Skip to content

fix: pin all GitHub Actions to SHA and fix invalid action version#10

Open
oto-macenauer-absa wants to merge 1 commit into
masterfrom
fix/pin-action-versions-to-sha
Open

fix: pin all GitHub Actions to SHA and fix invalid action version#10
oto-macenauer-absa wants to merge 1 commit into
masterfrom
fix/pin-action-versions-to-sha

Conversation

@oto-macenauer-absa
Copy link
Copy Markdown
Collaborator

@oto-macenauer-absa oto-macenauer-absa commented May 29, 2026

Overview

Fixes the failing check_pr_release_notes workflow and hardens all workflow files against supply-chain attacks.

Release Notes

  • Fixed: AbsaOSS/release-notes-presence-check@v0 replaced with @v0.4.0 (SHA-pinned) — v0 tag does not exist
  • Fixed: All GitHub Actions references now use immutable SHA pins with version comments instead of mutable tags

Related

Closes #9

@oto-macenauer-absa
fix: pin all GitHub Actions to SHA and fix invalid action version
0da3866 
Replace AbsaOSS/release-notes-presence-check@v0 (non-existent tag) with
the latest release v0.4.0 pinned to its commit SHA.

Pin all other action references to immutable SHAs with version comments
to prevent supply-chain attacks from mutable tags.

Fixes #9

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ndivho-makhuvha ndivho-makhuvha Awaiting requested review from ndivho-makhuvha ndivho-makhuvha is a code owner

@miroslavpojer miroslavpojer Awaiting requested review from miroslavpojer miroslavpojer is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix: Pin all GitHub Actions to SHA and update invalid action version

1 participant

@oto-macenauer-absa