Referencing the current sha, not master for running the solution vers…

[tmikula-dev]

Overview

This pull request makes a small update to the .github/workflows/aquasec-scan.yml workflow. The change ensures that the actions/checkout step checks out the workflow repository at the specific commit SHA associated with the current job, rather than always using the master branch.

• Updated the ref for actions/checkout in .github/workflows/aquasec-scan.yml to use ${{ github.job_workflow_sha }} instead of master, ensuring the workflow uses the exact commit of the workflow file being executed.

Release Notes

• Fixing that the workflow always runs the SHA version that triggers the flow.

Related

Closes #43

Summary by CodeRabbit

• Chores
  • Updated the CI/CD workflow to reference a specific version of shared workflows instead of the master branch, improving consistency in security scanning operations.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 325606dd-ee0c-42ca-8921-3575312af541

📥 Commits

Reviewing files that changed from the base of the PR and between f10a73e and db239a6.

📒 Files selected for processing (1)

• .github/workflows/aquasec-scan.yml

---

Walkthrough

The workflow file now references the current job's commit SHA (github.job_workflow_sha) instead of the master branch when checking out the AbsaOSS/organizational-workflows repository. This ensures the workflow uses the specific released version's commit rather than always executing against the latest master.

Changes

Cohort / File(s)	Summary
Workflow Configuration .github/workflows/aquasec-scan.yml	Updated sync-alerts-to-issues job to use github.job_workflow_sha instead of master branch reference for repository checkout, pinning execution to the specific workflow commit.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A rabbit hops through CI lanes,
No more chasing the master's manes!
Each release now holds its ground,
With SHA-pinned workflows bound.
Versions dance on solid stone,
No phantom master on the phone! 🐇

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/43-pinned-version-run-master

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

The base branch was changed.