Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: pin all GitHub Actions by SHA and update via dependabot #1688

Merged
merged 1 commit into from
Feb 5, 2025
Merged

ci: pin all GitHub Actions by SHA and update via dependabot #1688

merged 1 commit into from
Feb 5, 2025
+24 −24

Conversation

xopham
Copy link
Contributor

@xopham xopham commented Feb 5, 2025
edited
Loading

What this PR does / why we need it:

pin all GitHub Actions by SHA

Pinning 3rd-party GitHub Actions by commit SHA makes them less vulnerable to compromise of the 3rd party. To avoid outdating and non-verbosity, versions are commented after the SHA and updating via dependabot is introduced that will automatically update the commented version tag as well.

In case of a false commit SHA, this change could break the corresponding workflow. Typically, this does not cause major interruptions, but it can for example affect a release pipeline and require restart causing delays.

Which issue this PR fixes

(optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged)

  • fixes #

Special notes for your reviewer:

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

  • Chart Version bumped
  • Documentation has been updated with helm-docs (run: .github/helm-docs.sh)
  • CHANGELOG.md has been updated
  • Variables are documented in the README.md
  • For Datadog Operator chart or value changes update the test baselines (run: make update-test-baselines)

@xopham xopham requested a review from a team as a code owner February 5, 2025 11:57
@clamoriniere
Copy link
Collaborator

/merge

@dd-devflow
Copy link

dd-devflow bot commented Feb 5, 2025
edited
Loading

Devflow running: /merge

View all feedbacks in Devflow UI.

2025-02-05 12:57:56 UTC ℹ️ MergeQueue: waiting for PR to be ready

This merge request is not mergeable yet, because of pending checks/missing approvals. It will be added to the queue as soon as checks pass and/or get approvals.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

2025-02-05 14:24:45 UTC ℹ️ MergeQueue: This merge request was already merged

This pull request was merged directly.

@tbavelier tbavelier merged commit d63ae70 into DataDog:main Feb 5, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clamoriniere clamoriniere clamoriniere approved these changes

Assignees
No one assigned
Labels
mergequeue-status: done tooling tools/ci
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xopham @clamoriniere @tbavelier