ci: pinned commit shas to github workflows#1770
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1770 +/- ##
=======================================
Coverage 32.71% 32.71%
=======================================
Files 73 73
Lines 8112 8112
=======================================
Hits 2654 2654
Misses 5292 5292
Partials 166 166 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Validation workflow also tried out with this branch: https://github.com/Kong/deck/actions/runs/18119430656/job/51561297841 |
|
@Prashansa-K can you add the reason for these changes as well? |
Updated the description. Does that help? |
| @@ -0,0 +1,102 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Generated script.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 |
There was a problem hiding this comment.
not a blocker, calling out for visibility - but we seem to be using 2.11.1 in other workflows.
This is a security enhancement. We are pinning all
third-party actions that are used in our GH workflows.
This is to ensure that an incident like this doesn't recur: