Skip to content

ci: pin GitHub Actions to SHAs for security#12972

Merged
moonming merged 1 commit intoapache:masterfrom
janiussyafiq:task/pin-ga-shas
Feb 5, 2026
Merged

ci: pin GitHub Actions to SHAs for security#12972
moonming merged 1 commit intoapache:masterfrom
janiussyafiq:task/pin-ga-shas

Conversation

@janiussyafiq
Copy link
Contributor

@janiussyafiq janiussyafiq commented Feb 5, 2026

Description

This PR transitions third-party GitHub Actions from mutable tags (e.g., @v3 or @master to full-length, immutable commit SHAs for better security

Which issue(s) this PR fixes:

Fixes #12938

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. github_actions Pull requests that update GitHub Actions code labels Feb 5, 2026
@moonming moonming merged commit 8196018 into apache:master Feb 5, 2026
23 checks passed
@janiussyafiq janiussyafiq deleted the task/pin-ga-shas branch February 5, 2026 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nic-6443 nic-6443 nic-6443 approved these changes

@moonming moonming moonming approved these changes

@shreemaan-abhishek shreemaan-abhishek shreemaan-abhishek approved these changes

Assignees

No one assigned

Labels

github_actions Pull requests that update GitHub Actions code size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ci: github actions version pinning

4 participants

@janiussyafiq @nic-6443 @moonming @shreemaan-abhishek