Skip to content

chore(OP-2780): pin GitHub Actions to commit SHA#515

Merged
olivermeyer merged 1 commit into
mainfrom
chore/OP-2780-pin-actions-to-sha
Mar 30, 2026
Merged

chore(OP-2780): pin GitHub Actions to commit SHA#515
olivermeyer merged 1 commit into
mainfrom
chore/OP-2780-pin-actions-to-sha

Conversation

@zonorti

@zonorti zonorti commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

Action required: merge before ~April 20

Platform Engineering is enabling the GitHub org policy "Require actions to be pinned to a full-length commit SHA" (week 17). Once active, any workflow that references an action by version tag (e.g. @v4) will be blocked from running.

This PR pins all actions in this repo to their full commit SHA so workflows keep running after the policy is enforced.

Please merge this PR before week 17 (April 20). If you have questions, reach out in #support-platform-engineering or see OP-2780.

Copilot AI review requested due to automatic review settings March 27, 2026 09:38
@sonarqubecloud

Copy link
Copy Markdown

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates reusable GitHub Actions workflows to comply with the upcoming org policy requiring third-party actions to be pinned to full-length commit SHAs, ensuring CI workflows won’t be blocked once the policy is enforced.

Changes:

  • Pinned github/codeql-action steps (init, autobuild, analyze) to a specific commit SHA.
  • Pinned anthropics/claude-code-action invocations (interactive and automation modes) to specific commit SHAs.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/_codeql.yml Pins CodeQL actions to a full commit SHA to keep CodeQL analysis workflows runnable under the new policy.
.github/workflows/_claude-code.yml Pins Claude Code action references to full commit SHAs for both interactive and automation modes.

@codecov

codecov Bot commented Mar 27, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.
see 8 files with indirect coverage changes

@olivermeyer olivermeyer merged commit 48015bc into main Mar 30, 2026
33 of 34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants