Skip to content

fix: update github-actions to latest SHA (42304ed)#7957

Open
buger wants to merge 2 commits intomasterfrom
fix/update-github-actions-sha-latest
Open

fix: update github-actions to latest SHA (42304ed)#7957
buger wants to merge 2 commits intomasterfrom
fix/update-github-actions-sha-latest

Conversation

@buger
Copy link
Copy Markdown
Member

@buger buger commented Apr 1, 2026

Updates all TykTechnologies/github-actions SHA references to 42304edda365365e0a887cf018d8edc34b960b82.

Includes PR #105: fix unsafe pip/npm/go installs in reusable workflows.

  • 21 references updated across 10 workflow files

@buger @claude
Update github-actions refs to latest SHA (42304ed)
e149ea1 
Includes PR #105: fix unsafe pip/npm/go installs in reusable workflows.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@buger buger requested review from a team as code owners April 1, 2026 10:16
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 1, 2026

API Changes

no api changes detected

@probelabs
Copy link
Copy Markdown
Contributor

probelabs bot commented Apr 1, 2026
edited
Loading

This pull request updates the pinned commit SHA for the shared TykTechnologies/github-actions repository across all 10 CI/CD workflow files. The reference is updated from 2b35ab5 to 42304ed.

According to the description, this change incorporates a security fix from the shared actions repository (PR #105) that addresses unsafe pip, npm, and go installation methods within the reusable workflows.

Files Changed Analysis

  • 10 files changed: All modifications are within the .github/workflows/ directory.
  • Consistent Pattern: Every change consists of replacing the old commit SHA (2b35ab5dd4cfff21ced9d12446e9e27d10bf5785) with the new one (42304edda365365e0a887cf018d8edc34b960b82).
  • No Logic Change: The structure and logic of the workflows remain unchanged; this is strictly a dependency version bump.

Architecture & Impact Assessment

  • What this PR accomplishes: The PR standardizes the version of the shared GitHub Actions used by this repository's CI/CD pipelines and patches potential security vulnerabilities in the build and test processes.
  • Key technical changes introduced: This is a dependency update, pinning all reusable workflow calls to a newer, more secure commit.
  • Affected system components: The entire CI/CD infrastructure is affected, including workflows for testing, linting, security scanning, releases, and automation.
graph TD
    subgraph "Central Dependency"
        GA["TykTechnologies/github-actions@42304ed"]
    end

    subgraph "This Repository's Workflows"
        W1["ci-tests.yml"]
        W2["codeql-analysis.yml"]
        W3["release.yml"]
        W_etc["... (7 more)"]
    end

    W1 -->|uses| GA
    W2 -->|uses| GA
    W3 -->|uses| GA
    W_etc -->|uses| GA
Loading

Scope Discovery & Context Expansion

  • Scope of Impact: The change is confined to the repository's CI/CD pipeline configuration. It has no direct impact on the application's runtime code.
  • Broader Context: This is a proactive security and maintenance measure. By updating the shared action's SHA, the repository ensures its build environment is patched against vulnerabilities found in the previous version, reducing the risk of a supply chain attack during the CI process. The change is self-contained and does not require further exploration of other parts of the codebase.
Metadata
  • Review Effort: 1 / 5
  • Primary Label: chore

Powered by Visor from Probelabs

Last updated: 2026-04-02T18:37:50.583Z | Triggered by: pr_updated | Commit: 20a5219

💡 TIP: You can chat with Visor using /visor ask <your question>

@probelabs
Copy link
Copy Markdown
Contributor

probelabs bot commented Apr 1, 2026
edited
Loading

✅ Security Check Passed

No security issues found – changes LGTM.

✅ Performance Check Passed

No performance issues found – changes LGTM.

✅ Security Check Passed

No security issues found – changes LGTM.

\n\n \n\n

✅ Performance Check Passed

No performance issues found – changes LGTM.

\n\n

✅ Quality Check Passed

No quality issues found – changes LGTM.

Powered by Visor from Probelabs

Last updated: 2026-04-02T18:37:48.470Z | Triggered by: pr_updated | Commit: 20a5219

💡 TIP: You can chat with Visor using /visor ask <your question>

@buger buger enabled auto-merge (squash) April 1, 2026 10:19
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 2, 2026

🚨 Jira Linter Failed

Commit: 20a5219
Failed at: 2026-04-02 18:35:37 UTC

The Jira linter failed to validate your PR. Please check the error details below:

🔍 Click to view error details 
failed to validate branch and PR title rules: branch name 'fix/update-github-actions-sha-latest' must contain a valid Jira ticket ID (e.g., ABC-123)

Next Steps

  • Ensure your branch name contains a valid Jira ticket ID (e.g., ABC-123)
  • Verify your PR title matches the branch's Jira ticket ID
  • Check that the Jira ticket exists and is accessible

This comment will be automatically deleted once the linter passes.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 2, 2026

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
87.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@buger @ilijabojanovic