xz/workflows at 5ce0f7a48bdf5c3b45430850a4487307afac6143 - xz

History

Gabriela Gutierrez 37947d4a75 CI: Bump and ref actions by commit SHA in windows-ci.yml Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch. It's important to make sure the SHA's are from the original repositories and not forks. For reference: https://github.com/msys2/setup-msys2/releases/tag/v2.20.1 `27b3aa77f6` https://github.com/actions/checkout/releases/tag/v4.1.0 `8ade135a41` https://github.com/actions/upload-artifact/releases/tag/v3.1.3 `a8a3f3ad30` Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>	2023-10-13 20:03:13 +08:00
..
ci.yml	CI: Bump and ref actions by commit SHA in ci.yml	2023-10-13 20:03:13 +08:00
windows-ci.yml	CI: Bump and ref actions by commit SHA in windows-ci.yml	2023-10-13 20:03:13 +08:00

Gabriela Gutierrez 37947d4a75 CI: Bump and ref actions by commit SHA in windows-ci.yml

Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch.

It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/msys2/setup-msys2/releases/tag/v2.20.1
27b3aa77f6

https://github.com/actions/checkout/releases/tag/v4.1.0
8ade135a41

https://github.com/actions/upload-artifact/releases/tag/v3.1.3
a8a3f3ad30

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

2023-10-13 20:03:13 +08:00

ci.yml CI: Bump and ref actions by commit SHA in ci.yml 2023-10-13 20:03:13 +08:00

windows-ci.yml CI: Bump and ref actions by commit SHA in windows-ci.yml 2023-10-13 20:03:13 +08:00