Skip to content

🩹 [Patch]: Pin GitHub-Script action to specific version #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MariusStorhaug merged 1 commit into from
Jan 22, 2026
Merged

🩹 [Patch]: Pin GitHub-Script action to specific version #9

MariusStorhaug merged 1 commit into from
Jan 22, 2026

Conversation

@MariusStorhaug
Copy link
Member

@MariusStorhaug MariusStorhaug commented Jan 22, 2026
edited
Loading

The GitHub-Script action dependency is now pinned to a specific commit SHA (v1.7.8) for improved security and reproducibility. This ensures consistent builds and protects against potential supply chain attacks where action tags could be moved to point to malicious code.

Pin GitHub-Script action to specific SHA

Updated the action reference in action.yml from the previous SHA to the latest version:

Before After
PSModule/GitHub-Script@8b9d2739d6896975c0e5448d2021ae2b94b6766a (v1.7.6) PSModule/GitHub-Script@2010983167dc7a41bcd84cb88e698ec18eccb7ca (v1.7.8)

Why pin to SHA?

Pinning actions to specific commit SHAs is a security best practice that:

  • Prevents tag mutation attacks - Tags can be moved, but SHAs are immutable
  • Ensures reproducible builds - The exact same code runs every time
  • Provides audit trail - Changes to dependencies are explicit and reviewable

@MariusStorhaug MariusStorhaug marked this pull request as ready for review January 22, 2026 17:18
Copilot AI review requested due to automatic review settings January 22, 2026 17:18
@MariusStorhaug MariusStorhaug merged commit 405b128 into main Jan 22, 2026
19 checks passed
@MariusStorhaug MariusStorhaug deleted the patch/pin-github-script-action branch January 22, 2026 17:18
Copilot AI reviewed Jan 22, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the PSModule/GitHub-Script action dependency to a newer pinned version for improved security and consistency. The action is pinned using commit SHA to prevent tag mutation attacks and ensure reproducible builds.

Changes:

  • Updated GitHub-Script action from v1.7.6 to v1.7.8 with corresponding SHA update

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

Patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MariusStorhaug