Skip to content

chore: pin GitHub actions versions to hashes#10169

Open
Jefffrey wants to merge 1 commit into
apache:mainfrom
Jefffrey:pin-actions
Open

chore: pin GitHub actions versions to hashes#10169
Jefffrey wants to merge 1 commit into
apache:mainfrom
Jefffrey:pin-actions

Conversation

@Jefffrey

@Jefffrey Jefffrey commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Which issue does this PR close?

  • N/A

Rationale for this change

Similar to what we did in DataFusion, pin to hash since tags can be changed and potentially be susceptible to supply chain attacks

What changes are included in this PR?

Pin all versions to their hashes

Are these changes tested?

Are there any user-facing changes?

Jefffrey
Jefffrey commented Jun 21, 2026
View reviewed changes
Comment thread .github/actions/setup-builder/action.yaml
steps:
- name: Cache Cargo
uses: actions/cache@v4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5

@Jefffrey Jefffrey Jun 21, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is the only upgrade; not sure why this was stuck on v4 (why dependabot didnt bump it for us 🤔)

all other changes are just pinning to same hash as their version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jefffrey