Skip to content

fix: pin 6 unpinned 3rd party actions#621

Open
rr3khan wants to merge 3 commits into
1Password:mainfrom
rr3khan:rr3khan/pin-3rd-party-actions
Open

fix: pin 6 unpinned 3rd party actions#621
rr3khan wants to merge 3 commits into
1Password:mainfrom
rr3khan:rr3khan/pin-3rd-party-actions

Conversation

@rr3khan

@rr3khan rr3khan commented Jul 3, 2026

Copy link
Copy Markdown

Overview

Pins the 6 third-party GitHub Actions used in this repo's workflows to immutable commit SHAs instead of mutable version tags, per GitHub's security guidance. The version tag is kept as a trailing comment for readability.

No functional changes each SHA is the exact commit the version tag currently resolves to, so workflow behaviour is unchanged.

If you see this Hi Scott.

Type of change

  • Other CI Security cleanup

How To Test

No behavior change to verify CI on this PR runs the same steps against the same action versions, now pinned. Each pin can be independently confirmed by comparing the tag to the SHA, e.g.:

https://github.com/golangci/golangci-lint-action/compare/v9...ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a

Changelog

N/A CI/CD infrastructure change only, no user-facing impact.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant