Skip to content

ci: update actions to pinned SHA numbers #717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

ci: update actions to pinned SHA numbers #717

wants to merge 6 commits into from

Conversation

andrewb1269hg
Copy link

@andrewb1269hg andrewb1269hg commented May 24, 2025
edited
Loading

Description:

Update the actions in the testnet-build.yml file to pinned commit SHAs.

The following actions were updated to the latest version:
actions/checkout previously v2, now v4.2.2

The following actions were NOT updated:
actions/cache previously v4, now v4.2.3
actions/setup-java previously v1, now v1.4.4
actions/upload-artifact previously v4, now v4.6.2

Also I've added the config file for dependabot in dependabot.yml. The maintainers of this repo will need to enable dependabot:
Settings Tab > Security > Advanced Security > Enable Dependabot.

Related Issue(s):

Fixes #716

@andrewb1269hg
ci: update actions to pinned SHA numbers
3fffc99 
**Description**:

Update the actions in the `testnet-build.yml` file to pinned commit SHAs.

**Related Issue(s)**:

Fixes ACINQ#716

Signed-off-by: Andrew Brandt <[email protected]>
@andrewb1269hg
ci: switch to setup-java v1
0b3d5ba 
Signed-off-by: Andrew Brandt <[email protected]>
@andrewb1269hg
ci: update sha for upload-artifact action
51b31fd 
Signed-off-by: Andrew Brandt <[email protected]>
@andrewb1269hg
ci: add dependabot config file
4d75ad2 
Signed-off-by: Andrew Brandt <[email protected]>
@andrewb1269hg
ci: add newline to end of dependabot config file
06d2f4c 
Signed-off-by: Andrew Brandt <[email protected]>
dpad85
dpad85 requested changes Jun 6, 2025
View reviewed changes
Copy link
Member

@dpad85 dpad85 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making this PR. The changes in the github action look good (though note that this action builds a testnet version of Phoenix, not the mainnet one).

About Dependabot : dependabot alerts are already enabled in the repository and I think that's sufficient. I don't think we need Dependabot to open Pull Requests as well. If there is a problem we'll fix it manually. Can you remove the dependabot.yml configuration file?

@andrewb1269hg
remove dependabot.yml
2e88b71 
Signed-off-by: Andrew Brandt <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dpad85 dpad85 dpad85 requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ci: actions in workflow should be pinned to commit SHA not tags
2 participants
@andrewb1269hg @dpad85