Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin CodeQL workflow dependencies #363

Merged
merged 6 commits into from
Mar 11, 2024
Merged

Pin CodeQL workflow dependencies #363

merged 6 commits into from
Mar 11, 2024

Conversation

fxamacker
Copy link
Member

@fxamacker fxamacker commented Dec 20, 2023
edited
Loading

Closes #362

Pinned all the CodeQL workflow dependencies.

This doesn't create manual maintenance chore because dependabot can automatically update pinned versions like this:

  • Targeted PR against main branch
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work
  • Code follows the standards mentioned here
  • Updated relevant documentation (code comments)
  • Re-reviewed Files changed in the Github PR explorer
  • Added appropriate labels

@fxamacker
Pin actions/checkout to b4ffde6 (v4.1.1)
c88d54c 
Bump actions/checkout from v3 to v4.1.1 and pin it.
@fxamacker fxamacker added the CI CI and GitHub Actions Workflows label Dec 20, 2023
@fxamacker
Pin actions/setup-go to 93397be (v4.1.0), bump Go
d6ea896 
Pin actions/setup and bump Go from 1.19 to 1.20.
@codecov-commenter
Copy link

codecov-commenter commented Dec 20, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (1e6ec55) 64.93% compared to head (0267332) 65.05%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #363      +/-   ##
==========================================
+ Coverage   64.93%   65.05%   +0.12%     
==========================================
  Files          14       14              
  Lines        8811     8811              
==========================================
+ Hits         5721     5732      +11     
+ Misses       2356     2345      -11     
  Partials      734      734

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@fxamacker
Pin codeql-action init, autobuild, and analyze
ade4cac 
Pinned:

codeql-action/init@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5

codeql-action/autobuild@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5

codeql-action/analyze@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5
@fxamacker fxamacker mentioned this pull request Dec 20, 2023
Closed
@fxamacker fxamacker mentioned this pull request Feb 18, 2024
Closed
@fxamacker fxamacker self-assigned this Mar 6, 2024
@fxamacker fxamacker merged commit 29b684b into main Mar 11, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ramtinms ramtinms ramtinms approved these changes

@turbolent turbolent Awaiting requested review from turbolent turbolent is a code owner

Assignees

@fxamacker fxamacker

Labels
CI CI and GitHub Actions Workflows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pin dependencies in CodeQL workflow
3 participants
@fxamacker @codecov-commenter @ramtinms