Skip to content

Pin GHAs#41

Open
dpowley wants to merge 1 commit into
mainfrom
pin-gha
Open

Pin GHAs#41
dpowley wants to merge 1 commit into
mainfrom
pin-gha

Conversation

@dpowley
Copy link
Copy Markdown

@dpowley dpowley commented Mar 25, 2026

Summary

Pin all GitHub Actions to full commit SHAs to prevent supply chain attacks from compromised tags.

Changes

Action Old Ref New Ref SHA
actions/checkout v4 v4.3.1 34e1148
KyleMayes/install-llvm-action v1 v1 1a3da29
johnwason/vcpkg-action v5 v5 3839b02

All pinned commits are at least 90 days old. Original version tags are preserved as inline comments for maintainability.

Files modified:

  • .github/workflows/mirai_on_mirai.yml — pinned actions/checkout, KyleMayes/install-llvm-action, johnwason/vcpkg-action
  • .github/workflows/rust.yml — pinned actions/checkout (3 occurrences), johnwason/vcpkg-action

@dpowley dpowley requested a review from peter-cg March 25, 2026 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peter-cg peter-cg Awaiting requested review from peter-cg

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dpowley