Skip to content

chore: use pinned dependencies for github-actions #13140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mmorel-35 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: use pinned dependencies for github-actions #13140

mmorel-35 wants to merge 1 commit into from
+45 −41

Conversation

@mmorel-35
Copy link
Contributor

@mmorel-35 mmorel-35 commented Aug 8, 2025
edited
Loading

What I did

Scorecard asks for dependencies to be pinned (github-actions as Docker images), this focus on github-actions.
It provides the commits number to the used actions.
It also updates dependabot so both commit and semver are checked weekly for update.

OpenSSF Scorecard

Related issue

(not mandatory) A picture of a cute animal, if possible in relation to what you did

@mmorel-35 mmorel-35 requested a review from a team as a code owner August 8, 2025 12:57
@mmorel-35 mmorel-35 requested review from glours and ndeloof August 8, 2025 12:57
@mmorel-35 mmorel-35 force-pushed the pin-github-actions-versions branch 2 times, most recently from a313715 to e7dca0a Compare August 8, 2025 13:08
@github-actions github-actions bot added the stale label Oct 12, 2025
ndeloof
ndeloof previously approved these changes Oct 17, 2025
View reviewed changes
@stale
Copy link

stale bot commented Oct 17, 2025

This issue has been automatically marked as not stale anymore due to the recent activity.

@stale stale bot removed the stale label Oct 17, 2025
@ndeloof ndeloof enabled auto-merge (rebase) October 17, 2025 05:28
@github-actions github-actions bot added the stale label Dec 17, 2025
@mmorel-35
chore: use pinned dependencies for github-actions
a620805 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
auto-merge was automatically disabled December 17, 2025 07:07

Head branch was pushed to by a user without write access

@mmorel-35 mmorel-35 force-pushed the pin-github-actions-versions branch from e7dca0a to a620805 Compare December 17, 2025 07:07
@stale
Copy link

stale bot commented Dec 17, 2025

This issue has been automatically marked as not stale anymore due to the recent activity.

2 similar comments
@stale
Copy link

stale bot commented Dec 17, 2025

This issue has been automatically marked as not stale anymore due to the recent activity.

@stale
Copy link

stale bot commented Dec 17, 2025

This issue has been automatically marked as not stale anymore due to the recent activity.

@stale stale bot removed the stale label Dec 17, 2025
@mmorel-35
Copy link
Contributor Author

mmorel-35 commented Dec 17, 2025

@ndeloof ,

I rebased and updated pinned version to match the new one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ndeloof ndeloof ndeloof left review comments

@glours glours Awaiting requested review from glours glours is a code owner automatically assigned from docker/compose-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mmorel-35 @ndeloof