Skip to content

ci: pin GitHub Actions to commit SHAs#15357

Merged
gr2m merged 1 commit into
mainfrom
ci/pin-github-actions-to-shas
May 15, 2026
Merged

ci: pin GitHub Actions to commit SHAs#15357
gr2m merged 1 commit into
mainfrom
ci/pin-github-actions-to-shas

Conversation

@gr2m
Copy link
Copy Markdown
Collaborator

@gr2m gr2m commented May 15, 2026
edited
Loading

Summary

  • Pin every uses: action in .github/workflows/** to the immutable git commit SHA that each current tag/branch resolves to, with a trailing # vX.Y.Z (or # vN) comment in Renovate style.
  • Extend .github/renovate.json5 with helpers:pinGitHubActionDigests so Renovate keeps updating those digests instead of floating tags.

@gr2m @cursoragent
ci: pin GitHub Actions to commit SHAs
b549687 
Enable Renovate helpers:pinGitHubActionDigests so future action updates
keep digest-style pins with version comments.

Co-authored-by: Cursor <cursoragent@cursor.com>
This was referenced May 15, 2026
Merged
Merged
gr2m added a commit that referenced this pull request May 15, 2026
@gr2m @cursoragent
ci: pin GitHub Actions to commit SHAs (#15359)
b38f446 
backport of #15357

Co-authored-by: Cursor <cursoragent@cursor.com>
gr2m added a commit that referenced this pull request May 15, 2026
@gr2m @cursoragent
ci: pin GitHub Actions to commit SHAs (#15358)
2bcdaad 
backport of #15357

Co-authored-by: Cursor <cursoragent@cursor.com>
@gr2m gr2m merged commit 757d69e into main May 15, 2026
19 checks passed
@gr2m gr2m deleted the ci/pin-github-actions-to-shas branch May 15, 2026 23:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@gr2m gr2m

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gr2m