Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin Dependencies for Improved Security and Stability #377

Merged
merged 1 commit into from
Feb 21, 2025
Merged

Pin Dependencies for Improved Security and Stability #377

merged 1 commit into from
Feb 21, 2025

Conversation

Tatsinnit
Copy link
Member

Description:

This PR updates our GitHub Actions workflow by pinning dependencies to specific commit SHAs, ensuring enhanced security, reliability, and consistency across builds.

Changes Included:

  • Pinned for example actions/setup-python@v5 to its SHA (0b93645) to prevent unexpected updates.
  • Ensured all GitHub Actions dependencies are using SHA references instead of floating tags.

Why This Matters:

  • Security – Prevents supply chain attacks by ensuring that only the verified version of an action runs.
  • Stability – Guarantees that workflows are consistent across runs, avoiding unexpected behavior from upstream changes.
  • Performance – Helps maintain reproducible builds by locking dependencies to known-good versions.

Thanks

@Tatsinnit Tatsinnit added enhancement Feature request/improved experience github_actions Pull requests that update GitHub Actions code labels Feb 21, 2025
@Tatsinnit Tatsinnit self-assigned this Feb 21, 2025
@Tatsinnit Tatsinnit requested a review from a team as a code owner February 21, 2025 08:38
ReinierCC
ReinierCC approved these changes Feb 21, 2025
View reviewed changes
Copy link

@ReinierCC ReinierCC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SHA changes look good.

Might be useful to create a reference doc on how to find the SHAs to incorporate into other repos.

@Tatsinnit Tatsinnit enabled auto-merge (squash) February 21, 2025 17:37
@Tatsinnit Tatsinnit requested review from davidgamero and a team February 21, 2025 17:37
@Tatsinnit Tatsinnit merged commit 6c8a34f into Azure:main Feb 21, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ReinierCC ReinierCC ReinierCC approved these changes

@bosesuneha bosesuneha bosesuneha approved these changes

@davidgamero davidgamero Awaiting requested review from davidgamero

Assignees

@Tatsinnit Tatsinnit

Labels
enhancement Feature request/improved experience github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Tatsinnit @ReinierCC @bosesuneha