Skip to content

ci: pin GitHub Actions to full commit SHAs#56843

Open
XananasX7 wants to merge 1 commit into
apache:masterfrom
XananasX7:fix/pin-actions-1782619439
Open

ci: pin GitHub Actions to full commit SHAs#56843
XananasX7 wants to merge 1 commit into
apache:masterfrom
XananasX7:fix/pin-actions-1782619439

Conversation

@XananasX7

Copy link
Copy Markdown

Pin unpinned GitHub Actions to immutable commit SHAs. Defense against supply-chain attacks via mutable tags. Version tags retained as inline comments. See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Pin unpinned action references to immutable commit SHAs.
Version tags retained as inline comments.

See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

@dongjoon-hyun dongjoon-hyun left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the ASF Infra team's guideline, we use these namespaces without restrictions intentionally, @XananasX7 .

You MAY use all actions internal to the apache/, github/ and actions/* namespaces without restrictions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants