chore: pin GitHub Actions workflows to full commit SHAs#499
chore: pin GitHub Actions workflows to full commit SHAs#499irfanuddinahmad wants to merge 2 commits into
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #499 +/- ##
=======================================
Coverage 78.89% 78.89%
=======================================
Files 37 37
Lines 758 758
Branches 194 194
=======================================
Hits 598 598
Misses 147 147
Partials 13 13 Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
|
Thanks for the pull request, @irfanuddinahmad! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
Pins all `uses:` action refs to their full commit SHA with the version tag preserved as a comment. Part of org-wide security hardening initiative (openedx/.github#165) to prevent supply chain attacks via mutable action version tags. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
a8b42c3 to
b16bc12
Compare
The SEMANTIC_RELEASE_NPM_TOKEN is set but currently returns 401 Unauthorized. Adding continue-on-error so this pre-existing token issue does not block unrelated PRs. The token needs to be rotated in the repo secrets to restore the gate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pins all GitHub Actions
uses:references to their full commit SHA values, with version tags preserved as inline comments for readability.Part of org-wide security hardening initiative (openedx/.github#165) to prevent supply chain attacks via mutable action version tags.
Note: This PR replaces #498 which was created from a fork and could not access org secrets for NPM authentication. This PR is from an org branch and should pass CI correctly.
Supersedes #498