Skip to content

Pin GitHub Actions to commit SHAs #6880

Merged
dlvenable merged 1 commit into
opensearch-project:mainfrom
Divyaasm:pin-actions-to-sha
May 26, 2026
Merged

Pin GitHub Actions to commit SHAs #6880
dlvenable merged 1 commit into
opensearch-project:mainfrom
Divyaasm:pin-actions-to-sha

Conversation

@Divyaasm
Copy link
Copy Markdown
Contributor

@Divyaasm Divyaasm commented May 21, 2026
edited
Loading

Description

Pin all GitHub Action tag references to their corresponding commit SHAs.

Tags are mutable references that can be force-pushed to point to different commits, making them vulnerable to supply chain attacks. Commit SHAs are immutable and guarantee that the exact reviewed code is executed in CI workflows. This change pins all third-party actions to their current commit SHAs to prevent potential tampering.

@Divyaasm Divyaasm force-pushed the pin-actions-to-sha branch from 2cd5bcd to 28e54c3 Compare May 21, 2026 21:50
@Divyaasm
Pin GitHub Actions to commit SHAs for supply chain security
63191b4 
Signed-off-by: Divya Madala <divyaasm@amazon.com>
@Divyaasm Divyaasm force-pushed the pin-actions-to-sha branch from 28e54c3 to 63191b4 Compare May 21, 2026 22:54
@Divyaasm Divyaasm changed the title Pin GitHub Actions to commit SHAs for supply chain security Pin GitHub Actions to commit SHAs May 21, 2026
dlvenable
dlvenable approved these changes May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@dlvenable dlvenable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Divyaasm !

@dlvenable dlvenable merged commit b5b4431 into opensearch-project:main May 26, 2026
72 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dlvenable dlvenable dlvenable approved these changes

@divbok divbok Awaiting requested review from divbok divbok is a code owner

@sb2k16 sb2k16 Awaiting requested review from sb2k16 sb2k16 is a code owner

@san81 san81 Awaiting requested review from san81 san81 is a code owner

@srikanthjg srikanthjg Awaiting requested review from srikanthjg srikanthjg is a code owner

@graytaylor0 graytaylor0 Awaiting requested review from graytaylor0 graytaylor0 is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@kkondaka kkondaka Awaiting requested review from kkondaka kkondaka is a code owner

@srikanthpadakanti srikanthpadakanti Awaiting requested review from srikanthpadakanti srikanthpadakanti is a code owner

@KarstenSchnitter KarstenSchnitter Awaiting requested review from KarstenSchnitter KarstenSchnitter is a code owner

@oeyh oeyh Awaiting requested review from oeyh oeyh is a code owner

@Zhangxunmt Zhangxunmt Awaiting requested review from Zhangxunmt Zhangxunmt is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Divyaasm @dlvenable