ci: pin GitHub Actions SHAs and harden repo settings alignment#93
ci: pin GitHub Actions SHAs and harden repo settings alignment#93
Conversation
16ad907 to
67d1333
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 16ad907dff
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| - name: Install Rust 1.77 | ||
| uses: dtolnay/rust-toolchain@1.77.0 | ||
| uses: dtolnay/rust-toolchain@0ed6b4757d4e63d7920abe758134858e95c8215f |
There was a problem hiding this comment.
Keep the MSRV toolchain explicit after SHA pinning
The msrv job used to request Rust 1.77.0 via dtolnay/rust-toolchain@1.77.0, but after switching to a commit SHA there is no with: toolchain: 1.77.0 input, so this step is no longer explicitly tied to the declared MSRV and can either install a different channel or fail depending on action default behavior. That means MSRV regressions may slip through CI (or CI may break) while the job still appears to be validating 1.77.
Useful? React with 👍 / 👎.
Summary
Security
Validation