Skip to content

feat(ci): use sha instead of tag on steps #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 18, 2025
Merged

feat(ci): use sha instead of tag on steps #96

merged 1 commit into from
Aug 18, 2025

Conversation

tobiasehlert
Copy link
Member

This pull request updates several GitHub Actions in workflow files to use explicit commit SHAs for each action, rather than floating version tags. This change improves security and reliability by ensuring the workflows always use the intended action versions, preventing unexpected updates or breaking changes.

closes #95

@tobiasehlert tobiasehlert requested a review from Copilot August 18, 2025 13:16
@tobiasehlert tobiasehlert self-assigned this Aug 18, 2025
@tobiasehlert tobiasehlert added enhancement New feature or request dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Aug 18, 2025
Copilot
Copilot AI reviewed Aug 18, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request enhances security and reliability by replacing floating version tags with explicit commit SHAs for all GitHub Actions across workflow files. This prevents potential supply chain attacks and ensures consistent behavior by pinning actions to specific versions.

  • Replaces version tags (e.g., @v4, @v5) with commit SHAs and version comments
  • Updates actions across GitHub Pages, code generation, and CodeQL analysis workflows
  • Maintains version information in comments for easy reference and future updates

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.github/workflows/github-pages.yml Updates checkout, configure-pages, upload-pages-artifact, and deploy-pages actions to use commit SHAs
.github/workflows/generate.yml Updates checkout, setup-go, tailscale, add-and-commit, and repository-dispatch actions to use commit SHAs
.github/workflows/codeql-analysis.yml Updates checkout, setup-go, and all CodeQL actions to use commit SHAs

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@tobiasehlert tobiasehlert merged commit 2395978 into main Aug 18, 2025
2 checks passed
@tobiasehlert tobiasehlert deleted the feat(ci)-use-sha-instead-of-tag-on-steps branch August 18, 2025 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@tobiasehlert tobiasehlert

Labels
dependencies Pull requests that update a dependency file enhancement New feature or request github_actions Pull requests that update GitHub Actions code
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tobiasehlert