Skip to content

Pin Alpine checkout path to immutable checkout@v4 SHA in verify_install workflow#799

Merged
tammy-baylis-swi merged 3 commits into
copilot/codeql-fixes-june2026from
copilot/fix-checkout-alpine-hostname
Jun 29, 2026
Merged

Pin Alpine checkout path to immutable checkout@v4 SHA in verify_install workflow#799
tammy-baylis-swi merged 3 commits into
copilot/codeql-fixes-june2026from
copilot/fix-checkout-alpine-hostname

Conversation

Copilot AI commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

The review feedback called out that Alpine-specific checkout handling should be explicitly pinned to a valid actions/checkout@v4 commit SHA. This updates only that Alpine path in verify_install to match the requested pinning behavior.

  • Workflow change

    • Updated .github/workflows/verify_install.yaml for the Alpine < 3.17 conditional checkout step.
    • Replaced the prior SHA on the Alpine branch with the requested immutable SHA:
      • 08eba0b27e820071cde6df949e0beb9ba4906955
  • Scope

    • No other workflow branches or jobs were modified.
    • Change is limited to the review-commented Alpine checkout path.
# Use checkout@v4 for Alpine versions < 3.17 that don't support Node.js 24
- if: contains(matrix.hostname, 'alpine3.13') || contains(matrix.hostname, 'alpine3.14') || contains(matrix.hostname, 'alpine3.15') || contains(matrix.hostname, 'alpine3.16')
  uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955

Copilot AI changed the title [WIP] Fix checkout pinning for Alpine hostname Pin Alpine checkout path to immutable checkout@v4 SHA in verify_install workflow Jun 29, 2026
Copilot AI requested a review from tammy-baylis-swi June 29, 2026 21:30
@tammy-baylis-swi tammy-baylis-swi marked this pull request as ready for review June 29, 2026 21:33
@tammy-baylis-swi tammy-baylis-swi requested review from a team as code owners June 29, 2026 21:33
@tammy-baylis-swi

Copy link
Copy Markdown
Contributor

This corresponds with to checkout v4.1.7: https://github.com/actions/checkout/releases?page=2#release-v4.1.7

@copilot Change to v4.3.1 via 08eba0b27e820071cde6df949e0beb9ba4906955

Copilot AI commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

This corresponds with to checkout v4.1.7: https://github.com/actions/checkout/releases?page=2#release-v4.1.7

@copilot Change to [v4.3.1](https://github.com/actions/checkout/releases?page=1#releas...

Updated in commit 950d169 to use actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 for the Alpine checkout path.

Copilot AI requested a review from tammy-baylis-swi June 29, 2026 21:40
@tammy-baylis-swi tammy-baylis-swi merged commit 8507cb9 into copilot/codeql-fixes-june2026 Jun 29, 2026
49 checks passed
tammy-baylis-swi pushed a commit that referenced this pull request Jun 29, 2026
…permissions (#795)

* Pin GitHub Actions to commit SHAs in workflows

* Add explicit workflow permissions and fix pull_request trigger keys

* Pin Alpine checkout path to immutable checkout@v4 SHA in verify_install workflow (#799)

* Initial plan

* Pin Alpine checkout path to checkout v4 SHA

* Update Alpine checkout pin to requested SHA

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants