Skip to content

fix: yml sha#157

Merged
4rthurCai merged 1 commit into
mainfrom
dev
Mar 14, 2026
Merged

fix: yml sha#157
4rthurCai merged 1 commit into
mainfrom
dev

Conversation

@4rthurCai
Copy link
Copy Markdown
Collaborator

@4rthurCai 4rthurCai commented Mar 14, 2026

Related Issue

Summary

Change Type

  • New Feature (feat)
  • Bug Fix (fix)
  • Refactoring (refactor)
  • Documentation (docs)
  • Dependency / Configuration (chore)

Self-Check Checklist

Backend (Go):

  • go build ./... passes
  • go vet ./... passes
  • gofmt produces no diff

Frontend (Vue):

  • npm run lint passes
  • npm run typecheck passes

General:

  • Removed all temporary debug output
  • No sensitive data in the code

Test Steps

  1. Pull branch and install dependencies: 
    cd backend && go mod download
cd ../frontend && npm install
  2. Start the application: 
    make dev-backend    # Terminal 1
make dev-frontend   # Terminal 2
  3. Verification steps:
    • ...

@4rthurCai 4rthurCai requested a review from koishi510 as a code owner March 14, 2026 03:57
Copilot AI review requested due to automatic review settings March 14, 2026 03:57
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 14, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@4rthurCai 4rthurCai merged commit 35d28c8 into main Mar 14, 2026
15 checks passed
Copilot AI reviewed Mar 14, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins GitHub Actions used in CI workflows to immutable commit SHAs (instead of floating tags) to improve supply-chain security and build reproducibility.

Changes:

  • Pin actions/checkout, actions/setup-node, actions/setup-go, and golangci-lint-action to specific commit SHAs in ci.yml.
  • Pin actions/checkout and SonarSource/sonarqube-scan-action to specific commit SHAs in build.yml.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
.github/workflows/ci.yml Replaces @v* action references with commit SHAs for frontend and backend CI steps.
.github/workflows/build.yml Replaces @v* action references with commit SHAs for SonarQube build workflow.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

Comment thread .github/workflows/ci.yml

steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
Comment thread .github/workflows/ci.yml

steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
Comment thread .github/workflows/ci.yml
uses: golangci/golangci-lint-action@v9
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9
with:
version: latest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@koishi510 koishi510 koishi510 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@4rthurCai @koishi510