Skip to content

GHA version pinning#23

Merged
morgangraphics merged 4 commits intomasterfrom
feature/GHA-version-pinning
Mar 31, 2026
Merged

GHA version pinning#23
morgangraphics merged 4 commits intomasterfrom
feature/GHA-version-pinning

Conversation

@morgangraphics
Copy link
Copy Markdown
Owner

@morgangraphics morgangraphics commented Mar 31, 2026

No description provided.

@morgangraphics morgangraphics requested a review from Copilot March 31, 2026 02:42
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hard-pins GitHub Actions used by security/scanning workflows to specific commit SHAs (instead of floating tags) to improve supply-chain security and build reproducibility.

Changes:

  • Pin actions/checkout and CodeQL actions (init, analyze) to commit SHAs in the CodeQL workflow.
  • Pin codacy/codacy-analysis-cli-action and github/codeql-action/upload-sarif to commit SHAs in the Codacy workflow.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/codeql-analysis.yml Pins CodeQL workflow action versions to SHAs (but introduces an incorrect action reference in the Autobuild step).
.github/workflows/codacy-analysis.yml Pins Codacy CLI and SARIF upload actions to SHAs for reproducible scanning runs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@morgangraphics morgangraphics requested a review from Copilot March 31, 2026 02:49
@morgangraphics
Clean up blank lines in codeql-analysis.yml
0c28725 
Removed unnecessary blank lines in CodeQL workflow.
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

.github/workflows/codeql-analysis.yml:55

  • There are trailing whitespace-only lines at the end of this workflow (e.g., the final blank line contains spaces). Please remove the extra whitespace to avoid noisy diffs and potential formatting/lint issues in CI.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@morgangraphics
Update .github/workflows/codacy-analysis.yml
83e973d 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@morgangraphics morgangraphics merged commit f9e22ca into master Mar 31, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@morgangraphics