Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚀 Feature: Disable pinDigests for Renovate #1897

Closed
2 tasks done
JoshuaKGoldberg opened this issue Jan 16, 2025 · 1 comment
Closed
2 tasks done

🚀 Feature: Disable pinDigests for Renovate #1897

JoshuaKGoldberg opened this issue Jan 16, 2025 · 1 comment
Labels
status: accepting prs Please, send a pull request to resolve this! type: feature New enhancement or request

Comments

@JoshuaKGoldberg
Copy link
Owner

JoshuaKGoldberg commented Jan 16, 2025
edited
Loading

Bug Report Checklist

Overview

Following #1894 & #1895: I don't want GHA digests to be pinned. It's annoying and I want to stick with semver.

Additional Info

I understand the value in preserving commit hashes. It's good for security to ensure they can't be tampered with; it prevents accidental changes over time; etc. - https://docs.renovatebot.com/docker.

But I don't find those arguments persuasive enough to turn on these updates by default in all CTA repos. A big point of CTA is to make friendly, readable config files. Big ole hashes in GHA files is not that.

💖
@JoshuaKGoldberg JoshuaKGoldberg added status: accepting prs Please, send a pull request to resolve this! type: feature New enhancement or request labels Jan 16, 2025
@JoshuaKGoldberg JoshuaKGoldberg self-assigned this Jan 16, 2025
@JoshuaKGoldberg JoshuaKGoldberg removed their assignment Mar 7, 2025
@JoshuaKGoldberg
Copy link
Owner Author

Ehh, on second thought, I think this is good to stay. Pinning to hashes is a legitimate security concern. If someone feels strongly about this, please respond here and we can discuss. 🙂

@JoshuaKGoldberg JoshuaKGoldberg closed this as not planned Won't fix, can't repro, duplicate, stale Mar 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: accepting prs Please, send a pull request to resolve this! type: feature New enhancement or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JoshuaKGoldberg