Skip to content

Improve CI security and add Dependabot configuration#145

Merged
jcfr merged 2 commits intomainfrom
pin-github-actions-and-enable-dependabot
Aug 3, 2025
Merged

Improve CI security and add Dependabot configuration#145
jcfr merged 2 commits intomainfrom
pin-github-actions-and-enable-dependabot

Conversation

@jcfr
Copy link
Member

@jcfr jcfr commented Aug 3, 2025

This pull request improves the CI pipeline introducing these changes:

  • Follow GitHub's security hardening recommendations pinning GitHub Actions to Full-Length Commit SHAs

  • Add Dependabot Configuration to automate the update of GitHub Actions version.

jcfr added 2 commits August 3, 2025 00:46
@jcfr
ci: Pin GitHub actions to full-length commit SHA
1dbb079 
This improves security by following GitHub's security hardening guide, which
recommends pinning actions to specific commit SHAs to prevent unauthorized changes.

See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
@jcfr
ci: Add dependabot configuration files
e6cfa22 
This adds configuration for Dependabot to automate dependency updates, ensuring
that GitHub Actions dependencies are kept up-to-date on a weekly schedule.

See https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference
@jcfr jcfr enabled auto-merge (rebase) August 3, 2025 04:52
@jcfr jcfr merged commit 4aad09a into main Aug 3, 2025
5 checks passed
@jcfr jcfr deleted the pin-github-actions-and-enable-dependabot branch August 3, 2025 05:09
@jcfr jcfr mentioned this pull request Aug 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jcfr