Skip to content

ci: pin various actions to SHAs #2209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nschonni merged 8 commits into from
Mar 17, 2025
Merged

ci: pin various actions to SHAs #2209

nschonni merged 8 commits into from
Mar 17, 2025

Conversation

@nschonni
Copy link
Member

@nschonni nschonni commented Mar 17, 2025

Description

Pin SHAs according to https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions.
Adding additional permissions config for some of the missing jobs might make sense.

Motivation and Context

Some cleanup related to #2208

Testing Details

Example Output(if appropriate)

Types of changes

  • Documentation
  • Version change (Update, remove or add more Node.js versions)
  • Variant change (Update, remove or add more variants, or versions of variants)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Other (none of the above)

Checklist

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING.md document.
  • All new and existing tests passed.

SimenB
SimenB approved these changes Mar 17, 2025
View reviewed changes
Copy link
Member

@SimenB SimenB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dependabot knows how to update these, right?

forsen
forsen reviewed Mar 17, 2025
View reviewed changes
forsen
forsen reviewed Mar 17, 2025
View reviewed changes
forsen
forsen reviewed Mar 17, 2025
View reviewed changes
@forsen
Copy link

forsen commented Mar 17, 2025

dependabot knows how to update these, right?

Yep, implemented in dependabot/dependabot-core#5951

@nschonni nschonni merged commit ebe23e5 into nodejs:main Mar 17, 2025
2 checks passed
@nschonni nschonni deleted the harden-ci branch March 17, 2025 14:05
@github-actions
Copy link

github-actions bot commented Mar 17, 2025

Created PR on the official-images repo (docker-library/official-images#18646). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub.

@nodejs-github-bot nodejs-github-bot mentioned this pull request Mar 17, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SimenB SimenB SimenB approved these changes

+1 more reviewer

@forsen forsen forsen left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nschonni @forsen @SimenB