Skip to content

chore: pin GitHub Actions to commit SHAs#166

Merged
mpetrun5 merged 2 commits intomainfrom
chore/update-gh-actions-2026-03-31
Apr 10, 2026
Merged

chore: pin GitHub Actions to commit SHAs#166
mpetrun5 merged 2 commits intomainfrom
chore/update-gh-actions-2026-03-31

Conversation

@akandic47
Copy link
Copy Markdown

@akandic47 akandic47 commented Mar 31, 2026
edited
Loading

Summary

  • Pin all GitHub Action references to immutable commit SHAs instead of mutable tags
  • Prevents supply chain attacks via tag poisoning (e.g. Trivy-style attacks)
  • Version comments preserved inline for auditability
  • Actions updated to latest versions where applicable

Format

# Before (mutable tag):
uses: actions/checkout@v6.0.2
# After (immutable SHA):
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

Test plan

  • Verify CI passes with SHA-pinned actions

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 31, 2026

Go Test coverage is 53.1 %\ ✨ ✨ ✨

@akandic47 akandic47 force-pushed the chore/update-gh-actions-2026-03-31 branch from a82e345 to 832f502 Compare March 31, 2026 17:27
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 31, 2026

Go Test coverage is 53.1 %\ ✨ ✨ ✨

@akandic47 akandic47 force-pushed the chore/update-gh-actions-2026-03-31 branch from 832f502 to ff75176 Compare March 31, 2026 17:44
@akandic47 akandic47 force-pushed the chore/update-gh-actions-2026-03-31 branch from ff75176 to a6b896c Compare March 31, 2026 17:47
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 31, 2026

Go Test coverage is 53.1 %\ ✨ ✨ ✨

mpetrunic
mpetrunic previously approved these changes Apr 1, 2026
View reviewed changes
@akandic47
chore: pin GitHub Actions to commit SHAs
8be2389 
Pin all action references to immutable commit SHAs to prevent
supply chain attacks via tag poisoning. Version comments preserved
for auditability.
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 9, 2026

Go Test coverage is 53.3 %\ ✨ ✨ ✨

@akandic47 akandic47 changed the title chore: update GitHub Actions chore: pin GitHub Actions to commit SHAs Apr 9, 2026
@mpetrun5 mpetrun5 merged commit 20f8864 into main Apr 10, 2026
7 checks passed
@mpetrun5 mpetrun5 deleted the chore/update-gh-actions-2026-03-31 branch April 10, 2026 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mpetrun5 mpetrun5 mpetrun5 approved these changes

@mpetrunic mpetrunic mpetrunic left review comments

@tcar121293 tcar121293 Awaiting requested review from tcar121293 tcar121293 is a code owner

@MakMuftic MakMuftic Awaiting requested review from MakMuftic MakMuftic is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akandic47 @mpetrunic @mpetrun5