chore: secure github actions using hash instead of versions #1232
Conversation
Codecov ReportPatch and project coverage have no change.
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. Additional details and impacted files@@ Coverage Diff @@
## main #1232 +/- ##
=========================================
Coverage 79.35% 79.35%
Complexity 641 641
=========================================
Files 73 73
Lines 2446 2446
Branches 253 253
=========================================
Hits 1941 1941
Misses 425 425
Partials 80 80 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
I think this is an improvement on how it is today and we should merge it.
I also think in a subsequent task it is worth digging into the smaller 3rd party actions - e.g. ahmadnassri/action-workflow-run-wait, release-drafter/release-drafter, and jacobtomlinson/gha-find-replace and checking if we can't get away with some github 1st party action, or, a powertools shared action, or failing the previous options reviewing the code of the thing.
|
@jeromevdl I think we should merge this - wdyt? |
|
agree! |
jeromevdl
force-pushed
the
gh-actions-hash
branch
from
02da4b7
to
1bdb1c7
Compare
|
except that build fails without clear reason why... |
It was because of the docs.yaml deleted by @kozub, the merge didn't work well... I've deleted it. |
|
Kudos, SonarCloud Quality Gate passed!
|
Issue #, if available:
Description of changes:
Replace all explicit versions with hashes to pin to a specific version.
Checklist
Breaking change checklist
RFC issue #:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.