Skip to content

[BUG] Start using pinned versions for internal GHA needs#15

Merged
John McCall (lowlydba) merged 2 commits into
mainfrom
14-bug-omf-pr-checks-not-accessible-to-other-repos
Apr 9, 2026
Merged

[BUG] Start using pinned versions for internal GHA needs#15
John McCall (lowlydba) merged 2 commits into
mainfrom
14-bug-omf-pr-checks-not-accessible-to-other-repos

Conversation

@lowlydba

@lowlydba John McCall (lowlydba) commented Apr 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This resolves the chicken-and-egg problem of using a main branch, while still giving us full control over versioning.

@lowlydba
Update omf_pr_checks.yml
a35b4f4 
Signed-off-by: John McCall <john@overturemaps.org>
@lowlydba John McCall (lowlydba) requested a review from a team as a code owner April 9, 2026 13:45
Copilot AI review requested due to automatic review settings April 9, 2026 13:45
@lowlydba John McCall (lowlydba) linked an issue Apr 9, 2026 that may be closed by this pull request
[BUG] OMF PR Checks not accessible to other repos #14
Closed
@lowlydba
Update omf_pr_checks.yml
927fd4a 
Signed-off-by: John McCall <john@overturemaps.org>
@lowlydba John McCall (lowlydba) merged commit 4fbe12a into main Apr 9, 2026
5 of 6 checks passed
@lowlydba John McCall (lowlydba) deleted the 14-bug-omf-pr-checks-not-accessible-to-other-repos branch April 9, 2026 13:48
Copilot AI reviewed Apr 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the “OMF PR Checks” required workflow to consume the shared OvertureMaps validation workflow/action via a versioned reference, avoiding reliance on a local path or @main.

Changes:

  • Switch validate-pr-title from a local reusable workflow reference to OvertureMaps/workflows/...@v1.
  • Switch check-linked-issue from a local composite action reference to OvertureMaps/workflows/...@v1.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/omf_pr_checks.yml
issues: write # to post PR-related issue comments
statuses: write # to update commit status checks
uses: ./.github/workflows/validate-pr-title.yml
uses: OvertureMaps/workflows/.github/workflows/validate-pr-title.yml@validate-pr-title-v1 # zizmor: ignore[unpinned-uses]

Copilot AI Apr 9, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@v1 is still a floating ref (mutable tag) and won’t satisfy “pinned”/immutable action provenance checks. If the intent is deterministic + supply-chain safe runs, pin these uses: references to a commit SHA (or at least an immutable release tag like v1.0.0) and remove the zizmor: ignore[unpinned-uses] suppression once pinned.

Copilot uses AI. Check for mistakes.
Comment thread .github/workflows/omf_pr_checks.yml
steps:
- name: Check for linked issue
uses: ./.github/actions/check-linked-issue
uses: OvertureMaps/workflows/.github/actions/check-linked-issue@check-linked-issue-v1 # zizmor: ignore[unpinned-uses]

Copilot AI Apr 9, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This action reference uses @v1, which is a moving tag and not an immutable pin; it also suppresses zizmor’s unpinned-uses finding. Consider pinning to a specific commit SHA (or immutable v1.x.y tag) so PR checks don’t change unexpectedly and the suppression can be dropped.

Suggested change
uses: OvertureMaps/workflows/.github/actions/check-linked-issue@check-linked-issue-v1 # zizmor: ignore[unpinned-uses]
uses: OvertureMaps/workflows/.github/actions/check-linked-issue@<FULL_40_CHARACTER_COMMIT_SHA>

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] OMF PR Checks not accessible to other repos

2 participants

@lowlydba