Skip to content

Use commit hash for dependabot-auto-approve action#238

Merged
Marenz merged 1 commit intofrequenz-floss:v1.x.xfrom
Marenz:update-dependabot-to-hash-v1
Nov 3, 2025
Merged

Use commit hash for dependabot-auto-approve action#238
Marenz merged 1 commit intofrequenz-floss:v1.x.xfrom
Marenz:update-dependabot-to-hash-v1

Conversation

@Marenz
Copy link
Contributor

@Marenz Marenz commented Nov 3, 2025

Use commit hash instead of version tag for better security and reproducibility.

@Marenz
Use commit hash for dependabot-auto-approve action
35a55c2 
Use commit hash instead of version tag for better security and
reproducibility.

Signed-off-by: Mathias L. Baumann <mathias.baumann@frequenz.com>
@Marenz Marenz requested review from a team as code owners November 3, 2025 10:37
@github-actions github-actions bot added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) part:dispatcher labels Nov 3, 2025
Copilot AI reviewed Nov 3, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the GitHub Actions workflow to use a commit SHA reference instead of a tag reference for the dependabot-auto-approve action, improving security by pinning to an immutable reference.

  • Replaced tag reference v1.3.0 with commit SHA 005e52004f5d5c6af2f81b89ec25e5cf6f3dfd77, while retaining the version as a comment

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Marenz Marenz enabled auto-merge November 3, 2025 10:41
@Marenz Marenz added this pull request to the merge queue Nov 3, 2025
Merged via the queue into frequenz-floss:v1.x.x with commit 817b378 Nov 3, 2025
12 checks passed
@Marenz Marenz deleted the update-dependabot-to-hash-v1 branch November 3, 2025 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@llucax llucax llucax approved these changes

@stefan-brus-frequenz stefan-brus-frequenz Awaiting requested review from stefan-brus-frequenz stefan-brus-frequenz is a code owner automatically assigned from frequenz-floss/api-dispatch-team

Assignees

No one assigned

Labels

part:dispatcher part:tooling Affects the development tooling (CI, deployment, dependency management, etc.)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Marenz @llucax