Skip to content

Security/812 switch GitHub actions to shas#813

Draft
ArBridgeman wants to merge 10 commits intomainfrom
security/812_switch_github_actions_to_shas
Draft

Security/812 switch GitHub actions to shas#813
ArBridgeman wants to merge 10 commits intomainfrom
security/812_switch_github_actions_to_shas

Conversation

@ArBridgeman
Copy link
Copy Markdown
Collaborator

@ArBridgeman ArBridgeman commented Apr 30, 2026

closes #812

Checklist

Note: If any of the items in the checklist are not relevant to your PR, just check the box.

For any Pull Request

Is the following correct:

  • the title of the Pull Request?
  • the title of the corresponding issue?
  • there are no other open Pull Requests for the same update/change?
  • that the issue which this Pull Request fixes ("Fixes...") is mentioned?

When Changes Were Made

Did you:

  • update the changelog?
  • update the cookiecutter-template?
  • update the implementation?
  • check coverage and add tests: unit tests and, if relevant, integration tests?
  • update the User Guide & other documentation?
  • resolve any failing CI criteria (incl. Sonar quality gate)?

When Preparing a Release

Have you:

  • thought about version number (major, minor, patch)?
  • checked Exasol packages for updates and resolved open vulnerabilities, if easily possible?

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 30, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

ArBridgeman
ArBridgeman commented Apr 30, 2026
View reviewed changes
Comment thread test/unit/config_test.py
valid_version_string("$.2.3")


class TestGitHubActionSHAs:
Copy link
Copy Markdown
Collaborator Author

@ArBridgeman ArBridgeman Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also in this PR manually update the actions and workflow that the PTB does not control?

ArBridgeman
ArBridgeman commented Apr 30, 2026
View reviewed changes
Comment thread .github/workflows/checks.yml
- name: Check out Repository
id: check-out-repository
uses: actions/checkout@v6
uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd"
Copy link
Copy Markdown
Collaborator Author

@ArBridgeman ArBridgeman Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could also augment to put out the version as a comment.
zimor verifies if it's correct or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Switch GitHub actions to pins from BaseConfig

1 participant

@ArBridgeman