actions/pre-commit-action
5
0
Fork 0
mirror of https://github.com/pre-commit/action.git synced 2025-11-07 10:46:56 +00:00
Code Activity Actions

Pin actions/cache to SHA

Browse source 
Pin the action/cache action in action.yml to a specific SHA, this change will allow usage of the pre-commit action when enforcement of SHA pinning on actions is set[1]. SHA pinning helps prevent supply chain attacks as versions/releases of actions are not immutable and can be updated at any time. Pinning to a SHA makes the release immutable from the consumer perspective.

SHA pinning enforcement applies to downstream dependencies, i.e. if I include pre-commit/action in my workflows I cannot use SHA pinning because actions/cache is currently unpinned.

[1] https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/#enforce-sha-pinning
This commit is contained in:
Tom Cammann 2025-08-18 10:42:24 +01:00 committed by GitHub
parent 1b06ec171f
commit f151909a1b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
action.yml
View file

@ -12,7 +12,7 @@ runs:
shell: bash
- run: python -m pip freeze --local
shell: bash
- uses: actions/cache@v4
- uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: ~/.cache/pre-commit
key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}