Skip to content

chore: pin GitHub Actions to SHA (action_sha_pining_github_leak_2026)#16

Closed
ookura-mf wants to merge 1 commit into
mainfrom
action_sha_pining_github_leak_2026
Closed

chore: pin GitHub Actions to SHA (action_sha_pining_github_leak_2026)#16
ookura-mf wants to merge 1 commit into
mainfrom
action_sha_pining_github_leak_2026

Conversation

@ookura-mf
Copy link
Copy Markdown

@ookura-mf ookura-mf commented May 11, 2026

Summary

Replaces tag/branch references in workflow files with commit SHAs.

  • Third-party actions are pinned via pinact.
  • moneyforward/* actions are pinned to the latest commit SHA of whatever
    ref is currently specified (version tag or branch).

Why

Mitigates the supply-chain risk of mutable tag/branch references in
GitHub Actions. SHAs are immutable; tags are not.

Test plan

  • CI green
  • Workflow files diff-reviewed for unintended changes

@ookura-mf
chore: pin GitHub Actions to SHA
aefba49 
Pin third-party action references to commit SHAs via pinact, and
pin moneyforward/* references to the latest commit SHA of whatever
ref is currently specified.

Generated by actpin.
@ookura-mf ookura-mf marked this pull request as ready for review May 12, 2026 00:47
@ookura-mf ookura-mf added the GitHubLeakIncident-sha-pinning-2026 SHA pinning rollout for the 2026-04-28 GitHub leak incident label May 12, 2026
@ookura-mf ookura-mf closed this May 13, 2026
@ookura-mf ookura-mf removed the GitHubLeakIncident-sha-pinning-2026 SHA pinning rollout for the 2026-04-28 GitHub leak incident label May 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ookura-mf