Skip to content

⚙️ [Maintenance]: Workflow reference pinned to immutable SHA#575

Merged
Marius Storhaug (MariusStorhaug) merged 1 commit intomainfrom
fix/574-pin-process-psmodule-sha
Apr 4, 2026
Merged

⚙️ [Maintenance]: Workflow reference pinned to immutable SHA#575
Marius Storhaug (MariusStorhaug) merged 1 commit intomainfrom
fix/574-pin-process-psmodule-sha

Conversation

@MariusStorhaug
Copy link
Copy Markdown
Member

@MariusStorhaug Marius Storhaug (MariusStorhaug) commented Apr 4, 2026

The CI workflow reference is now pinned to a specific commit SHA, consistent with all other uses: references in the PSModule infrastructure. Dependabot will automatically propose updates when new versions of Process-PSModule are released.

Changed: Workflow reference pinned to immutable SHA

The Process-PSModule reusable workflow reference in .github/workflows/Process-PSModule.yml was using a mutable major version tag (@v5). It is now pinned to the exact commit SHA with the patch-level version in a trailing comment:

# Before
uses: PSModule/Process-PSModule/.github/workflows/workflow.yml@v5

# After
uses: PSModule/Process-PSModule/.github/workflows/workflow.yml@4343d76f9e8c9468527175ea292092c2d055be8c # v5.4.5

Dependabot's github-actions ecosystem is already configured and will keep this reference up to date automatically.

Technical Details

  • Changed @v5 to @4343d76f9e8c9468527175ea292092c2d055be8c # v5.4.5 in .github/workflows/Process-PSModule.yml.
  • The existing dependabot.yml already covers github-actions in /, so SHA-pinned reusable workflow references will be updated automatically.
  • No functional change — v5 currently resolves to the same commit (4343d76).

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 4, 2026

No Significant Changes Detected

This PR does not contain changes to files that would trigger a new release:

Path Description
src/** Module source code
README.md Documentation

Build, test, and publish stages will be skipped for this PR.

If you believe this is incorrect, please verify that your changes are in the correct locations.

@MariusStorhaug Marius Storhaug (MariusStorhaug) marked this pull request as ready for review April 4, 2026 23:02
Copilot AI review requested due to automatic review settings April 4, 2026 23:02
Copilot AI reviewed Apr 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins the repository’s Process-PSModule reusable workflow reference to an immutable commit SHA to align with the existing security hardening pattern for GitHub Actions uses: references and enable safe Dependabot updates.

Changes:

  • Updated .github/workflows/Process-PSModule.yml to replace the mutable @v5 tag with a full commit SHA.
  • Added a trailing comment to preserve the human-readable patch version (# v5.4.5).

@MariusStorhaug Marius Storhaug (MariusStorhaug) merged commit 33bc295 into main Apr 4, 2026
45 of 46 checks passed
@MariusStorhaug Marius Storhaug (MariusStorhaug) deleted the fix/574-pin-process-psmodule-sha branch April 4, 2026 23:59
@github-project-automation github-project-automation bot moved this from Todo to Done in GitHub PowerShell Module Apr 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@MariusStorhaug Marius Storhaug (MariusStorhaug)

Labels

NoRelease

Projects

GitHub PowerShell Module
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pin Process-PSModule workflow reference to SHA with patch-level version comment

2 participants

@MariusStorhaug