From 267be0e427cc9890998e142e7f4f5592d25b055d Mon Sep 17 00:00:00 2001 From: Paul Rutledge Date: Tue, 7 Apr 2026 09:30:35 -0500 Subject: [PATCH 1/2] Pin GitHub Actions to specific SHA hashes This pins all GitHub Action references to specific commit SHAs for improved supply chain security, while preserving the original version reference in a comment. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a96939e..b899be7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ jobs: test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 - name: Check outdated dependencies uses: liquidz/antq-action@master @@ -18,20 +18,20 @@ jobs: project-test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 - - uses: actions/setup-java@v2.4.0 + - uses: actions/setup-java@5f00602cd1b2819185d88dc7a1b1985f598c6705 # v2.4.0 with: java-version: 11 distribution: 'zulu' - name: Setup Clojure - uses: DeLaGuardo/setup-clojure@3.6 + uses: DeLaGuardo/setup-clojure@0fe110ad5aab7de04967d0f573267f7009aa0609 # 3.6 with: tools-deps: "1.10.3.1040" - name: Setup Babashka - uses: turtlequeue/setup-babashka@v1.3.0 + uses: turtlequeue/setup-babashka@fff96c154d5aec91d5bbfbb201c5b20f96653084 # v1.3.0 with: babashka-version: 0.6.8 From 5beb8c0b9704543b8eacbafd6e40d81285a8e133 Mon Sep 17 00:00:00 2001 From: donggun Date: Tue, 7 Apr 2026 10:53:41 -0500 Subject: [PATCH 2/2] Add commit URLs next to version comments for pinned actions Co-Authored-By: Claude Opus 4.6 --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b899be7..a11660b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ jobs: test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 https://github.com/actions/checkout/commit/ee0669bd1cc54295c223e0bb666b733df41de1c5 - name: Check outdated dependencies uses: liquidz/antq-action@master @@ -18,20 +18,20 @@ jobs: project-test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 https://github.com/actions/checkout/commit/ee0669bd1cc54295c223e0bb666b733df41de1c5 - - uses: actions/setup-java@5f00602cd1b2819185d88dc7a1b1985f598c6705 # v2.4.0 + - uses: actions/setup-java@5f00602cd1b2819185d88dc7a1b1985f598c6705 # v2.4.0 https://github.com/actions/setup-java/commit/5f00602cd1b2819185d88dc7a1b1985f598c6705 with: java-version: 11 distribution: 'zulu' - name: Setup Clojure - uses: DeLaGuardo/setup-clojure@0fe110ad5aab7de04967d0f573267f7009aa0609 # 3.6 + uses: DeLaGuardo/setup-clojure@0fe110ad5aab7de04967d0f573267f7009aa0609 # 3.6 https://github.com/DeLaGuardo/setup-clojure/commit/0fe110ad5aab7de04967d0f573267f7009aa0609 with: tools-deps: "1.10.3.1040" - name: Setup Babashka - uses: turtlequeue/setup-babashka@fff96c154d5aec91d5bbfbb201c5b20f96653084 # v1.3.0 + uses: turtlequeue/setup-babashka@fff96c154d5aec91d5bbfbb201c5b20f96653084 # v1.3.0 https://github.com/turtlequeue/setup-babashka/commit/fff96c154d5aec91d5bbfbb201c5b20f96653084 with: babashka-version: 0.6.8