[#47688] - [5.4][CI] Update GitHub Actions - pin SHA instead of mutable tag
- Fixed in Code Base
- 28 Apr 2026
- Medium
- Build: 5.4-dev
- # 47688
- Diff
- LadySolveig:5.4/pin-actions-sha
User tests: Successful: Unsuccessful:
Pull Request resolves # .
- I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.
Summary of Changes
Pin actions by commit SHA.
Git, tags are mutable — they can be silently repointed to a different commit without any visible change to the release page, the tag name, or the published dates.
Why this matters- see: https://www.crowdstrike.com/en-us/blog/from-scanner-to-stealer-inside-the-trivy-action-supply-chain-compromise/
Testing Instructions
Only CI - Review
Actual result BEFORE applying this Pull Request
CI works
Expected result AFTER applying this Pull Request
CI works
Link to documentations
Please select:
-
Documentation link for guide.joomla.org:
-
No documentation changes for guide.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Repository |
| Labels |
Added:
PR-5.4-dev
|
||
| Status | Pending | ⇒ | Ready to Commit |
RTC as it has 2 approvals by maintainers.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47688.
| Labels |
Added:
RTC
|
||
✅ Final check berfore merge: All CI checks have passed
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2026-04-28 11:36:22 |
| Closed_By | ⇒ | muhme |
Thank you very much @LadySolveig for your contribution. Thanks to @tecpromotion, @SniperSister and @richard67 for review.
RTC as it has 2 approvals by maintainers.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47688.