Skip to content

gha: update docs-upstream to pin workflows by sha#13834

Merged
glours merged 1 commit into
docker:mainfrom
thaJeztah:update_validate_upstream
Jun 9, 2026
Merged

gha: update docs-upstream to pin workflows by sha#13834
glours merged 1 commit into
docker:mainfrom
thaJeztah:update_validate_upstream

Conversation

@thaJeztah

@thaJeztah thaJeztah commented Jun 9, 2026

Copy link
Copy Markdown
Member

This workflow was updated in 56e2dba but it looks to have pinned to a version before the workflows were pinned; https://github.com/docker/docs/blob/464a44a6e72b37cf1755968477e242a5e5f6ef7d/.github/workflows/validate-upstream.yml

This patch updates the workflow to a version that uses pinned actions; https://github.com/docker/docs/blob/00aefd5eae73898c4d3bcd7a6fe95a039293706b/.github/workflows/validate-upstream.yml

What I did

Related issue

(not mandatory) A picture of a cute animal, if possible in relation to what you did

@thaJeztah
gha: update docs-upstream to pin workflows by sha
d5d081f 
This workflow was updated in 56e2dba
but it looks to have pinned to a version before the workflows were
pinned; https://github.com/docker/docs/blob/464a44a6e72b37cf1755968477e242a5e5f6ef7d/.github/workflows/validate-upstream.yml

This patch updates the workflow to a version that uses pinned actions;
https://github.com/docker/docs/blob/00aefd5eae73898c4d3bcd7a6fe95a039293706b/.github/workflows/validate-upstream.yml

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Copilot AI review requested due to automatic review settings June 9, 2026 15:56
@thaJeztah thaJeztah requested a review from a team as a code owner June 9, 2026 15:56
@thaJeztah thaJeztah requested review from glours and ndeloof June 9, 2026 15:56
@glours glours merged commit 79d63a8 into docker:main Jun 9, 2026
16 of 38 checks passed
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the docs-upstream GitHub Actions workflow to reference a newer docker/docs reusable workflow revision that includes pinned actions, aligning this repo with the “pin by SHA” security posture introduced in #13662.

Changes:

  • Update .github/workflows/docs-upstream.yml to use docker/docs/.github/workflows/validate-upstream.yml@00aefd5e… instead of @464a44a6….

@thaJeztah thaJeztah mentioned this pull request Jun 9, 2026
Merged
docker-agent[bot]
docker-agent Bot reviewed Jun 9, 2026
View reviewed changes

@docker-agent docker-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

No issues found in the changed code. The PR updates the pinned SHA for the reusable workflow call docker/docs/.github/workflows/validate-upstream.yml to a newer commit (00aefd5eae73898c4d3bcd7a6fe95a039293706b) where all upstream actions are themselves SHA-pinned — exactly the recommended supply-chain-security practice. No new actions or permissions are introduced.

@thaJeztah thaJeztah deleted the update_validate_upstream branch June 9, 2026 16:06
@codecov

codecov Bot commented Jun 9, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@docker-agent docker-agent[bot] docker-agent[bot] left review comments

@glours glours glours approved these changes

@ndeloof ndeloof Awaiting requested review from ndeloof ndeloof is a code owner automatically assigned from docker/compose-maintainers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thaJeztah @glours