Skip to content

fix: Pinning github actions to SHA#827

Merged
bupd merged 2 commits into
goharbor:mainfrom
LAKSHJAIN14:fix/pin-github-action-to-sha
May 26, 2026
Merged

fix: Pinning github actions to SHA#827
bupd merged 2 commits into
goharbor:mainfrom
LAKSHJAIN14:fix/pin-github-action-to-sha

Conversation

@LAKSHJAIN14

@LAKSHJAIN14 LAKSHJAIN14 commented Apr 21, 2026

Copy link
Copy Markdown
Contributor

Description

pinning the github actions to SHA and commenting the version beside it

Type of Change

Please select the relevant type.

  • Bug fix
  • New feature
  • Refactor
  • Documentation update
  • Chore / maintenance

@LAKSHJAIN14
pinning the github actions to SHA
dc4aae8 
Signed-off-by: LAKSHJAIN14 <jainlaksh07@gmail.com>
NucleoFusion
NucleoFusion suggested changes Apr 22, 2026
View reviewed changes

@NucleoFusion NucleoFusion left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dont think these shas/digests are right.
Can you give me the command you ran for these?
Cause from what I gather, the command should be structured like,

gh api repos/sigstore/cosign-installer/git/refs/tags/v3.7.0 \
  --jq '.object.sha'

@LAKSHJAIN14

LAKSHJAIN14 commented Apr 22, 2026

Copy link
Copy Markdown
Contributor Author

@NucleoFusion This is what I used and I am getting the same sha which is there on the release page as well

image

I think what you are getting from that command is the sha of the annotated tag but for pinning in github action we need the commit SHA which is visible at the bottom left in the below image
image

@LAKSHJAIN14
pinning to sha in workflows/pages.yaml
6b11548 
Signed-off-by: LAKSHJAIN14 <jainlaksh07@gmail.com>
NucleoFusion
NucleoFusion reviewed Apr 26, 2026
View reviewed changes
Comment thread .github/actions/publish-and-sign/action.yaml
Comment thread .github/actions/publish-and-sign/action.yaml
Comment thread .github/workflows/default.yaml
Comment thread .github/workflows/default.yaml
Comment thread .github/workflows/default.yaml
@codecov

codecov Bot commented Apr 28, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 9.00%. Comparing base (60ad0bd) to head (6b11548).
⚠️ Report is 146 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##             main    #827      +/-   ##
=========================================
- Coverage   10.99%   9.00%   -1.99%     
=========================================
  Files         173     272      +99     
  Lines        8671   13441    +4770     
=========================================
+ Hits          953    1211     +258     
- Misses       7612   12115    +4503     
- Partials      106     115       +9

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

NucleoFusion
NucleoFusion approved these changes Apr 28, 2026
View reviewed changes

@NucleoFusion NucleoFusion left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm
Thanks for the contribution!

@NucleoFusion NucleoFusion mentioned this pull request Apr 30, 2026
Closed
@LAKSHJAIN14

LAKSHJAIN14 commented May 6, 2026

Copy link
Copy Markdown
Contributor Author

@bupd friendly ping

@NucleoFusion NucleoFusion mentioned this pull request May 6, 2026
Open
5 tasks
@Sypher845

Sypher845 commented May 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

@NucleoFusion @LAKSHJAIN14 .github/actions/scoop-update/action.yaml was added recently in #844 and has actions/checkout@v4 unpinned. Can we pin that here too so everything's covered before merging?

bupd
bupd approved these changes May 26, 2026
View reviewed changes

@bupd bupd left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@bupd bupd mentioned this pull request May 26, 2026
Open
@bupd bupd changed the title fix : pinning the github actions to SHA fix: Pinning github actions to SHA May 26, 2026
@bupd bupd merged commit d4df6dd into goharbor:main May 26, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bupd bupd bupd approved these changes

+1 more reviewer

@NucleoFusion NucleoFusion NucleoFusion approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pin the github actions to SHA

4 participants

@LAKSHJAIN14 @Sypher845 @bupd @NucleoFusion