fix(ci): pin rotation workflow actions to commit SHAs#2363
Conversation
The org requires all GitHub Actions to be pinned to a full-length commit SHA; actions/checkout@v4 and actions/setup-python@v5 were rejected at run time. Pin both to the same SHAs the repo's other workflows use. Co-authored-by: Isaac
|
|
🏷️ Doc impact: This only pins GitHub Actions dependencies to commit SHAs in a CI workflow, an internal tooling change with no user-facing surface affected. Auto-classified on merge. Set the label manually before merging to override. · run |
Related issue
N/A
Summary
The Discord watch rotation workflow failed on its first scheduled run (run 29083842707):
The org enforces SHA-pinned actions. This pins both to the same commit SHAs the repo's other workflows already use:
actions/checkout→9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0(v7.0.0)actions/setup-python→a309ff8b426b58ec0e2a45f0f869d46889d02405(v6.2.0)Test Plan
pre-commit run check-yamlpasses on the workflow file..github/workflows/(grep).Demo
N/A — non-visual CI fix.
Type of change
Test coverage
Coverage notes
Verified by matching the pinned SHAs to those used by other workflows in the repo and by reading the failing run log, which showed the unpinned actions were rejected at job setup. No code paths changed.
This pull request and its description were written by Isaac.