Skip to content

[CI] Stop specifying hash for actions/* GitHub Actions #48326

@kou

Description

@kou

Describe the enhancement requested

I don't know why but Dependabot sometimes failed to update hash of GitHub Actions.

For example: #48301

The ASF's GitHub Actions policy https://infra.apache.org/github-actions-policy.html requires pinning external actions but there is no such restriction for actions/*:

External actions

You MAY use all actions internal to the apache/*, github/* and actions/* namespaces without restrictions.

You MUST pin all external actions to the specific git hash (SHA1) of the action that has been reviewed for use by the project. For instance, you MUST pin foobar/baz-action@8843d7f92416211de9ebb963ff4ce28125932878.

How about removing hash from all actions/* GitHub Actions?

Component(s)

Continuous Integration

Metadata

Metadata

Assignees

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions