Skip to content

ops: pin all third-party GitHub Action SHAs#49

Merged
amavashev merged 1 commit into
mainfrom
ops/pin-action-shas
May 2, 2026
Merged

ops: pin all third-party GitHub Action SHAs#49
amavashev merged 1 commit into
mainfrom
ops/pin-action-shas

Conversation

@amavashev
Copy link
Copy Markdown
Contributor

@amavashev amavashev commented May 2, 2026

Same SHA-pinning sweep as runcycles/cycles-server#143. Addresses the Pinned-Dependencies criterion from OpenSSF Scorecard (target 0 → 10).

8 refs pinned across dependabot-auto-merge.yml and python-publish.yml. Dependabot already manages the github-actions ecosystem and will keep these SHAs current via auto-PRs.

SHAs resolved 2026-05-02 from each action's repo via gh api repos/<owner>/<repo>/commits/<ref>.

@amavashev
ops: pin all third-party GitHub Action SHAs
4a7ecc2 
Same SHA-pinning sweep as runcycles/cycles-server#143. Addresses the
Pinned-Dependencies criterion from OpenSSF Scorecard (target: 0/10 → 10/10).

Pinned 8 refs across dependabot-auto-merge.yml and python-publish.yml.
Dependabot already manages the github-actions ecosystem and will keep
these SHAs current via auto-PRs as new versions ship — the version
comment after each SHA tells Dependabot what to track.
@amavashev amavashev merged commit 276d253 into main May 2, 2026
@amavashev amavashev deleted the ops/pin-action-shas branch May 2, 2026 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@amavashev