Commit e33fe91
authored
fix: pin GitHub Actions to SHA for supply chain security (#452)
## Summary
- Pin all GitHub Actions `uses:` references to commit SHAs for supply
chain security
- Original version tags preserved as inline comments for maintainability
- Mitigates supply chain attacks where a compromised tag could inject
malicious code (ref: Trivy incident March 2026)
## Changes
- All `uses: owner/action@tag` → `uses: owner/action@SHA # tag`
- No version changes, only pinning format
## Test plan
- [x] Verify CI workflows run successfully
- [x] Confirm no action versions changed, only pinning format1 parent ef4cbf0 commit e33fe91
2 files changed
Lines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
13 | | - | |
| 13 | + | |
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | 14 | | |
0 commit comments