Skip to content

CI: pin actions by sha256#120

Open
pjonsson wants to merge 1 commit into
Open-EO:mainfrom
pjonsson:ci-pin-actions
Open

CI: pin actions by sha256#120
pjonsson wants to merge 1 commit into
Open-EO:mainfrom
pjonsson:ci-pin-actions

Conversation

@pjonsson

@pjonsson pjonsson commented Apr 3, 2026

Copy link
Copy Markdown
Contributor

Update the actions to the latest
version and pin them by sha256
to avoid supply-chain attacks
if the action provider gets
compromised.

Update the actions to the latest
version and pin them by sha256
to avoid supply-chain attacks
if the action provider gets
compromised.
@codecov

codecov Bot commented Apr 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.00%. Comparing base (50e7109) to head (81895e1).
⚠️ Report is 28 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #120      +/-   ##
==========================================
+ Coverage   92.27%   95.00%   +2.72%     
==========================================
  Files           6        6              
  Lines         686      760      +74     
==========================================
+ Hits          633      722      +89     
+ Misses         53       38      -15     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@pjonsson

pjonsson commented Apr 3, 2026

Copy link
Copy Markdown
Contributor Author

I created the pull request with the third-party Python package gha-update, but I'm sure there are plenty of other ways to get the sha256 of actions as well.

If you want to not think about this, I put up #121 which will make Dependabot provide pull requests with updated sha256s so you will only need to review/click the merge button for getting action updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant