Skip to content

Instruct Renovate to pin GitHub Action hashes #6860

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 17, 2025
Merged

Instruct Renovate to pin GitHub Action hashes #6860

merged 3 commits into from
Mar 17, 2025

Conversation

yurishkuro
Copy link
Member

Which problem is this PR solving?

Description of the changes

How was this change tested?

  • CI

@yurishkuro yurishkuro requested a review from a team as a code owner March 17, 2025 16:00
@yurishkuro yurishkuro requested a review from mahadzaryab1 March 17, 2025 16:00
@yurishkuro yurishkuro added the changelog:ci Change related to continuous integration / testing label Mar 17, 2025
@yurishkuro
fix
00561d4 
Signed-off-by: Yuri Shkuro <[email protected]>
@yurishkuro yurishkuro enabled auto-merge March 17, 2025 16:02
@yurishkuro
fix
cc3626b 
Signed-off-by: Yuri Shkuro <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Mar 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.05%. Comparing base (712c1bc) to head (cc3626b).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6860      +/-   ##
==========================================
+ Coverage   96.03%   96.05%   +0.02%     
==========================================
  Files         367      367              
  Lines       20831    20831              
==========================================
+ Hits        20005    20010       +5     
+ Misses        630      626       -4     
+ Partials      196      195       -1
Flag Coverage Δ
badger_v1 9.88% <ø> (ø)
badger_v2 2.05% <ø> (ø)
cassandra-4.x-v1-manual 14.87% <ø> (ø)
cassandra-4.x-v2-auto 2.04% <ø> (ø)
cassandra-4.x-v2-manual 2.04% <ø> (ø)
cassandra-5.x-v1-manual 14.87% <ø> (ø)
cassandra-5.x-v2-auto 2.04% <ø> (ø)
cassandra-5.x-v2-manual 2.04% <ø> (ø)
elasticsearch-6.x-v1 19.55% <ø> (ø)
elasticsearch-7.x-v1 19.62% <ø> (ø)
elasticsearch-8.x-v1 19.79% <ø> (ø)
elasticsearch-8.x-v2 2.05% <ø> (ø)
grpc_v1 10.92% <ø> (ø)
grpc_v2 7.98% <ø> (ø)
kafka-3.x-v1 10.18% <ø> (ø)
kafka-3.x-v2 2.05% <ø> (ø)
memory_v2 2.05% <ø> (ø)
opensearch-1.x-v1 19.67% <ø> (ø)
opensearch-2.x-v1 19.67% <ø> (ø)
opensearch-2.x-v2 2.05% <ø> (ø)
tailsampling-processor 0.55% <ø> (ø)
unittests 94.93% <ø> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

jkowall
jkowall approved these changes Mar 17, 2025
View reviewed changes
Copy link
Contributor

@jkowall jkowall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@yurishkuro yurishkuro added this pull request to the merge queue Mar 17, 2025
Merged via the queue into jaegertracing:main with commit 2a0174d Mar 17, 2025
56 checks passed
amilbcahat pushed a commit to amilbcahat/jaeger that referenced this pull request May 4, 2025
@yurishkuro @amol-verma-allen
Instruct Renovate to pin GitHub Action hashes (jaegertracing#6860)
706ff04 
## Which problem is this PR solving?
- In light of
https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/,
make sure all actions are pinned

## Description of the changes
- Turns out Renovate has this as a feature
https://docs.renovatebot.com/modules/manager/github-actions/#digest-pinning-and-updating

## How was this change tested?
- CI

---------

Signed-off-by: Yuri Shkuro <[email protected]>
amilbcahat pushed a commit to amilbcahat/jaeger that referenced this pull request May 4, 2025
@yurishkuro @amol-verma-allen
Instruct Renovate to pin GitHub Action hashes (jaegertracing#6860)
4005176 
## Which problem is this PR solving?
- In light of
https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/,
make sure all actions are pinned

## Description of the changes
- Turns out Renovate has this as a feature
https://docs.renovatebot.com/modules/manager/github-actions/#digest-pinning-and-updating

## How was this change tested?
- CI

---------

Signed-off-by: Yuri Shkuro <[email protected]>
Signed-off-by: amol-verma-allen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowall jkowall jkowall approved these changes

@mahadzaryab1 mahadzaryab1 Awaiting requested review from mahadzaryab1 mahadzaryab1 is a code owner automatically assigned from jaegertracing/jaeger-maintainers

Assignees
No one assigned
Labels
changelog:ci Change related to continuous integration / testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yurishkuro @jkowall