Skip to content

Reference github action versions by hash with auto-update#32

Open
okurz wants to merge 2 commits into
Grinnz:masterfrom
okurz:feature/poo203049_hashed_github_action
Open

Reference github action versions by hash with auto-update#32
okurz wants to merge 2 commits into
Grinnz:masterfrom
okurz:feature/poo203049_hashed_github_action

Conversation

@okurz

@okurz okurz commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Motivation:
Secure GitHub Actions workflows against git tag hijacking attacks.

Design Choices:
Replace version tags with full 40-character SHA-1 hashes.
Preserve tags as comments for easy reference.

Benefits:
Ensures workflow immutability and compliance with security
best practices.

Related issue: https://progress.opensuse.org/issues/203049
@okurz okurz force-pushed the feature/poo203049_hashed_github_action branch from ce4ba77 to 20e3767 Compare June 30, 2026 12:39
Motivation:
Workflow files failed yamllint checkstyle checks due to inline comments
only having 1 space instead of the expected 2.

Design Choices:
Reformat comment prefixes to use 2 spaces before '#'.

Benefits:
Fixes CI checkstyle/yaml-syntax validation errors.

Related issue: https://progress.opensuse.org/issues/203049
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant