Use full-length commit SHA for write-file-action and read-file-actions

[notjustanyusername]

Description

I have the Github Actions setting "Require actions to be pinned to a full-length commit SHA" enabled for my repository. This action is not allowed because there are two dependencies of this action that do not have the full commit SHA.

Checklist

• [ x ] I have tested these changes against my repository and it works as expected.
• Added or updated relevant documentation (leave unchecked if not applicable)

Summary by CodeRabbit

• Chores
  • Improved workflow stability by pinning automated actions to specific versions, ensuring consistent execution across deployments.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• flake.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Updates GitHub action references in action.yml from version tags to specific commit SHAs for reproducibility. Adds explicit empty environment variable configuration to the "Save PR Body as file" step.

Changes

Cohort / File(s)	Change Summary
Action Reference Pinning action.yml	Replaced versioned tags (v1.3, v1) for write-file-action and read-file-action with specific commit SHAs; added explicit empty env: {} declaration to "Save PR Body as file" step

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Simple configuration updates with clear reproducibility intent (commit SHA pinning)
• Minimal scope affecting a single file
• Straightforward environment variable addition

Poem

🐰 With commits pinned like carrots in a row,
No version drift shall make our action flow,
Environment declared, explicit and clear,
Reproducibility we hold most dear! 🌟

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "Use full-length commit SHA for write-file-action and read-file-actions" directly and accurately describes the main change in the PR. The raw summary confirms that the core change is pinning write-file-action and read-file-action to specific commit SHAs instead of versioned tags, which aligns perfectly with the objectives documented (enabling the repository's requirement for actions to be pinned to full-length commit SHAs). The title is concise, clear, and specific enough that a developer scanning PR history would immediately understand the primary purpose of this changeset.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[lucperkins]

Seems reasonable to me. I've verified that the commit hashes correspond to the desired/documented versions 👍🏼

[lucperkins]

@JosephGoulden Could you run nix flake update nixpkgs and commit the new flake.lock? Nixpkgs is out of date in this repo, which is 100% not your fault but CI doesn't like it 😄 Good to go otherwise.