Skip to content

ci: pin GitHub Actions to commit SHAs#371

Open
roydahan wants to merge 1 commit into
scylladb:masterfrom
roydahan:ci/pin-github-actions-to-sha
Open

ci: pin GitHub Actions to commit SHAs#371
roydahan wants to merge 1 commit into
scylladb:masterfrom
roydahan:ci/pin-github-actions-to-sha

Conversation

@roydahan

@roydahan roydahan commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Pin all external GitHub Actions to full commit SHAs to reduce supply chain attack surface
  • Upgrade outdated actions to their latest versions

This PR was generated automatically. Please verify that GitHub Actions work as expected with these changes before merging.

Reference: scylladb/scylladb#29421

@roydahan
ci: pin GitHub Actions to commit SHAs
41f55bc 
Pin all external GitHub Actions to full commit SHAs to reduce supply
chain attack surface. Upgrade outdated actions to their latest versions.

Reference: scylladb/scylladb#29421
@coderabbitai

coderabbitai Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 354460b4-bfbf-40fb-8f51-a6724d4e813d

📥 Commits

Reviewing files that changed from the base of the PR and between 6317746 and 41f55bc.

📒 Files selected for processing (1)
  • .github/workflows/main.yml
📝 Walkthrough

Walkthrough

The PR updates the GitHub Actions workflow in .github/workflows/main.yml to pin core actions used in the build job to specific commit SHAs. Three actions were changed from floating major-version tags to pinned SHA references: actions/checkout, actions/setup-go, and actions/cache. The versions are updated to newer releases, and the existing step configuration including the checkout fetch-depth: '0' parameter is preserved.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title 'ci: pin GitHub Actions to commit SHAs' directly and clearly summarizes the main change in the pull request.
Description check ✅ Passed The description explains the purpose of pinning GitHub Actions to commit SHAs for security and mentions upgrading actions, which aligns with the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@roydahan