Pin GitHub Actions to specific SHAs (53 actions in 11 files) #12133

ddk-dbt · 2025-10-30T19:43:54Z

📌 Pin GitHub Actions to Specific SHAs

This PR updates GitHub Actions references from tags/branches to specific commit SHAs for improved security and reproducibility.

📊 Summary

Files changed: 11
Actions pinned: 53

📝 Changes by file

`.github/workflows/release.yml`

📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4

`.github/workflows/backport.yml`

📌 tibdex/[email protected] → tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # tibdex/[email protected]

`.github/workflows/structured-logging-schema-check.yml`

📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6
📌 nick-fields/retry@v3 → nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # nick-fields/retry@v3

`.github/workflows/artifact-reviews.yml`

📌 peter-evans/find-comment@v2 → peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1 # peter-evans/find-comment@v2
📌 peter-evans/create-or-update-comment@v3 → peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # peter-evans/create-or-update-comment@v3

`.github/workflows/nightly-release.yml`

📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4

`.github/workflows/schema-check.yml`

📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 dorny/paths-filter@v3 → dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # dorny/paths-filter@v3
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/upload-artifact@v4 → actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # actions/upload-artifact@v4

`.github/workflows/test-repeater.yml`

📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6
📌 nick-fields/retry@v3 → nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # nick-fields/retry@v3

`.github/workflows/model_performance.yml`

📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/cache@v4 → actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # actions/cache@v4
📌 actions-rs/toolchain@v1 → actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # actions-rs/toolchain@v1
📌 actions-rs/cargo@v1 → actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # actions-rs/cargo@v1
📌 actions-rs/cargo@v1 → actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # actions-rs/cargo@v1
📌 actions-rs/cargo@v1 → actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # actions-rs/cargo@v1
📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/cache@v4 → actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # actions/cache@v4
📌 actions/upload-artifact@v4 → actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # actions/upload-artifact@v4
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/download-artifact@v4 → actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # actions/download-artifact@v4
📌 EndBug/add-and-commit@v9 → EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # EndBug/add-and-commit@v9
📌 peter-evans/create-pull-request@v7 → peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # peter-evans/create-pull-request@v7

`.github/workflows/main.yml`

📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6
📌 nick-fields/retry@v3 → nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # nick-fields/retry@v3
📌 codecov/codecov-action@v5 → codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # codecov/codecov-action@v5
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6
📌 nick-fields/retry@v3 → nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # nick-fields/retry@v3
📌 actions/upload-artifact@v4 → actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # actions/upload-artifact@v4
📌 codecov/codecov-action@v5 → codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # codecov/codecov-action@v5
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6
📌 nick-fields/retry@v3 → nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # nick-fields/retry@v3
📌 nick-fields/retry@v3 → nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # nick-fields/retry@v3
📌 actions/upload-artifact@v4 → actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # actions/upload-artifact@v4
📌 codecov/codecov-action@v5 → codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # codecov/codecov-action@v5
📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 actions/setup-python@v6 → actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # actions/setup-python@v6

`.github/workflows/check-artifact-changes.yml`

📌 actions/checkout@v4 → actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
📌 dorny/paths-filter@v3 → dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # dorny/paths-filter@v3

`.github/workflows/bot-changelog.yml`

📌 emmyoop/[email protected] → emmyoop/changie_bot@22b70618b13d0d1c64ea95212bafca2d2bf6b764 # emmyoop/[email protected]

Updated action references from tags/branches to specific commit SHAs for improved security and reproducibility.

cla-bot · 2025-10-30T19:43:59Z

Thanks for your pull request, and welcome to our community! We require contributors to sign our Contributor License Agreement and we don't seem to have your signature on file. Check out this article for more information on why we have a CLA.

In order for us to review and merge your code, please submit the Individual Contributor License Agreement form attached above above. If you have questions about the CLA, or if you believe you've received this message in error, please reach out through a comment on this PR.

CLA has not been signed by users: @ddk-dbt

codecov · 2025-10-30T19:46:28Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.89%. Comparing base (65a122b) to head (8b74c73).

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12133      +/-   ##
==========================================
- Coverage   91.94%   91.89%   -0.05%     
==========================================
  Files         203      203              
  Lines       24846    24846              
==========================================
- Hits        22844    22833      -11     
- Misses       2002     2013      +11

Flag	Coverage Δ
integration	`88.77% <ø> (-0.11%)`	⬇️
unit	`65.16% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
Unit Tests	`65.16% <ø> (ø)`
Integration Tests	`88.77% <ø> (-0.11%)`	⬇️

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Pin GitHub Actions to specific SHAs (53 actions in 11 files)

8b74c73

Updated action references from tags/branches to specific commit SHAs for improved security and reproducibility.

ddk-dbt requested a review from a team as a code owner October 30, 2025 19:43

github-actions bot added the community This PR is from a community member label Oct 30, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Pin GitHub Actions to specific SHAs (53 actions in 11 files) #12133

Pin GitHub Actions to specific SHAs (53 actions in 11 files) #12133

Uh oh!

ddk-dbt commented Oct 30, 2025

Uh oh!

cla-bot bot commented Oct 30, 2025

Uh oh!

codecov bot commented Oct 30, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Pin GitHub Actions to specific SHAs (53 actions in 11 files) #12133

Are you sure you want to change the base?

Pin GitHub Actions to specific SHAs (53 actions in 11 files) #12133

Uh oh!

Conversation

ddk-dbt commented Oct 30, 2025