Skip to content

Add GitHub Action SHA validation to CI#321

Merged
cjimti merged 3 commits intomasterfrom
ci/validate-action-shas
Dec 27, 2025
Merged

Add GitHub Action SHA validation to CI#321
cjimti merged 3 commits intomasterfrom
ci/validate-action-shas

Conversation

@cjimti
Copy link
Copy Markdown
Member

@cjimti cjimti commented Dec 27, 2025

Description

Adds a script and CI job to validate that all SHA-pinned GitHub Actions reference valid commits. Prevents CI failures from typos in SHA hashes.

Changes:

  • scripts/validate-action-shas.sh - Parses workflow files and validates SHAs via GitHub API
  • New validate-actions CI job that runs on every push/PR

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • Test improvement (new or updated tests)
  • Documentation update
  • Stability/performance improvement
  • Build/CI improvement

Note: New features are developed by maintainers only. See CONTRIBUTING.md for details.

Related Issues

Prevents issues like PR #308 where an invalid SHA caused CI failures.

Testing

  • Ran go test ./... locally
  • Tested manually with a Kubernetes cluster
  • Added new tests for changes (if applicable)

Script validation:

$ ./scripts/validate-action-shas.sh
Validating GitHub Action SHA pins...

✓ actions/checkout@11bd71901... (.github/workflows/ci.yml)
✓ actions/setup-go@3041bf56c... (.github/workflows/ci.yml)
...

All SHA pins are valid

Checklist

  • My code follows the project's style guidelines (go fmt, go vet)
  • I have read CONTRIBUTING.md
  • I have updated documentation if needed
  • This PR is focused and does not include unrelated changes

Screenshots/Logs (if applicable)

Example failure output (invalid SHA):

✗ codecov/codecov-action@1e68e06... - SHA not found! (.github/workflows/ci.yml)

Found 1 invalid SHA(s)

cjimti and others added 2 commits December 27, 2025 00:29
@cjimti @claude
Add GitHub Action SHA validation to CI
bca9387 
Adds a script and CI job to validate that all SHA-pinned GitHub Actions
reference valid commits. Prevents CI failures from typos in SHA hashes.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@cjimti
Merge branch 'master' into ci/validate-action-shas
721df5b
@codecov
Copy link
Copy Markdown

codecov Bot commented Dec 27, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.42%. Comparing base (0174c41) to head (4e36051).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #321   +/-   ##
=======================================
  Coverage   59.42%   59.42%           
=======================================
  Files          38       38           
  Lines        4318     4318           
=======================================
  Hits         2566     2566           
  Misses       1620     1620           
  Partials      132      132
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@cjimti cjimti merged commit 7e0bd98 into master Dec 27, 2025
10 of 11 checks passed
@cjimti cjimti deleted the ci/validate-action-shas branch December 27, 2025 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cjimti