chore: pin GitHub Actions to full-length commit SHAs#579
chore: pin GitHub Actions to full-length commit SHAs#579
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} | ||
|
|
||
| - uses: actions/checkout@v4 | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 |
There was a problem hiding this comment.
Inconsistent checkout v4 SHA across workflow files
Low Severity
The newly pinned actions/checkout SHA 34e114876b0b11c390a56381ad16ebd13914f8d5 (labelled # v4) differs from the SHA 11bd71901bbe5b1630ceea73d27597364c9af683 already used for actions/checkout v4 in ci.yml, image.yml, and python-example-image.yml. This means different workflow files reference different versions of the same action while both claiming to be v4, which could lead to subtle behavioral differences between CI and release workflows.
Additional Locations (1)
geoffg-sentry
left a comment
geoffg-sentry
left a comment
There was a problem hiding this comment.
Mind making those actions versions consistent? Good job cursor
2 participants
Summary
.github/workflow files to full-length commit SHAsGenerated by
devenv pin_gha.🤖 Generated with Claude Code