Skip to content

chore: pin GitHub Actions to specific commit hashes #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 1, 2025
Merged

chore: pin GitHub Actions to specific commit hashes #41

merged 1 commit into from
Apr 1, 2025

Conversation

capytan
Copy link

@capytan capytan commented Mar 21, 2025

Motivation / Background

This Pull Request has been created to improve the security and stability of our GitHub Actions workflow by pinning action versions to specific commit hashes. This follows the security best practice recommended by GitHub to prevent potential supply chain attacks.

Detail

This Pull Request changes the version references in our GitHub Actions workflow from floating version tags to specific commit hashes:

  • Updates actions/checkout from v4 to v4.2.2 (commit hash: 11bd71901bbe5b1630ceea73d27597364c9af683)
  • Updates actions/setup-java from v3 to v3.13.0 (commit hash: 0ab4596768b603586c0de567f2430c30f5b0d2b0)
  • Updates actions/cache from v2 to commit hash 8492260343ad570701412c2f464a5877dc76bace of the same version
  • Updates ruby/setup-ruby from v1 to v1.227.0 (commit hash: 1a615958ad9d422dd932dc1d5823942ee002799f)

Benefits of this change:

  • Improves reproducibility of workflow runs
  • Prevents unexpected action updates
  • Provides clear identification of action versions in use

Checklist

  • This PR contains changes related to a single purpose (pinning action versions)
  • Commit message includes detailed description of changes and rationale
  • No tests needed as this is a workflow configuration change
  • No CHANGELOG update needed as this is an internal workflow change

@capytan
chore: pin GitHub Actions to specific commit hashes
0e78f0b 
- actions/checkout@v4 -> v4.2.2
- actions/setup-java@v3 -> v3.13.0
- actions/cache@v2 -> v2
- ruby/setup-ruby@v1 -> v1.227.0
@capytan capytan self-assigned this Mar 21, 2025
@capytan capytan requested a review from a team as a code owner March 21, 2025 10:24
@capytan capytan requested review from JASON13F and GOTO-TSL March 21, 2025 10:24
JASON13F
JASON13F approved these changes Mar 24, 2025
View reviewed changes
Copy link
Contributor

@JASON13F JASON13F left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

対応ありがとうございます!LGTM!

GOTO-TSL
GOTO-TSL approved these changes Apr 1, 2025
View reviewed changes
Copy link

@GOTO-TSL GOTO-TSL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ありがとうございます!

@JASON13F JASON13F merged commit 5d865dc into main Apr 1, 2025
3 checks passed
@JASON13F JASON13F deleted the use-commit-hash-for-github-actions branch April 1, 2025 03:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JASON13F JASON13F JASON13F approved these changes

@GOTO-TSL GOTO-TSL GOTO-TSL approved these changes

Assignees

@capytan capytan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@capytan @JASON13F @GOTO-TSL