[all-commits] [llvm/llvm-project] c9aefe: [Github][libc] Hash Pin Actions in Workflows (#129...
Aiden Grossman via All-commits
all-commits at lists.llvm.org
Mon Mar 3 08:38:00 PST 2025
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: c9aefe10d78276bf59780b6e7dd834fae9ea91e7
https://github.com/llvm/llvm-project/commit/c9aefe10d78276bf59780b6e7dd834fae9ea91e7
Author: Aiden Grossman <aidengrossman at google.com>
Date: 2025-03-03 (Mon, 03 Mar 2025)
Changed paths:
M .github/workflows/libc-fullbuild-tests.yml
M .github/workflows/libc-overlay-tests.yml
Log Message:
-----------
[Github][libc] Hash Pin Actions in Workflows (#129487)
This patch has pins actions in the libc Github workflows. Hash pinning
is a best practice as it ensures we are getting an exact action version,
which can help with reproducibility/reliability. It additionally
alleviates security concerns as an attacker can modify release assets,
potentially giving them access to tokens in privileged workflows.
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list