Pin GitHub Actions to specific stable versions (#1854)#1865
Merged
Conversation
Replaces floating major tags (@v4, @v5, ...) with specific patch releases so a force-pushed tag on an upstream action can't silently run new code in this repo's CI. Pin targets are the latest stable release within each action's currently-used major version, so no behavioral change is expected. - `actions/checkout` → v4.3.1 (also replaces @master in docker.yml) - `actions/setup-python` → v5.6.0 - `actions/upload-artifact` → v4.6.2 - `actions/download-artifact` → v4.3.0 - `actions/cache` → v4.3.0 - `actions/setup-node` → v4.4.0 - `astral-sh/setup-uv` → v4.2.0 (workflows) / v7.6.0 (share-actions) - `pnpm/action-setup` → v3.0.0 - `marocchino/sticky-pull-request-comment` → v2.9.4 - `docker/login-action` → v3.7.0 - `docker/setup-buildx-action` → v3.12.0 - `docker/setup-qemu-action` → v3.7.0 - `docker/build-push-action` → v5.4.0 - `ncipollo/release-action` → v1.21.0 - `pypa/gh-action-pypi-publish` → v1.14.0 (was `release/v1` branch ref) - `tj-actions/changed-files` → SHA-pinned to aa08304b (v42.1.0), since this action was the subject of a March 2025 supply-chain attack where version tags were force-pushed to malicious commits.
|
📚 Artifacts deployed to GitHub Pages: https://evidentlyai.github.io/evidently/ci/#pr-1865-ci-pin-actions-1854 |
Liraim
approved these changes
May 2, 2026
Collaborator
Liraim
left a comment
Liraim
left a comment
There was a problem hiding this comment.
Hi,
Thank you for your contribution!
All changes look good.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part 2 of #1854 (paired with #1864). Pins every third-party GitHub Actions reference in the repo to a specific stable version, so a force-pushed tag on an upstream action cannot silently run new code here.
Approach
Conservative: stay on the same major version the repo is already using, pin to the latest stable patch within that major. No behavioral changes expected — this is the same code the
@v4(etc.) floating tag resolves to right now.Pin targets
actions/checkout@v4(and@masterindocker.yml)@v4.3.1actions/setup-python@v5@v5.6.0actions/upload-artifact@v4@v4.6.2actions/download-artifact@v4@v4.3.0actions/cache@v4@v4.3.0actions/setup-node@v4@v4.4.0astral-sh/setup-uv@v4/@v7@v4.2.0/@v7.6.0pnpm/action-setup@v3@v3.0.0marocchino/sticky-pull-request-comment@v2@v2.9.4docker/login-action@v3@v3.7.0docker/setup-buildx-action@v3@v3.12.0docker/setup-qemu-action@v3@v3.7.0docker/build-push-action@v5@v5.4.0ncipollo/release-action@v1@v1.21.0pypa/gh-action-pypi-publish@release/v1(branch ref)@v1.14.0tj-actions/changed-files@v42@aa08304bwith# v42.1.0commentNotes
actions/checkout@masterindocker.ymlwas tracking the default branch, which is the worst-case pinning scenario. Now pinned tov4.3.1along with the rest.tj-actions/changed-filesis SHA-pinned rather than tag-pinned because it was the target of a documented March 2025 supply-chain attack where version tags were force-pushed to malicious commits. The pinned commitaa08304bd477b800d468db44fe10f6c61f7f7b11is the legitimate v42.1.0 from 2024-03-09, pre-dating the incident by a year. A trailing comment (# v42.1.0) keeps the version readable. Happy to switch to plain tag pinning if you prefer consistency with the other actions.pypa/gh-action-pypi-publish: moved from therelease/v1branch ref to@v1.14.0. OIDC trusted-publishing is a PyPI server-side feature keyed on{repo, workflow, environment}, so this change is purely a ref-type change and does not affect publishing behavior.tj-actions/changed-filesmajor upgrade (v42 → v47) — held off intentionally to avoid bundling a major-version bump with a security pin. If you want that bump, a follow-up PR would be appropriate.Test plan
main.ymlend-to-end. The changed-files job, linter, tests, UI builds, and Playwright runs should all succeed with pinned versions.release.ymlis tag-triggered and can't be exercised from a PR; behavioral changes are zero (same major versions), so low risk.deploy-artifacts-to-github-pages.ymlruns after CI completes viaworkflow_run; same story.docker.ymlisworkflow_dispatchonly; theactions/checkout@master→@v4.3.1change is functionally identical to all the other checkout call sites.