Skip to content

feat(ci): use sha instead of tag on steps#487

Merged
tobiasehlert merged 1 commit intomainfrom
feat(ci)-use-sha-instead-of-tag-on-steps
Aug 18, 2025
Merged

feat(ci): use sha instead of tag on steps#487
tobiasehlert merged 1 commit intomainfrom
feat(ci)-use-sha-instead-of-tag-on-steps

Conversation

@tobiasehlert
Copy link
Member

@tobiasehlert tobiasehlert commented Aug 18, 2025

This pull request updates several GitHub Actions in workflow files to use explicit commit SHAs for each action, rather than floating version tags. This change improves security and reliability by ensuring the workflows always use the intended action versions, preventing unexpected updates or breaking changes.

closes #485

@tobiasehlert tobiasehlert requested a review from Copilot August 18, 2025 13:16
@tobiasehlert tobiasehlert self-assigned this Aug 18, 2025
@tobiasehlert tobiasehlert added enhancement New feature or request dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Aug 18, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 18, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov
Copy link

codecov bot commented Aug 18, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.30%. Comparing base (4b0728b) to head (bfe16cc).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #487   +/-   ##
=======================================
  Coverage   80.30%   80.30%           
=======================================
  Files          22       22           
  Lines        3697     3697           
=======================================
  Hits         2969     2969           
  Misses        587      587           
  Partials      141      141
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed Aug 18, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request updates GitHub Actions workflow files to use explicit commit SHAs instead of floating version tags, improving security and reliability by pinning actions to specific commits. This follows security best practices by preventing unexpected updates that could introduce breaking changes or vulnerabilities.

  • Replace floating version tags (e.g., v4, v5) with commit SHAs and version comments
  • Update all GitHub Actions across multiple workflow files
  • Add version comments for clarity and maintenance

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/workflows/documentation.yml Pin checkout, setup-go, upload-release-action, and repository-dispatch actions to specific SHAs
.github/workflows/dockerhub.yml Pin checkout and dockerhub-description actions to specific SHAs
.github/workflows/codeql-analysis.yml Pin checkout, setup-go, and CodeQL actions to specific SHAs
.github/workflows/codecov.yml Pin checkout, setup-go, tailscale, and codecov actions to specific SHAs
.github/workflows/build.yml Pin multiple Docker-related actions, cosign-installer, and repository-dispatch actions to specific SHAs

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@tobiasehlert tobiasehlert merged commit 2b0f4da into main Aug 18, 2025
7 checks passed
@tobiasehlert tobiasehlert deleted the feat(ci)-use-sha-instead-of-tag-on-steps branch August 18, 2025 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@tobiasehlert tobiasehlert

Labels

dependencies Pull requests that update a dependency file enhancement New feature or request github_actions Pull requests that update Github_actions code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tobiasehlert