Pin GitHub actions using Frizbee#12082
Conversation
This commit pins actions to their commit hash. Pinning actions to their commit hash ensures that the same version of the image or action is used every time the workflow runs. This is important for reproducibility and security. Pinning is a security practice recommended by GitHub: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
Code Climate has analyzed commit 5e2879a and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
Hey 👋🏻 !
Description:
This commit pins actions to their commit hash. If this is of interest to CaC, I can also open another PR with an action that does it automatically.
Rationale:
Pinning actions to their commit hash ensures that the same version of the image or action is used every time the workflow runs. This is important for reproducibility and security.
Pinning is a security practice recommended by GitHub
Review Hints:
You can check that the hashes correspond to the tags manually, but that's quite a bit of manual labor. That's why we developed a tool that automates pinning of actions and container images.