Skip to content

chore(workflows): pin AWS actions to commit SHAs#8923

Merged
valerena merged 1 commit intoaws:developfrom
valerena:pin-aws-actions
Apr 16, 2026
Merged

chore(workflows): pin AWS actions to commit SHAs#8923
valerena merged 1 commit intoaws:developfrom
valerena:pin-aws-actions

Conversation

@valerena
Copy link
Copy Markdown
Contributor

  • aws-actions/stale-issue-cleanup@v6 to @7de35968489e4142233d2a6812519a82e68b5c38 # v6
  • aws-actions/closed-issue-message@v2 to @10aaf6366131b673a7c8b7742f8b3849f1d44f18 # v2
  • aws-actions/configure-aws-credentials@v6 to @ec61189d14ec14c8efccab744f656cffd0e33f37 # v6

Which issue(s) does this change fix?

Why is this change necessary?

This ensures the workflows are locked to specific, auditable commits and won't be affected by tag mutations or supply-chain attacks.

How does it address the issue?

What side effects does this change have?

Mandatory Checklist

PRs will only be reviewed after checklist is complete

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

- `aws-actions/stale-issue-cleanup@v6` to `@7de35968489e4142233d2a6812519a82e68b5c38 # v6`
- `aws-actions/closed-issue-message@v2` to `@10aaf6366131b673a7c8b7742f8b3849f1d44f18 # v2`
- `aws-actions/configure-aws-credentials@v6` to `@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6`
@valerena valerena requested a review from a team as a code owner April 16, 2026 18:41
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Results

Reviewed: 14004e2..80a0977
Files: 3
Comments: 0

✅ No issues found. The changes look good.

All three files pin GitHub Actions from mutable version tags to specific commit SHAs while preserving the version as a trailing comment. This is a security best practice that mitigates supply-chain attacks from tag mutation.

issues: write
steps:
- uses: aws-actions/stale-issue-cleanup@v6
- uses: aws-actions/stale-issue-cleanup@7de35968489e4142233d2a6812519a82e68b5c38 # v6
Copy link
Copy Markdown
Contributor

@reedham-aws reedham-aws Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: This is not the latest version, but I think that's fine if we just want to keep it the same

@valerena valerena added this pull request to the merge queue Apr 16, 2026
Merged via the queue into aws:develop with commit dff5c18 Apr 16, 2026
55 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants