[BugFix] Bump remaining opensearch-build workflow refs to SHA-pinned commit

mengweieric · mengweieric · commit 07d226356f86 · 2026-06-24T16:24:19.000-07:00
The first commit covered the five workflows that call get-ci-image-tag.yml.
The same old opensearch-build ref (c2498b758c) was still pinned in
pr_review.yml (code-diff-analyzer.yml, code-diff-reviewer.yml) and
issue-dedupe.yml (issue-dedupe-detect.yml, issue-dedupe-autoclose.yml).

Code-Diff-Analyzer failed at action resolution with the same policy error
(actions/setup-node@v6, aws-actions/configure-aws-credentials@v6,
peter-evans/find-comment@v3, peter-evans/create-or-update-comment@v5 not
pinned to full SHA). This dies before the skip-diff-analyzer label can take
effect, since the policy check runs before the called workflow executes.

Bump all four remaining refs to 761e093b8c13 (opensearch-build #6253),
where these actions are SHA-pinned, fully removing the old ref from the repo.

Signed-off-by: Eric Wei &lt;mengwei.eric@gmail.com&gt;
diff --git a/.github/workflows/issue-dedupe.yml b/.github/workflows/issue-dedupe.yml
@@ -23,7 +23,7 @@ on:
 jobs:
   detect:
     if: (github.event_name == 'issues' && github.event.issue.user.type != 'Bot') || (github.event_name == 'workflow_dispatch' && inputs.job == 'detect')
-    uses: opensearch-project/opensearch-build/.github/workflows/issue-dedupe-detect.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main
+    uses: opensearch-project/opensearch-build/.github/workflows/issue-dedupe-detect.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main
     permissions:
       contents: read
       issues: write
@@ -36,7 +36,7 @@ jobs:
 
   auto-close:
     if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.job == 'auto-close')
-    uses: opensearch-project/opensearch-build/.github/workflows/issue-dedupe-autoclose.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main
+    uses: opensearch-project/opensearch-build/.github/workflows/issue-dedupe-autoclose.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main
     permissions:
       issues: write
     with:
diff --git a/.github/workflows/pr_review.yml b/.github/workflows/pr_review.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   Code-Diff-Analyzer:
-    uses: opensearch-project/opensearch-build/.github/workflows/code-diff-analyzer.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main
+    uses: opensearch-project/opensearch-build/.github/workflows/code-diff-analyzer.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main
     if: github.repository == 'opensearch-project/sql'
     permissions:
       id-token: write  # github oidc to assume aws roles
@@ -18,7 +18,7 @@ jobs:
       update_pr_comment_with_analyzer_report: true
 
   Code-Diff-Reviewer:
-    uses: opensearch-project/opensearch-build/.github/workflows/code-diff-reviewer.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main
+    uses: opensearch-project/opensearch-build/.github/workflows/code-diff-reviewer.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main
     needs: Code-Diff-Analyzer
     if: github.repository == 'opensearch-project/sql'
     permissions:
