Skip to content

Pin GitHub Actions to full-length commit SHAs#571

Merged
tamalsaha merged 3 commits into
masterfrom
pin-actions-sha
May 19, 2026
Merged

Pin GitHub Actions to full-length commit SHAs#571
tamalsaha merged 3 commits into
masterfrom
pin-actions-sha

Conversation

@tamalsaha
Copy link
Copy Markdown
Member

@tamalsaha tamalsaha commented May 19, 2026

Summary

  • Pin actions/checkout, actions/setup-go, actions/setup-node, and FirebaseExtended/action-hosting-deploy to full commit SHAs across ci.yml, preview-website.yml, and release.yml
  • Bump release.yml's actions/checkout from v1 to v4 along the way (v1 was unpinned too)

Test plan

  • CI runs successfully on this PR
  • Release workflow still functions on next tag push

@tamalsaha
Pin GitHub Actions to full-length commit SHAs
07de05c 
Repo policy requires all actions to be pinned to a commit SHA rather
than a version tag. Bumps actions/checkout in release.yml from v1 to v4
along the way.

Signed-off-by: Tamal Saha <tamal@appscode.com>
kodiakhq[bot]
kodiakhq Bot previously approved these changes May 19, 2026
View reviewed changes
@tamalsaha
Use Node.js 22 in workflows
e85b227 
Signed-off-by: Tamal Saha <tamal@appscode.com>
kodiakhq[bot]
kodiakhq Bot previously approved these changes May 19, 2026
View reviewed changes
@tamalsaha
Grant checks/pull-requests write to preview-website workflow
4f1ba91 
FirebaseExtended/action-hosting-deploy needs checks:write to create
check runs and pull-requests:write to post the preview comment. The
default GITHUB_TOKEN permissions no longer include these, causing a 403
on POST /repos/.../check-runs.

Signed-off-by: Tamal Saha <tamal@appscode.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026

Visit the preview URL for this PR (updated for commit 4f1ba91):

https://blog-v1-hugo--pr571-pin-actions-sha-8j9wh4h9.web.app

(expires Tue, 26 May 2026 14:29:01 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

Sign: ddacb919f90a98185619681ef0da6429c962b808

@tamalsaha tamalsaha merged commit 041d207 into master May 19, 2026
6 checks passed
@tamalsaha tamalsaha deleted the pin-actions-sha branch May 19, 2026 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kodiakhq kodiakhq[bot] kodiakhq[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tamalsaha