chore(ci): fix SHA pins to match declared action versions#98
Open
anupsv wants to merge 1 commit into
Open
Conversation
Several workflow files had SHA pins that didn't match the version comment beside them (e.g. checkout@<v4.3.1 SHA> # v4.2.2). This updates each SHA to the exact commit hash for the version stated in the comment, and adds missing version comments to already-pinned actions that lacked them for auditability. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Several GitHub Actions workflow files had SHA pins that didn't match the version labels in their comments. This PR corrects all mismatches and adds missing version comments to already-pinned actions for auditability.
Corrections (wrong SHA → correct SHA for stated version)
main.yaml,fuzz.yml,clusterfuzzlite.ymlactions/checkout # v4.2.234e114...(v4.3.1)11bd71...(v4.2.2)fuzz.ymlactions/setup-go # v5.1.0cdcb36...(v5.0.1)41dfa1...(v5.1.0)main.yamlactions/setup-go # v419bb51...(v4.2.1)7b8cf1...(v4.3.0, latest v4)claude-code-review.ymlanthropics/claude-code-action # v1.0.107567fe9...7eab12...(v1.0.107)Added missing version comments (SHAs were already correct)
build-container.yaml: added# v4.3.1,# v2.0.1,# v2.2.0,# v3.11.1toactions/checkout,amazon-ecr-login,setup-qemu-action,setup-buildx-actionclusterfuzzlite.yml: added# v1torun_fuzzersand unpinnedbuild_fuzzersinstances; added# v4.6.2toupload-artifact; added# v4.31.7tocodeql-action/upload-sarifTest plan
🤖 Generated with Claude Code