Skip to content

improve: pin GitHub Actions in publish.yml to SHA commit hashes for supply-chain security#42

Merged
Coding-Dev-Tools merged 1 commit into
masterfrom
improve/datamorph-20260702
Jul 2, 2026
Merged

improve: pin GitHub Actions in publish.yml to SHA commit hashes for supply-chain security#42
Coding-Dev-Tools merged 1 commit into
masterfrom
improve/datamorph-20260702

Conversation

@Coding-Dev-Tools

Copy link
Copy Markdown
Owner

Automated improvement by dev-engineer.

  • Pinned actions/checkout, actions/setup-python, and pypa/gh-action-pypi-publish to SHA commit hashes (consistent with ci.yml and pages.yml which already use SHA pins)
  • Prevents supply-chain attacks from tag-mutation on these actions

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

🤖 Automated Code Review

✅ Ruff Lint — No issues

⚠️ Ruff Format — Formatting needed

Would reformat: conftest.py
Would reformat: src/datamorph/cli.py
Would reformat: src/datamorph/converters.py
Would reformat: tests/test_cli_error_paths.py
Would reformat: tests/test_converters.py
Would reformat: tests/test_edge_cases.py
Would reformat: tests/test_validate.py
7 files would be reformatted, 2 files already formatted

✅ Secret Detection — Clean

✅ Large Files — Within limits

📊 Diff Stats — 1 file(s) changed

 .github/workflows/publish.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Verdict: ⚠️ Warnings — Lint/format issues found. Recommend fixing before merge.

Automated by Coding-Dev-Tools/.github reusable workflow.

@Coding-Dev-Tools Coding-Dev-Tools merged commit ab52bb7 into master Jul 2, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant