Skip to content

ci: update workflow action pins#64

Merged
shudonglin merged 1 commit into
mainfrom
ci/update-actions-latest
Jun 27, 2026
Merged

ci: update workflow action pins#64
shudonglin merged 1 commit into
mainfrom
ci/update-actions-latest

Conversation

@shudonglin

Copy link
Copy Markdown

提交说明 / PR Notice

Important

This PR description was AI-assisted and locally reviewed for accuracy before submission

变更描述 / Description

Updates CI workflow action references to the latest resolved release tags and pins each supported action by full commit SHA. The version comment remains beside each SHA so maintainers can audit the intended release while GitHub executes an immutable ref

变更类型 / Type of change

  • Bug 修复 (Bug fix)
  • 新功能 (New feature)
  • 性能优化 / 重构 (Refactor)
  • 文档更新 (Documentation)

关联任务 / Related Issue

  • Closes # N/A

提交前检查项 / Checklist

  • 人工确认: 我已亲自整理并撰写此描述,没有直接粘贴未经处理的 AI 输出
  • 非重复提交: 我已搜索现有的 Issues 与 PRs,确认不是重复提交
  • Bug fix 说明: This is CI maintenance, not a bug-fix PR
  • 变更理解: 我已理解这些更改的工作原理及可能影响
  • 范围聚焦: 本 PR 未包含任何与当前任务无关的代码改动
  • 本地验证: 已在本地运行并通过测试或手动验证,维护者可以据此复核结果
  • 安全合规: 代码中无敏感凭据,且符合项目代码规范

运行证明 / Proof of Work

git diff --check
ruby -e 'require "yaml"; Dir[".github/workflows/*.{yml,yaml}"].sort.each { |f| YAML.load_file(f) }; puts "workflow yaml parses"'
python3 workflow_action_pin_audit.py

Observed output: workflow yaml parses and new-api workflow action refs are SHA pinned with latest comments

@shudonglin shudonglin merged commit 7d9f1d6 into main Jun 27, 2026
5 checks passed
@shudonglin shudonglin deleted the ci/update-actions-latest branch June 27, 2026 15:17

@shudonglin shudonglin left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Post-merge review note from the gateway release pass.

Reviewed as part of the production deployment verification. CI passed before merge, the New API image was built and deployed successfully, production Terraform converged, live Cloud Run traffic is on the merged New API image tag, and post-deploy smoke/log checks passed. No follow-up blocker found in this PR during release verification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant