From e4e70a144272059cd2267f5732c4dfa1c6def738 Mon Sep 17 00:00:00 2001 From: Adam Bannach <113929542+abannachGrafana@users.noreply.github.com> Date: Wed, 9 Apr 2025 06:55:39 -0500 Subject: [PATCH 1/2] fix: test workflow checkout to use default refs --- .github/workflows/test.yml | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9d01c130..be610f2a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,8 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | @@ -57,8 +56,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | @@ -102,8 +100,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | @@ -151,8 +148,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | @@ -201,8 +197,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | @@ -250,8 +245,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | @@ -299,8 +293,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | @@ -348,8 +341,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | @@ -397,8 +389,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.head_ref || github.ref }} + - name: Setup test branch id: setup-test-branch run: | From c6630d15619a009741e26baefd8ff0d1ed7f60cb Mon Sep 17 00:00:00 2001 From: Adam Bannach <113929542+abannachGrafana@users.noreply.github.com> Date: Wed, 9 Apr 2025 06:58:48 -0500 Subject: [PATCH 2/2] chore: security harden update major workflow --- .github/workflows/update-major-release-tag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-major-release-tag.yml b/.github/workflows/update-major-release-tag.yml index c7e596ce..d1c76718 100644 --- a/.github/workflows/update-major-release-tag.yml +++ b/.github/workflows/update-major-release-tag.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get major version num and update tag run: |