Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: pin GitHub Actions workflows #2319

Closed
wants to merge 1 commit into from

Conversation

ErikSchierboom
Copy link
Member

This PR updates GitHub Actions workflows to a specific version.
This ensures that the workflow will always run the same code, which makes your build stable.
It will also prevent a potential security issue where a tag could be replaced by a malicious commit without consumers being aware of it.

The PR updates each non-SHA based workflow reference with the SHA of the referenced version/tag, so the current behavior should not change.

See https://exercism.org/docs/building/github/gha-best-practices#h-pin-actions-to-shas for more information.

@ErikSchierboom ErikSchierboom added the x:size/tiny Tiny amount of work label Nov 14, 2023
@ErikSchierboom ErikSchierboom marked this pull request as draft November 14, 2023 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
x:size/tiny Tiny amount of work
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant