Pin GitHub workflow actions to release SHAs by dependabot[bot] · Pull Request #128 · bartul/imperium

dependabot · 2026-05-12T18:44:20Z

Summary

Pin workflow action references to immutable release SHAs across CI, repo configuration enforcement, and Azure deployment workflows.
Keep source release comments next to each SHA for maintainability.
Pin azure/webapps-deploy to v2.2.19, the latest published release currently reported by GitHub release metadata and Marketplace.

Reviewed upstream release metadata and repository security pages for actions/checkout, actions/setup-dotnet, actions/cache, actions/upload-artifact, actions/download-artifact, and Azure/webapps-deploy.
No published GitHub security advisories were found for those upstream action repositories during review.
Resolved SHAs from official upstream release refs before pinning.

Bumps [azure/webapps-deploy](https://github.com/azure/webapps-deploy) from 3 to 3.0.8. - [Release notes](https://github.com/azure/webapps-deploy/releases) - [Commits](Azure/webapps-deploy@v3...v3.0.8) --- updated-dependencies: - dependency-name: azure/webapps-deploy dependency-version: 3.0.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the chore label May 12, 2026

dependabot Bot requested a review from bartul as a code owner May 12, 2026 18:44

bartul changed the title ~~chore: Bump azure/webapps-deploy from 3 to 3.0.8~~ Pin GitHub workflow actions to release SHAs May 12, 2026

dependabot Bot and others added 2 commits May 12, 2026 22:55

Pin workflow actions to release SHAs

999f9f7

bartul force-pushed the dependabot-github_actions-azure-webapps-deploy-3.0.8 branch from 0ea5f1e to 999f9f7 Compare May 12, 2026 20:55

bartul merged commit 71f79d0 into master May 12, 2026
1 check passed

bartul deleted the dependabot-github_actions-azure-webapps-deploy-3.0.8 branch May 12, 2026 20:58