Skip to content

CI: Pin GitHub Actions to commit SHAs#58

Merged
wraithm merged 1 commit into
masterfrom
pin-github-actions-sha
Jun 25, 2026
Merged

CI: Pin GitHub Actions to commit SHAs#58
wraithm merged 1 commit into
masterfrom
pin-github-actions-sha

Conversation

@wraithm

@wraithm wraithm commented Jun 25, 2026

Copy link
Copy Markdown
Member

Summary

The bitnomial org now enforces a policy requiring all GitHub Actions to be pinned to a full-length commit SHA. Our workflow referenced actions by tag (actions/checkout@v4, haskell-actions/setup@v2, actions/cache@v3), so every CI job was failing instantly at the action-preparation step:

The actions actions/checkout@v4, haskell-actions/setup@v2, and actions/cache@v3 are not allowed in bitnomial/prometheus because all actions must be pinned to a full-length commit SHA.

This pins all actions to commit SHAs via pinact run -u, which also bumps them to the latest releases: checkout v7.0.0, haskell-actions/setup v2.11.0, cache v6.0.0.

Test plan

  • CI green on this PR confirms the action-preparation step passes and the matrix builds again.

🤖 Generated with Claude Code

@wraithm @claude
CI: Pin GitHub Actions to commit SHAs
9a1d477 
The bitnomial org now requires all actions to be pinned to a full-length
commit SHA, which was failing every CI job at the action-preparation step.
Pinned via `pinact run -u`, which also bumps to the latest releases:
checkout v7.0.0, haskell-actions/setup v2.11.0, cache v6.0.0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@wraithm wraithm merged commit 8455d06 into master Jun 25, 2026
12 checks passed
@wraithm wraithm deleted the pin-github-actions-sha branch June 25, 2026 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wraithm