Skip to content

ci: fix action version comments to match pinned SHAs#2017

Merged
k8s-ci-robot merged 1 commit intokubernetes-sigs:mainfrom
aramase:aramase/ci/pin_to_sha
Mar 30, 2026
Merged

ci: fix action version comments to match pinned SHAs#2017
k8s-ci-robot merged 1 commit intokubernetes-sigs:mainfrom
aramase:aramase/ci/pin_to_sha

Conversation

@aramase
Copy link
Copy Markdown
Member

@aramase aramase commented Mar 26, 2026
edited
Loading

golang/govulncheck-action v1.0.4 internally uses tag-based refs
(actions/checkout@v4.1.1, actions/setup-go@v5.0.0) which violate the
org's "require full-length commit SHA" policy. Update to the unreleased
upstream commit (31f7c546) that pins these to full SHAs.

Also fix tag comments across all workflows:

  • actions/checkout: v4.0.0 -> v6.0.2
  • codecov/codecov-action: add missing v5.5.3 tag comment
  • github-action-markdown-link-check: v1.0.17 -> 1.0.17 (no v prefix)

/kind cleanup
/triage accepted

@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. triage/accepted Indicates an issue or PR is ready to be actively worked on. labels Mar 26, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 26, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aramase

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Mar 26, 2026
@k8s-ci-robot k8s-ci-robot requested a review from ritazh March 26, 2026 20:13
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Mar 26, 2026
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 26, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 22.07%. Comparing base (fd0c075) to head (c02fce0).
⚠️ Report is 18 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2017   +/-   ##
=======================================
  Coverage   22.07%   22.07%           
=======================================
  Files          57       57           
  Lines        3198     3198           
=======================================
  Hits          706      706           
  Misses       2400     2400           
  Partials       92       92

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@aramase aramase force-pushed the aramase/ci/pin_to_sha branch from eada0f9 to ccc9feb Compare March 26, 2026 20:20
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 26, 2026
@aramase aramase force-pushed the aramase/ci/pin_to_sha branch 2 times, most recently from 58ad118 to ea5053d Compare March 26, 2026 20:49
@aramase
ci: fix govulncheck-action to use SHA-pinned dependencies
c02fce0 
golang/govulncheck-action v1.0.4 internally uses tag-based refs
(actions/checkout@v4.1.1, actions/setup-go@v5.0.0) which violate the
org's "require full-length commit SHA" policy. Update to the unreleased
upstream commit (31f7c546) that pins these to full SHAs.

Also fix tag comments across all workflows:
- actions/checkout: v4.0.0 -> v6.0.2
- codecov/codecov-action: add missing v5.5.3 tag comment
- github-action-markdown-link-check: v1.0.17 -> 1.0.17 (no v prefix)
@aramase aramase force-pushed the aramase/ci/pin_to_sha branch from ea5053d to c02fce0 Compare March 26, 2026 20:53
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 26, 2026
@aramase
Copy link
Copy Markdown
Member Author

aramase commented Mar 26, 2026

/assign @enj

@enj enj added this to SIG Auth Mar 27, 2026
@enj enj moved this to Subprojects - Needs Triage in SIG Auth Mar 27, 2026
@stlaz
Copy link
Copy Markdown
Contributor

stlaz commented Mar 30, 2026

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 30, 2026
@k8s-ci-robot k8s-ci-robot merged commit bd6552a into kubernetes-sigs:main Mar 30, 2026
27 checks passed
@github-project-automation github-project-automation bot moved this from Subprojects - Needs Triage to Closed / Done in SIG Auth Mar 30, 2026
@aramase aramase deleted the aramase/ci/pin_to_sha branch March 30, 2026 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ritazh ritazh Awaiting requested review from ritazh

Assignees

@stlaz stlaz

@enj enj

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@aramase @k8s-ci-robot @codecov-commenter @stlaz @benjaminapetersen @enj