caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Github][libc] Hash Pin Actions in Workflows (#129487)

Browse Source 
This patch has pins actions in the libc Github workflows. Hash pinning
is a best practice as it ensures we are getting an exact action version,
which can help with reproducibility/reliability. It additionally
alleviates security concerns as an attacker can modify release assets,
potentially giving them access to tokens in privileged workflows.
This commit is contained in:
Aiden Grossman
2025-03-03 08:37:39 -08:00
committed by GitHub
parent 705decc860
commit c9aefe10d7
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/libc-fullbuild-tests.yml vendored
View File

@@ -30,7 +30,7 @@ jobs:
# - c_compiler: gcc
# cpp_compiler: g++
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Libc's build is relatively small comparing with other components of LLVM.
# A fresh fullbuild takes about 190MiB of uncompressed disk space, which can
@@ -39,7 +39,7 @@ jobs:
# Do not use direct GHAC access even though it is supported by sccache. GHAC rejects
# frequent small object writes.
- name: Setup ccache
uses: hendrikmuhs/ccache-action@v1.2
uses: hendrikmuhs/ccache-action@a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
with:
max-size: 1G
key: libc_fullbuild_${{ matrix.c_compiler }}

4
.github/workflows/libc-overlay-tests.yml vendored
View File

@@ -47,7 +47,7 @@ jobs:
cpp_compiler: clang++
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Libc's build is relatively small comparing with other components of LLVM.
# A fresh linux overlay takes about 180MiB of uncompressed disk space, which can
@@ -57,7 +57,7 @@ jobs:
# Do not use direct GHAC access even though it is supported by sccache. GHAC rejects
# frequent small object writes.
- name: Setup ccache
uses: hendrikmuhs/ccache-action@v1
uses: hendrikmuhs/ccache-action@a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
with:
max-size: 1G
key: libc_overlay_build_${{ matrix.os }}_${{ matrix.compiler.c_compiler }}