact-redirector.yml
@@ -15,7 +15,7 @@ jobs:
name: Run CircleCI artifacts redirector
steps:
- name: GitHub Action step
uses: larsoner/circleci-artifacts-redirector-action@master
uses: larsoner/circleci-artifacts-redirector-action@4e13a10d89177f4bfc8007a7064bdbeda848d8d1 # v1.0.0
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I figure I would use the latest version rather than master here

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 6, 2024

✔️ Linting Passed

All linting checks passed. Your pull request is in excellent shape! ☀️

Generated for commit: b3e6ed3. Link to the linter CI: here

@lesteve lesteve mentioned this pull request Jun 6, 2024
Closed
@lesteve
Copy link
Member Author

lesteve commented Jun 6, 2024

Apparently this is was a bit too naive, see #29203 (comment)

@lesteve lesteve closed this Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Build / CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lesteve