Skip to content

ci: pin external GitHub Actions#1

Merged
devkoriel merged 2 commits into
mainfrom
security/pin-external-actions-20260507
May 7, 2026
Merged

ci: pin external GitHub Actions#1
devkoriel merged 2 commits into
mainfrom
security/pin-external-actions-20260507

Conversation

@devkoriel
Copy link
Copy Markdown

@devkoriel devkoriel commented May 7, 2026

Pins third-party GitHub Actions uses: references to full commit SHAs.

Context: RFC-043 GitHub organization security hardening.

This PR does not change GitHub org settings, branch protection, or workflow permissions.

Pinned references:

  • .github/workflows/codesee-arch-diagram.yml:18 actions/checkout@v2 -> actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5
  • .github/workflows/codesee-arch-diagram.yml:27 Codesee-io/codesee-detect-languages-action@latest -> Codesee-io/codesee-detect-languages-action@177c4c765fc8d128984b3cb7f7d8df8fdbcec21d
  • .github/workflows/codesee-arch-diagram.yml:30 actions/setup-java@v2 -> actions/setup-java@91d3aa4956ec4a53e477c4907347b5e3481be8c9
  • .github/workflows/codesee-arch-diagram.yml:39 actions/setup-node@v2 -> actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8
  • .github/workflows/codesee-arch-diagram.yml:45 actions/setup-python@v2 -> actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e
  • .github/workflows/codesee-arch-diagram.yml:52 ruby/setup-ruby@v1 -> ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f
  • .github/workflows/codesee-arch-diagram.yml:61 Codesee-io/codesee-map-action@latest -> Codesee-io/codesee-map-action@938f7135ad2978103c7519e4e2c45d8a2b392442
  • .github/workflows/codesee-arch-diagram.yml:69 Codesee-io/codesee-map-action@latest -> Codesee-io/codesee-map-action@938f7135ad2978103c7519e4e2c45d8a2b392442
  • .github/workflows/codesee-arch-diagram.yml:77 Codesee-io/codesee-map-action@latest -> Codesee-io/codesee-map-action@938f7135ad2978103c7519e4e2c45d8a2b392442
  • .github/workflows/docker.yml:16 actions/checkout@v3 -> actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
  • .github/workflows/docker.yml:20 docker/metadata-action@v3 -> docker/metadata-action@b2391d37b4157fa4aa2e118d643f417910ff3242
  • .github/workflows/docker.yml:30 docker/setup-qemu-action@master -> docker/setup-qemu-action@e9a73d053822dd261763972e27a1731c06462d91
  • .github/workflows/docker.yml:35 docker/setup-buildx-action@v2 -> docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55
  • .github/workflows/docker.yml:41 docker/login-action@v1 -> docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7
  • .github/workflows/docker.yml:48 docker/build-push-action@v3 -> docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6

@devkoriel devkoriel merged commit 74766ef into main May 7, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@devkoriel