Describe the enhancement
All GitHub Actions references currently use version tags (e.g. actions/checkout@v6). Per ASF best practices, these should be pinned to full commit SHAs to ensure reproducibility and protect against upstream tag changes.
This affects 146 action references across virtually all workflow files. The zizmor tool can auto-fix most of these with zizmor --fix.
Example
Before:
uses: actions/checkout@v6
After:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v6
Component(s)
Continuous Integration
Describe the enhancement
All GitHub Actions references currently use version tags (e.g.
actions/checkout@v6). Per ASF best practices, these should be pinned to full commit SHAs to ensure reproducibility and protect against upstream tag changes.This affects 146 action references across virtually all workflow files. The
zizmortool can auto-fix most of these withzizmor --fix.Example
Before:
After:
Component(s)
Continuous Integration