Skip to content

Pin GitHub actions dependency hashes #235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Pin GitHub actions dependency hashes #235

wants to merge 1 commit into from

Conversation

@patzielinski
Copy link
Collaborator

@patzielinski patzielinski commented Nov 24, 2025

This PR pins GitHub actions dependency hashes. Might be a bit noisier with Dependabot PRs, but if so we can just batch them per week.

@JustinCappos
Copy link
Collaborator

JustinCappos commented Nov 24, 2025 via email

@patzielinski
Copy link
Collaborator Author

patzielinski commented Nov 25, 2025

I'm going to look into this, I think there are some things we can do, but they'd have to be merged upstream first. For now, I think we can just merge this in.

@adityasaky
Copy link
Member

adityasaky commented Nov 26, 2025

I would consider if this is worth the extra dependabot PRs you're going to get. This is after all only the website repo, and not reeeallly critical. And nothing's running on any self managed compute.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JustinCappos JustinCappos Awaiting requested review from JustinCappos

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@patzielinski @JustinCappos @adityasaky