Skip to content

Pin GitHub Actions to commit SHAs and configure Dependabot#555

Merged
zylxjtu merged 1 commit into
kubernetes-sigs:masterfrom
zylxjtu:master
Apr 22, 2026
Merged

Pin GitHub Actions to commit SHAs and configure Dependabot#555
zylxjtu merged 1 commit into
kubernetes-sigs:masterfrom
zylxjtu:master

Conversation

@zylxjtu
Copy link
Copy Markdown
Contributor

@zylxjtu zylxjtu commented Apr 21, 2026

Pin all action references in workflows to immutable commit SHAs (with version tags preserved as comments) to comply with the repository's security policy and mitigate tag-tampering risks. Also add Dependabot configuration to keep the pinned SHAs updated weekly via grouped pull requests.

@zylxjtu
Pin GitHub Actions to commit SHAs and configure Dependabot
1a1f0ad 
Pin all action references in workflows to immutable commit SHAs (with version
tags preserved as comments) to comply with the repository's security policy
and mitigate tag-tampering risks. Also add Dependabot configuration to keep
the pinned SHAs updated weekly via grouped pull requests.
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 21, 2026
@k8s-ci-robot k8s-ci-robot added tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 21, 2026
@zylxjtu
Copy link
Copy Markdown
Contributor Author

zylxjtu commented Apr 21, 2026

/assign @marosset @rzlink

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 21, 2026

@zylxjtu: GitHub didn't allow me to assign the following users: rzlink.

Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

Details

In response to this:

/assign @marosset @rzlink

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 21, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: msft-linliu, zylxjtu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@zylxjtu zylxjtu merged commit a77b0b6 into kubernetes-sigs:master Apr 22, 2026
8 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claudiubelu claudiubelu Awaiting requested review from claudiubelu

@marosset marosset Awaiting requested review from marosset

1 more reviewer

@msft-linliu msft-linliu msft-linliu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@marosset marosset

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@zylxjtu @k8s-ci-robot @msft-linliu @marosset