harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/.github/workflows
History
fettpl 9df5a07640 ci: pin all GitHub Actions to full SHA digests 
Pin every third-party GitHub Action to its current commit SHA with a
version comment, eliminating supply chain risk from mutable version
tags. Mutable tags (v4, v2, etc.) can be force-pushed by upstream
maintainers; SHA digests are immutable.

18 unique actions pinned across 9 workflow files.

Closes #357

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 17:32:18 +01:00
..
auto-response.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00
ci.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00
docker.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00
labeler.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00
pr-hygiene.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00
release.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00
security.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00
stale.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00
workflow-sanity.yml ci: pin all GitHub Actions to full SHA digests 2026-02-16 17:32:18 +01:00