Skip to content

Pin dependencies#286

Open
plengauer wants to merge 1 commit into
mainfrom
renovate/pin-dependencies
Open

Pin dependencies#286
plengauer wants to merge 1 commit into
mainfrom
renovate/pin-dependencies

Conversation

@plengauer
Copy link
Copy Markdown
Owner

@plengauer plengauer commented Apr 12, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action pinDigest de0fac2
actions/create-release action pinDigest 0cb9c9b
actions/deploy-pages action pinDigest cd2ce8f
actions/download-artifact action pinDigest 3e5f45b
actions/upload-artifact action pinDigest 043fb46
actions/upload-pages-artifact action pinDigest 7b1f4a7
actions/upload-release-asset action pinDigest e8f9f06
plengauer/autorerun action pinDigest 62c1a8d
plengauer/autoversion action pinDigest 075d985
plengauer/create-deb-repository action pinDigest a4d6f97
plengauer/opentelemetry-github action pinDigest fb367b6
renovatebot/github-action action pinDigest abd08c7

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@plengauer plengauer requested a review from moflwi as a code owner April 12, 2026 03:34
@plengauer plengauer enabled auto-merge (squash) April 12, 2026 03:34
Copilot AI review requested due to automatic review settings April 12, 2026 03:34
Copilot AI reviewed Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Pins GitHub Actions used across workflows to specific commit digests to improve supply-chain security and ensure deterministic CI/CD runs.

Changes:

  • Replace version-tagged uses: references with full commit SHAs across workflows.
  • Add inline comments preserving the original action version alongside the pinned digest.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/workflows/renovate.yml Pins renovatebot/github-action to a specific commit SHA.
.github/workflows/publish.yml Pins Pages deploy and deb repo actions to specific commit SHAs.
.github/workflows/observability_deploy.yml Pins OpenTelemetry instrumentation actions to a specific commit SHA.
.github/workflows/observability.yml Pins OpenTelemetry workflow instrumentation action to a specific commit SHA.
.github/workflows/ci.yml Pins checkout, artifact, and release-related actions to specific commit SHAs.
.github/workflows/autoversion.yml Pins plengauer/autoversion to a specific commit SHA.
.github/workflows/autorerun.yaml Pins plengauer/autorerun to a specific commit SHA.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@moflwi moflwi Awaiting requested review from moflwi moflwi is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@plengauer @renovate-bot