Skip to content

Pin commit sha on GitHub actions #4653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 29, 2025
Merged

Pin commit sha on GitHub actions #4653

merged 2 commits into from
Apr 29, 2025

Conversation

bmarty
Copy link
Member

@bmarty bmarty commented Apr 28, 2025
edited
Loading

Content

Use full Git SHA instead of version, which is safer according to https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Motivation and context

Safer CI

Closes #4652

Screenshots / GIFs

No changes

Tests

NA

Tested devices

NA

Checklist

  • Changes have been tested on an Android device or Android emulator with API 24
  • UI change has been tested on both light and dark themes
  • Accessibility has been taken into account. See https://github.com/element-hq/element-x-android/blob/develop/CONTRIBUTING.md#accessibility
  • Pull request is based on the develop branch
  • Pull request title will be used in the release note, it clearly define what will change for the user
  • Pull request includes screenshots or videos if containing UI changes
  • You've made a self review of your PR

@bmarty bmarty added the PR-Build For changes related to build, tools, CI/CD label Apr 28, 2025
@bmarty bmarty requested a review from a team as a code owner April 28, 2025 15:33
@bmarty bmarty requested review from ganfra and removed request for a team April 28, 2025 15:33
@codecov Codecov
Copy link

codecov bot commented Apr 28, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.01%. Comparing base (847f8fc) to head (d7abb97).
Report is 2 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #4653   +/-   ##
========================================
  Coverage    80.01%   80.01%           
========================================
  Files         2107     2107           
  Lines        55836    55836           
  Branches      6970     6970           
========================================
  Hits         44676    44676           
  Misses        8763     8763           
  Partials      2397     2397

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions GitHub Actions
Copy link
Contributor

📱 Scan the QR code below to install the build (arm64 only) for this PR.
QR code
If you can't scan the QR code you can install the build via this link: https://i.diawi.com/EzYML7

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bmarty bmarty changed the title Feature/bma/pin sha Pin commit sha on GitHub actions Apr 28, 2025
@bmarty bmarty merged commit 04083ca into develop Apr 29, 2025
42 checks passed
@bmarty bmarty deleted the feature/bma/pinSha branch April 29, 2025 07:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ganfra ganfra ganfra approved these changes

Assignees
No one assigned
Labels
PR-Build For changes related to build, tools, CI/CD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pin actions to a full length commit SHA
2 participants
@bmarty @ganfra