Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

workflow/docs.yml: pin setup-ruby action #17086

Merged
merged 3 commits into from
Apr 15, 2024
Merged

workflow/docs.yml: pin setup-ruby action #17086

merged 3 commits into from
Apr 15, 2024

Conversation

Moisan
Copy link
Member

@Moisan Moisan commented Apr 14, 2024
edited
Loading

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes? Here's an example.
  • Have you successfully run brew style with your changes locally?
  • Have you successfully run brew typecheck with your changes locally?
  • Have you successfully run brew tests with your changes locally?

Pin the version of the setup-ruby action to full length commit SHA as described in the security hardening for GitHub Actions guide. I believe dependabot settings currently covers updating the setup-ruby commit SHA.

Bo98
Bo98 reviewed Apr 15, 2024
View reviewed changes
.github/workflows/docs.yml Outdated Show resolved Hide resolved
.github/workflows/docs.yml Outdated Show resolved Hide resolved
MikeMcQuaid
MikeMcQuaid approved these changes Apr 15, 2024
View reviewed changes
Copy link
Member

@MikeMcQuaid MikeMcQuaid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again @Moisan and for suggestions @Bo98!

@MikeMcQuaid MikeMcQuaid merged commit 03bb1ed into Homebrew:master Apr 15, 2024
26 checks passed
@Moisan Moisan deleted the pin_setup-ruby_action branch April 15, 2024 12:40
@github-actions github-actions bot added the outdated PR was locked due to age label May 16, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Bo98 Bo98 Bo98 left review comments

@carlocab carlocab carlocab approved these changes

@MikeMcQuaid MikeMcQuaid MikeMcQuaid approved these changes

Assignees
No one assigned
Labels
outdated PR was locked due to age
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Moisan @MikeMcQuaid @Bo98 @carlocab