Skip to content

chore(ci): pin GitHub Actions to immutable commit SHAs (tag-aligned)#196

Open
Copilot wants to merge 2 commits into
mainfrom
copilot/chore-pin-github-action
Open

chore(ci): pin GitHub Actions to immutable commit SHAs (tag-aligned)#196
Copilot wants to merge 2 commits into
mainfrom
copilot/chore-pin-github-action

Conversation

Copy link
Copy Markdown

Copilot AI commented Apr 15, 2026
edited
Loading

This updates workflow action references to use immutable commit SHAs while preserving tag intent for maintainability and Dependabot-driven updates. It removes mutable refs (including a main reference) from CI/release workflows.

  • Workflow action pinning

    • Updated all uses: entries in:
      • .github/workflows/python.yml
      • .github/workflows/release.yml
    • Converted tag/branch refs to full commit SHAs with inline tag annotations for scanability.

  • Tag/channel preservation for Dependabot compatibility

    • Kept version/channel context in comments (e.g. # v6, # v9, # release/v1) so pinned updates remain understandable and trackable.

  • Removed mutable branch ref

    • Replaced python-semantic-release/upload-to-gh-release@main with a pinned SHA mapped to a released tag line (# v9.8.9).
# before
uses: actions/checkout@v6
uses: python-semantic-release/upload-to-gh-release@main

# after
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: python-semantic-release/upload-to-gh-release@0a92b5d7ebfc15a84f9801ebd1bf706343d43711 # v9.8.9

Copilot AI linked an issue Apr 15, 2026 that may be closed by this pull request
chore: pin github action #195
Open
@jkowalleck
chore(ci): pin workflow actions to commit hashes
2a31112 
Agent-Logs-Url: https://github.com/madpah/serializable/sessions/16935bae-c7a9-4911-9f5c-186a8cabd561

Co-authored-by: jkowalleck <2765863+jkowalleck@users.noreply.github.com>
Copilot AI changed the title [WIP] Pin GitHub action to specific commit hashes chore(ci): pin GitHub Actions to immutable commit SHAs (tag-aligned) Apr 15, 2026
Copilot AI requested a review from jkowalleck April 15, 2026 12:58
@jkowalleck jkowalleck marked this pull request as ready for review April 23, 2026 19:08
@jkowalleck jkowalleck requested a review from madpah as a code owner April 23, 2026 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@madpah madpah Awaiting requested review from madpah madpah is a code owner

1 more reviewer

@jkowalleck jkowalleck jkowalleck approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jkowalleck jkowalleck

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

chore: pin github action

2 participants

@jkowalleck