chore: pin codeql-action to SHA and remove release trigger for v4_development#1012
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…velopment scoping)
|
Caution Review failedAn error occurred during the review process. Please try again later. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary
Two CI fixes on
v4_developmentso the 4.0.0 release PR doesn't regressmain's hardening:Pin
github/codeql-action/*to a commit SHA. v4 used bare@v4tags forinit/autobuild/analyze, which would have replacedmain's SHA-pinned versions on merge. Now pinned to8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2(matchingmain), consistent with the other SHA-pinned actions in this workflow.Remove the release trigger for
v4_development. Removedgithub.event.pull_request.base.ref == 'v4_development'from release the job's .