refactor(ci): lock action version#69
Conversation
Signed-off-by: WANG Xu <xwang@taosdata.com>
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
There was a problem hiding this comment.
Pull request overview
Locks GitHub Actions dependencies in CI workflows by pinning uses: steps to specific commit SHAs, improving supply-chain security and reproducibility of builds/releases.
Changes:
- Pin Release workflow actions (
release-drafter,download-artifact,action-gh-release) to commit SHAs. - Pin Build workflow actions (
install-jq-action,checkout,setup-conan,cache,codecov-action,upload-artifact) to commit SHAs.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/release.yml | Pins release-related actions to specific SHAs for deterministic release runs. |
| .github/workflows/build.yml | Pins build/test/upload actions to specific SHAs for deterministic CI runs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #69 +/- ##
==========================================
+ Coverage 84.56% 84.59% +0.02%
==========================================
Files 198 198
Lines 10543 10544 +1
Branches 4458 4546 +88
==========================================
+ Hits 8916 8920 +4
+ Misses 1627 1623 -4
- Partials 0 1 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Description
Lock action version in Github Action Workflow, to avoid workflow blocking issue caused by network.
Issue(s)
Checklist
Please check the items in the checklist if applicable.