[llvm] [Github] Hash Pin Actions in Most Workflows (PR #129486)
Aiden Grossman via llvm-commits
llvm-commits at lists.llvm.org
Sun Mar 16 21:32:36 PDT 2025
================
@@ -60,12 +60,12 @@ jobs:
# a local checkout beforehand.
- name: Fetch LLVM sources (Push)
if: ${{ github.event_name == 'push' }}
- uses: actions/checkout at v4
+ uses: actions/checkout at 11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Get subprojects that have doc changes
id: docs-changed-subprojects
- uses: tj-actions/changed-files at v39
+ uses: tj-actions/changed-files at fea790cb660e33aef4bdf07304e28fedd77dfa13 # v39.2.4
----------------
boomanaiden154 wrote:
Yeah. It was really good timing.
I changed to the StepSecurity fork when the actions were taken down (https://github.com/llvm/llvm-project/commit/6616acd80cd91a0075e3cd481bb9a6d82fd4ea9e). I want to do at least look at all the third party actions we're using and maybe even reimplement some of the simple ones to reduce risk.
https://github.com/llvm/llvm-project/pull/129486
More information about the llvm-commits
mailing list