Skip to content

chore: test diff action #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
DerekRoberts wants to merge 1 commit into from
Closed

chore: test diff action #144

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,10 +79,10 @@ runs:
steps:
# Send triggers to diff action
- id: triggers
uses: bcgov/action-diff-triggers@a4753d53614cac4eb417cd35b05e0e401a76fc9d # v1.0.0
uses: bcgov/action-diff-triggers@feat/visibility-improvements
Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The action reference has been changed from a pinned commit SHA with a version tag comment to a feature branch reference. This is problematic for several reasons:

  1. Feature branches are mutable and can change at any time, making builds non-reproducible
  2. The previous version used a commit SHA (a4753d53614cac4eb417cd35b05e0e401a76fc9d) with a version comment (v1.0.0), which follows security best practices for GitHub Actions
  3. This change removes the security benefits of SHA pinning and introduces unpredictability

For testing purposes, a feature branch reference might be acceptable temporarily, but this should not be merged to a production branch without reverting to a pinned SHA or version tag once the feature branch is merged and released.

Suggested change
uses: bcgov/action-diff-triggers@feat/visibility-improvements
uses: bcgov/action-diff-triggers@a4753d53614cac4eb417cd35b05e0e401a76fc9d # v1.0.0

Copilot uses AI. Check for mistakes.
with:
triggers: ${{ inputs.triggers }}
diff_branch: ${{ inputs.diff_branch }}
ref: ${{ inputs.diff_branch }}
Comment thread
DerekRoberts marked this conversation as resolved.

- if: inputs.oc_version != '' && steps.triggers.outputs.triggered == 'true'
uses: bcgov/action-oc-runner@f900830adadd4d9eef3ca6ff80103e839ba8b7c0 # v1.3.0
Expand Down
Loading