Skip to content

Pin actions/checkout to commit hash with version comment #376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 24, 2025
Merged

Pin actions/checkout to commit hash with version comment #376

merged 5 commits into from
Nov 24, 2025
+3 −3

Conversation

Copy link
Contributor

Copilot AI commented Nov 24, 2025
edited
Loading

Updated actions/checkout references in workflow files to use the full commit hash instead of the version tag, with the semantic version as an inline comment for clarity.

Changes

  • Updated actions/checkout to use commit hash 1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 with # v6.0.0 comment in:
    • .github/workflows/release.yml
    • .github/workflows/self-test.yml
    • .github/workflows/cpp-linter.yml

Example

# Before:
- uses: actions/checkout@v6

# After:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3  # v6.0.0

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Nov 24, 2025
Merged
@shenxianpeng
Add version comments to actions/checkout references
d814bed 
Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Nov 24, 2025

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/actions/checkout/releases/latest
    • Triggering command: /usr/bin/curl curl -s REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] Update actions/checkout from 5 to 6 in the actions group Add semantic version comments to actions/checkout references Nov 24, 2025
shenxianpeng
shenxianpeng reviewed Nov 24, 2025
View reviewed changes
.github/workflows/cpp-linter.yml Outdated
runs-on: ubuntu-latest
steps:
# v6.0.0
- uses: actions/checkout@v6
Copy link
Collaborator

@shenxianpeng shenxianpeng Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot please add comments after - uses: actions/checkout@v6, for example - uses: actions/checkout@v6 # v6.0.0

Copy link
Contributor Author

Copilot AI Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in ce0a7c7. Changed all version comments to inline format:

- uses: actions/checkout@v6  # v6.0.0

Copilot finished work on behalf of shenxianpeng November 24, 2025 19:04
Copilot AI requested a review from shenxianpeng November 24, 2025 19:04
@shenxianpeng
Move version comments to inline format
ce0a7c7 
Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>
Copilot finished work on behalf of shenxianpeng November 24, 2025 19:07
@shenxianpeng
Copy link
Collaborator

shenxianpeng commented Nov 24, 2025

@copilot do not update for .github/workflows/examples/ folder; use git commit hash instead of tag, e.g. v6

@shenxianpeng
Revert examples folder changes and use commit hash in comments
626efce 
Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Nov 24, 2025

@copilot do not update for .github/workflows/examples/ folder; use git commit hash instead of tag, e.g. v6

Done in 626efce. Reverted changes to .github/workflows/examples/ folder and updated comments to use commit hash 1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 instead of semantic version tag.

Copilot AI changed the title Add semantic version comments to actions/checkout references Add commit hash comments to actions/checkout references Nov 24, 2025
Copilot finished work on behalf of shenxianpeng November 24, 2025 21:22
Copilot AI requested a review from shenxianpeng November 24, 2025 21:22
shenxianpeng
shenxianpeng reviewed Nov 24, 2025
View reviewed changes
.github/workflows/cpp-linter.yml Outdated
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v6 # 1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
Copy link
Collaborator

@shenxianpeng shenxianpeng Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot I expect to update to the below

- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3  # v6.0.0

Copy link
Contributor Author

Copilot AI Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 41a3b15. Updated to use commit hash as the reference with the semantic version tag as the comment:

- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3  # v6.0.0

@shenxianpeng
Use commit hash as reference and version tag as comment
41a3b15 
Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>
Copilot AI changed the title Add commit hash comments to actions/checkout references Pin actions/checkout to commit hash with version comment Nov 24, 2025
Copilot AI requested a review from shenxianpeng November 24, 2025 21:32
Copilot finished work on behalf of shenxianpeng November 24, 2025 21:32
@shenxianpeng shenxianpeng marked this pull request as ready for review November 24, 2025 21:36
@shenxianpeng shenxianpeng requested a review from a team as a code owner November 24, 2025 21:36
@shenxianpeng shenxianpeng requested review from 2bndy5 and removed request for a team November 24, 2025 21:36
@shenxianpeng shenxianpeng merged commit 3a7f15e into dependabot/github_actions/actions-76468cb07f Nov 24, 2025
5 checks passed
@shenxianpeng shenxianpeng deleted the copilot/sub-pr-375 branch November 24, 2025 21:36
shenxianpeng added a commit that referenced this pull request Nov 24, 2025
@dependabot
@shenxianpeng @2bndy5
chore(deps): bump actions/checkout from 5 to 6 in the actions group (#…
b177289 
…375)

* chore(deps): bump actions/checkout from 5 to 6 in the actions group

Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* Pin actions/checkout to commit hash with version comment (#376)

* Initial plan

* Add version comments to actions/checkout references

Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>

* Move version comments to inline format

Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>

* Revert examples folder changes and use commit hash in comments

Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>

* Use commit hash as reference and version tag as comment

Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>

* do not persist git credentials when not needed

and make explicit when we do need it

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com>
Co-authored-by: Brendan <2bndy5@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@2bndy5 2bndy5 Awaiting requested review from 2bndy5 2bndy5 was automatically assigned from cpp-linter/developers

1 more reviewer

@shenxianpeng shenxianpeng shenxianpeng approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@shenxianpeng shenxianpeng

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shenxianpeng