Skip to content

chore: pin GitHub Actions to full-length commit SHAs#385

Open
joshuarli wants to merge 2 commits into
mainfrom
pin-gha-actions
Open

chore: pin GitHub Actions to full-length commit SHAs#385
joshuarli wants to merge 2 commits into
mainfrom
pin-gha-actions

Conversation

@joshuarli
Copy link
Copy Markdown
Member

@joshuarli joshuarli commented Mar 24, 2026

Summary

  • Pin all GitHub Actions references in .github/ workflow files to full-length commit SHAs

Generated by devenv pin_gha.

🤖 Generated with Claude Code

@joshuarli joshuarli requested a review from buenaflor as a code owner March 24, 2026 06:44
@joshuarli joshuarli requested review from geoffg-sentry and removed request for buenaflor March 24, 2026 06:44
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 24, 2026

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

Internal Changes 🔧

Deps

  • Bump actions/create-github-app-token from 2.0.6 to 2.1.4 by dependabot in #356
  • Bump actions/upload-artifact from 4 to 5 by dependabot in #365
  • Bump actions/setup-java from 4 to 5 by dependabot in #353
  • Bump actions/checkout from 4 to 5 by dependabot in #350

Release

  • Fix changelog-preview permissions by BYK in #373
  • Switch from action-prepare-release to Craft by BYK in #371

Other

  • Pin GitHub Actions to full-length commit SHAs by joshuarli in #385
  • Use pull_request_target for changelog preview by BYK in #372

Other

  • internal: Instrument plugin with Sentry tracing & error by buenaflor in #381

🤖 This preview updates automatically when you update the PR.

@buenaflor @cursoragent
Merge branch 'main' into pin-gha-actions
0949dc8 
Resolve conflicts by keeping the current changelog preview workflow and
removing the obsolete Danger workflow from the PR branch.

Co-authored-by: Cursor <cursoragent@cursor.com>
@buenaflor buenaflor requested a review from denrase as a code owner May 28, 2026 11:57
denrase
denrase approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@denrase denrase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We use the full pinned version in other repos, might also make sense here. Otherwise LGTM

Comment thread .github/workflows/dart_plugin.yml

steps:
- uses: dart-lang/setup-dart@v1
- uses: dart-lang/setup-dart@e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c # v1
Copy link
Copy Markdown
Collaborator

@denrase denrase May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might make sense to specify the exact version this is pinned to in the comments and also use v1.7.2 here.

Suggested change
- uses: dart-lang/setup-dart@e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c # v1
- uses: dart-lang/setup-dart@65eb853c7ba17dde3be364c3d2858773e7144260 # pin@v1.7.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@denrase denrase denrase approved these changes

@geoffg-sentry geoffg-sentry geoffg-sentry approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@joshuarli @denrase @geoffg-sentry @buenaflor