Skip to content

fix(ci): pin GitHub Actions to commit SHAs for security#67

Merged
abubnalitic-nbl merged 1 commit into
mainfrom
fix/pin-docker-workflow-actions
Jan 13, 2026
Merged

fix(ci): pin GitHub Actions to commit SHAs for security#67
abubnalitic-nbl merged 1 commit into
mainfrom
fix/pin-docker-workflow-actions

Conversation

@abubnalitic-nbl

Copy link
Copy Markdown
Contributor

Resolves: 5, 6, 7, 8, 9 (CodeQL: Unpinned Action tags)

Summary: Pins all GitHub Actions in docker-publish.yml to specific commit SHAs instead of mutable version tags to prevent supply chain attacks.

Changes

Action Before After
actions/checkout @v5 @08c6903 (v5.0.0)
docker/setup-qemu-action @V3 @c7c5346 (v3.7.0)
docker/setup-buildx-action @V3 @8d2750c (v3.12.0)
docker/login-action @V3 @5e57cd1 (v3.6.0)
docker/metadata-action @v5 @c299e40 (v5.10.0)
docker/build-push-action @v6 @2634353 (v6.18.0)

@abubnalitic-nbl abubnalitic-nbl merged commit 8ce4429 into main Jan 13, 2026
5 checks passed
@abubnalitic-nbl abubnalitic-nbl deleted the fix/pin-docker-workflow-actions branch January 13, 2026 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants