Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

workflows: pin setup-ruby action #1345

Merged
merged 1 commit into from
Apr 19, 2024
Merged

workflows: pin setup-ruby action #1345

merged 1 commit into from
Apr 19, 2024

Conversation

Moisan
Copy link
Member

@Moisan Moisan commented Apr 19, 2024

Pin the version of the setup-ruby action to full length commit SHA as described in the security hardening for GitHub Actions guide.

@jacobbednarz
Copy link
Member

jacobbednarz commented Apr 19, 2024
edited
Loading

understandable that we want to be more in control of the versions, however, what are we actually aiming to achieve with this? given we use dependabot, the versions will be bumped automatically after a review with a PR anyway.

are we looking to mitigate the chance of a bump happening in CI before we have the opportunity to test it? or are we looking to be more across the minor version bumps?

not against this by any means but do want to understand the driver a bit better. the cases where i've seen people do this in the past, it hasn't actually made any difference to their workflows and people just bump the versions anyway (it was more of a compliance checkbox).

MikeMcQuaid
MikeMcQuaid approved these changes Apr 19, 2024
View reviewed changes
Copy link
Member

@MikeMcQuaid MikeMcQuaid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Moisan!

@MikeMcQuaid
Copy link
Member

understandable that we want to be more in control of the versions, however, what are we actually aiming to achieve with this?

Tags are mutable, SHAs are not.

@MikeMcQuaid MikeMcQuaid merged commit bfeed44 into Homebrew:master Apr 19, 2024
4 checks passed
@Moisan Moisan deleted the pin_setup-ruby branch April 19, 2024 14:43
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@MikeMcQuaid MikeMcQuaid MikeMcQuaid approved these changes

Assignees
No one assigned
Labels
outdated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Moisan @jacobbednarz @MikeMcQuaid