Feeling Lucky
PR-5.4-dev
[#47688] - [5.4][CI] Update GitHub Actions - pin SHA instead of mutable tag
- Ready to Commit
- Medium
- Build: 5.4-dev
- # 47688
- Diff
- LadySolveig:5.4/pin-actions-sha
User tests: Successful: Unsuccessful:
Pull Request resolves # .
- I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.
Summary of Changes
Pin actions by commit SHA.
Git, tags are mutable — they can be silently repointed to a different commit without any visible change to the release page, the tag name, or the published dates.
Why this matters- see: https://www.crowdstrike.com/en-us/blog/from-scanner-to-stealer-inside-the-trivy-action-supply-chain-compromise/
Testing Instructions
Only CI - Review
Actual result BEFORE applying this Pull Request
CI works
Expected result AFTER applying this Pull Request
CI works
Link to documentations
Please select:
-
Documentation link for guide.joomla.org:
-
No documentation changes for guide.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Repository |
| Labels |
Added:
PR-5.4-dev
|
||
| Status | Pending | ⇒ | Ready to Commit |
richard67
- comment
- 26 Apr 2026
RTC as it has 2 approvals by maintainers.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47688.
RTC as it has 2 approvals by maintainers.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47688.