Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: pin github actions by hash and update via dependabot #3067

Merged
merged 2 commits into from
Feb 4, 2025
Merged

ci: pin github actions by hash and update via dependabot #3067

merged 2 commits into from
Feb 4, 2025

Conversation

xopham
Copy link
Contributor

@xopham xopham commented Feb 4, 2025
edited
Loading

Description

  • Add dependabot for github actions
  • Pin actions by hash

Pinning 3rd-party GitHub Actions by commit SHA makes them less vulnerable to compromise of the 3rd party. To avoid outdating and non-verbosity, versions are commented after the SHA and updating via dependabot is introduced that will automatically update the commented version tag as well.

In case of a false commit SHA, this change could break the corresponding workflow. Typically, this does not cause major interruptions, but it can for example affect a release pipeline and require restart causing delays.

Reviewer checklist

  • Test coverage seems ok.
  • Appropriate labels assigned.

@xopham xopham marked this pull request as ready for review February 4, 2025 15:20
@xopham xopham requested a review from a team as a code owner February 4, 2025 15:20
@codecov-commenter
Copy link

codecov-commenter commented Feb 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 6.96%. Comparing base (f157156) to head (09475c0).

❗ There is a different number of reports uploaded between BASE (f157156) and HEAD (09475c0). Click for more details.

HEAD has 5 uploads less than BASE
Flag BASE (f157156) HEAD (09475c0)
tracer-php 11 6
Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #3067       +/-   ##
============================================
- Coverage     74.76%   6.96%   -67.80%     
  Complexity     2790    2790               
============================================
  Files           112     112               
  Lines         11039   11039               
============================================
- Hits           8253     769     -7484     
- Misses         2786   10270     +7484
Flag Coverage Δ
tracer-php 6.96% <ø> (-67.80%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 81 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f157156...09475c0. Read the comment docs.

@bwoebi bwoebi merged commit 89afe55 into DataDog:master Feb 4, 2025
409 of 460 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwoebi bwoebi bwoebi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xopham @codecov-commenter @bwoebi