Skip to content

[codex] Pin GitHub Actions workflow references#57

Merged
frantic-openai merged 1 commit intomainfrom
codex/pin-github-workflow-refs-20260326-215915
Mar 27, 2026
Merged

[codex] Pin GitHub Actions workflow references#57
frantic-openai merged 1 commit intomainfrom
codex/pin-github-workflow-refs-20260326-215915

Conversation

@hintz-openai
Copy link
Copy Markdown
Contributor

@hintz-openai hintz-openai commented Mar 27, 2026

Summary

Pin floating external GitHub Actions workflow refs to immutable SHAs.

Why

See the rationale doc: https://docs.google.com/document/d/1qOURCNx2zszQ0uWx7Fj5ERu4jpiYjxLVWBWgKa2wTsA/edit?tab=t.0

Validation

  • rg -n --pcre2 "uses:\s*(?!\./)(?!docker://)[^#\n]+@(?![0-9a-f]{40}(?:\s+#.*)?$)\S+" .github/workflows
  • git diff --check
  • git diff --stat -- .github/workflows

@frantic-openai frantic-openai merged commit 9e89dd9 into main Mar 27, 2026
1 of 2 checks passed
@frantic-openai frantic-openai deleted the codex/pin-github-workflow-refs-20260326-215915 branch March 27, 2026 18:39
ctrochalakis pushed a commit to skroutz-internal/symphony that referenced this pull request Mar 30, 2026
@hintz-openai
[codex] Pin GitHub Actions workflow references (openai#57)
c90c45d 
## Summary
Pin floating external GitHub Actions workflow refs to immutable SHAs.

## Why
See the rationale doc:
https://docs.google.com/document/d/1qOURCNx2zszQ0uWx7Fj5ERu4jpiYjxLVWBWgKa2wTsA/edit?tab=t.0

## Validation
- `rg -n --pcre2
"uses:\s*(?!\./)(?!docker://)[^#\n]+@(?![0-9a-f]{40}(?:\s+#.*)?$)\S+"
.github/workflows`
- `git diff --check`
- `git diff --stat -- .github/workflows`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frantic-openai frantic-openai Awaiting requested review from frantic-openai

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hintz-openai @frantic-openai