Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Pin and upgrade all immutable-eligible actions to their semantic versions #267

Merged
merged 8 commits into from
Nov 15, 2024
Merged

chore: Pin and upgrade all immutable-eligible actions to their semantic versions #267

merged 8 commits into from
Nov 15, 2024

Conversation

mrecachinas
Copy link
Member

@mrecachinas mrecachinas commented Nov 15, 2024
edited
Loading

Hello from Product Security! 👋

We noticed that at least one of your Actions workflows is using one or more eligible immutable actions without semantic versioning. This PR will update the workflow to use the latest version of the action, using semantic versioning to opt into immutable actions.

Why is this important?

Using an immutable action without indicating proper semantic version will result in the version being resolved to a tag that is mutable. This means the action code can between runs and without your knowledge.

Using an immutable action with proper semantic versioning will resolve to the exact version of the action stored in the GitHub package registry. The action code will not change between runs. This is a key security control to ensure the code you are running is the code you expect.

Thanks and happy coding! 🎉

Copilot
Copilot AI reviewed Nov 15, 2024
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 1 out of 1 changed files in this pull request and generated no suggestions.

Tip: If you use Visual Studio Code, you can request a review from Copilot before you push from the "Source Control" tab. Learn more
@jmeridth jmeridth changed the title Pin and upgrade all immutable-eligible actions to their semantic versions chore: Pin and upgrade all immutable-eligible actions to their semantic versions Nov 15, 2024
@jmeridth
Copy link
Member

@mrecachinas thank you for this PR. Very happy to learn about immutable actions via tags. Definitely more human readable. Cheers 🙇

@jmeridth jmeridth merged commit 35040bd into main Nov 15, 2024
29 of 30 checks passed
@jmeridth jmeridth deleted the immutable-actions branch November 15, 2024 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot Copilot left review comments

@jmeridth jmeridth jmeridth approved these changes

@sutterj sutterj Awaiting requested review from sutterj sutterj is a code owner

@zkoppert zkoppert Awaiting requested review from zkoppert zkoppert is a code owner

Assignees
No one assigned
Labels
maintenance release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mrecachinas @jmeridth