chore: pin actions callsites to v2.1.0 SHA#1503
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Pins GitHub Actions/reusable workflow callsites to specific commit SHAs and updates repository submodule configuration accordingly.
Changes:
- Update the TODO scanning workflow to use
devantler-tech/reusable-workflowsatv2.2.0(SHA-pinned). - Update the label sync workflow to use
devantler-tech/actionsv2.1.0(SHA-pinned), switching action path tosync-github-labels. - Remove the
github/devantler-tech/.github-privatesubmodule from.gitmodules.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.gitmodules |
Removes the .github-private submodule entry. |
.github/workflows/todos.yaml |
Pins the reusable workflow reference to a newer SHA (v2.2.0). |
.github/workflows/sync-labels.yaml |
Updates the label-sync action reference to the v2.1.0 SHA and changes the action path. |
Comments suppressed due to low confidence (1)
.gitmodules:12
- This PR removes the
github/devantler-tech/.github-privatesubmodule, which is a scope change unrelated to pinningdevantler-tech/actionscallsites. Please document this in the PR description/title (or move it to a separate PR) so consumers understand why the private submodule was dropped.
[submodule "dotfiles"]
path = dotfiles
url = git@github.com:devantler/dotfiles.git
branch = main
[submodule "github/devantler-tech/.github-public"]
path = github/devantler-tech/.github-public
url = git@github.com:devantler-tech/.github.git
branch = main
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| todos: | ||
| uses: devantler-tech/reusable-workflows/.github/workflows/scan-for-todo-comments.yaml@a7c930391dcd50fcb1721153c5fb08f7dbfc9ee8 # v2.0.0 | ||
| uses: devantler-tech/reusable-workflows/.github/workflows/scan-for-todo-comments.yaml@9ec9792d6c140612f6b5bafa5dc786e751b5ff1a # v2.2.0 | ||
| secrets: |
There was a problem hiding this comment.
The PR description/title state this change is about pinning devantler-tech/actions callsites to the v2.1.0 SHA, but this workflow update pins devantler-tech/reusable-workflows to v2.2.0. Please update the PR title/description (or split the change) so the scope matches what is actually being modified.
| - name: 🔄 Sync labels | ||
| uses: devantler-tech/actions/sync-labels-action@884a9b7321e269351d5fc006d95e0b50b2ddedf6 # v1.9.7 | ||
| uses: devantler-tech/actions/sync-github-labels@4235593b654b467bb57c2d2f492b1461eab37cba # v2.1.0 |
There was a problem hiding this comment.
This change switches to a different action path (sync-labels-action → sync-github-labels), not just a SHA pin. If this is due to an action rename/breaking change in v2.x, please call it out explicitly in the PR description and confirm any required inputs/behavior changes are accounted for.
Pin all
devantler-tech/actionsworkflow callsites to the latest semver release SHA:4235593b654b467bb57c2d2f492b1461eab37cba(v2.1.0).This PR also updates submodule pointers to commits containing those pin updates.
Depends on:
Fixes N/A
Type of change