Commit 69a2190
Pin GitHub Actions to commit SHAs (#196)
## Summary
Pins GitHub Actions `uses:` references to verified full-length commit SHAs.
This prepares the repository for orgwide enforcement that blocks unpinned GitHub Actions and reduces supply-chain risk from mutable tags or branches.
## Details
- Replaced mutable external action refs such as `owner/action@vN` with full 40-character commit SHAs.
- Preserved the originally intended tag/version as an inline comment next to each pin.
- Resolved SHAs from the official upstream action repositories using `git ls-remote`.
- For annotated tags, pinned the peeled commit SHA (`refs/tags/<tag>^{}`), not the tag object SHA.
- No workflow behavior, inputs, permissions, or triggers were intentionally changed.
Co-authored-by: Monika <monika@neosynth.net>1 parent 3e99647 commit 69a2190
2 files changed
Lines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
| 16 | + | |
17 | 17 | | |
18 | | - | |
| 18 | + | |
19 | 19 | | |
20 | 20 | | |
21 | 21 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
15 | 15 | | |
16 | 16 | | |
17 | 17 | | |
18 | | - | |
| 18 | + | |
19 | 19 | | |
20 | 20 | | |
21 | | - | |
| 21 | + | |
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| |||
0 commit comments