Pin all GitHub Actions to full commit SHAs
Org policy now requires actions pinned to immutable SHAs instead of mutable version tags. Pin actions/checkout, actions/github-script, softprops/action-gh-release, and oven-sh/setup-bun across all workflows.
This commit is contained in:
Lawrence Chen
parent
3cf1d2501f
commit
fc3e3a4d7d
4 changed files with 11 additions and 11 deletions
6
.github/workflows/release.yml
vendored
6
.github/workflows/release.yml
vendored
|
|
@ -17,13 +17,13 @@ jobs:
|
|||
cancel-in-progress: false
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
||||
with:
|
||||
submodules: recursive
|
||||
|
||||
- name: Guard immutable release assets
|
||||
id: guard_release_assets
|
||||
uses: actions/github-script@v7
|
||||
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
|
||||
with:
|
||||
script: |
|
||||
const { evaluateReleaseAssetGuard } = require('./scripts/release_asset_guard');
|
||||
|
|
@ -277,7 +277,7 @@ jobs:
|
|||
|
||||
- name: Upload release asset
|
||||
if: steps.guard_release_assets.outputs.skip_upload != 'true'
|
||||
uses: softprops/action-gh-release@v2
|
||||
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
|
||||
with:
|
||||
files: |
|
||||
cmux-macos.dmg
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue