Skip to content

Use commit hashes for GitHub Action versions#388

Merged
denyeart merged 1 commit intohyperledger:mainfrom
bestbeforetoday:action-hashes
Jul 22, 2025
Merged

Use commit hashes for GitHub Action versions#388
denyeart merged 1 commit intohyperledger:mainfrom
bestbeforetoday:action-hashes

Conversation

@bestbeforetoday
Copy link
Member

@bestbeforetoday bestbeforetoday commented Jul 21, 2025

Closes #387

@bestbeforetoday
Use commit hashes for GitHub Action versions
b060d09 
Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 21, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bestbeforetoday bestbeforetoday marked this pull request as ready for review July 21, 2025 21:35
@bestbeforetoday bestbeforetoday requested a review from a team as a code owner July 21, 2025 21:35
@denyeart
Copy link
Contributor

denyeart commented Jul 22, 2025

I had been holding out on using commit hashes for github actions as I didn't know if the benefits warranted the additional maintenance, at least for github provided actions where the risk is low. For third party actions I agree there is more risk and therefore more reason to do so.

We could also decide to do it for release actions but not other actions since the stakes are higher for release actions.

This is probably a decision that should span all repositories, so just wanted to pause a moment and collect thoughts before merging.

@bestbeforetoday
Copy link
Member Author

bestbeforetoday commented Jul 22, 2025

My intention was to also enable dependabot for the GitHub Actions ecosystem, which means that dependabot deals with keeping the hashes up-to-date with the latest release and it is no effort (other than merging dependabot PRs) for maintainers. I am already doing this successfully for the fabric-gateway repository.

@denyeart
Copy link
Contributor

denyeart commented Jul 22, 2025

Ok sounds good.

@denyeart denyeart merged commit c56793c into hyperledger:main Jul 22, 2025
10 checks passed
@bestbeforetoday bestbeforetoday deleted the action-hashes branch July 22, 2025 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@denyeart denyeart denyeart approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Reference action versions by hash in GitHub Actions workflows

2 participants

@bestbeforetoday @denyeart