Skip to content

fix(cd): pinning action version for security#17075

Merged
ChronosSF merged 10 commits intomasterfrom
sstoychev/pinning-repo-dispatch
Mar 27, 2026
Merged

fix(cd): pinning action version for security#17075
ChronosSF merged 10 commits intomasterfrom
sstoychev/pinning-repo-dispatch

Conversation

@ChronosSF
Copy link
Copy Markdown
Member

@ChronosSF ChronosSF commented Mar 23, 2026
edited
Loading

Closes #

Additional information (check all that apply):

  • Bug fix
  • New functionality
  • Documentation
  • Demos
  • CI/CD

Checklist:

  • All relevant tags have been applied to this PR
  • This PR includes unit tests covering all the new code (test guidelines)
  • This PR includes API docs for newly added methods/properties (api docs guidelines)
  • This PR includes feature/README.MD updates for the feature docs
  • This PR includes general feature table updates in the root README.MD
  • This PR includes CHANGELOG.MD updates for newly added functionality
  • This PR contains breaking changes
  • This PR includes ng update migrations for the breaking changes (migrations guidelines)
  • This PR includes behavioral changes and the feature specification has been updated with them

@ChronosSF ChronosSF requested review from Copilot and kdinev March 23, 2026 13:21
Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins a GitHub Action reference in the licensed release trigger workflow to a commit SHA to reduce supply-chain risk in CI/CD.

Changes:

  • Replaces peter-evans/repository-dispatch@v3 with a specific commit SHA in the licensed release dispatch workflow.

Comment thread .github/workflows/trigger-licensed-release.yml Outdated
Copilot AI mentioned this pull request Mar 23, 2026
Closed
@IgniteUI IgniteUI deleted a comment from Copilot AI Mar 23, 2026
@ChronosSF ChronosSF requested a review from dobromirts March 24, 2026 15:20
@dafo dafo self-requested a review March 24, 2026 16:01
dafo
dafo previously approved these changes Mar 24, 2026
View reviewed changes
kdinev
kdinev requested changes Mar 27, 2026
View reviewed changes
Comment thread .github/workflows/trigger-licensed-release.yml
@kdinev kdinev requested a review from Copilot March 27, 2026 10:19
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

kdinev and others added 2 commits March 27, 2026 12:24
github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 27, 2026
View reviewed changes
Comment thread .github/workflows/trigger-licensed-release.yml Fixed
@ChronosSF ChronosSF requested a review from kdinev March 27, 2026 10:52
@ChronosSF ChronosSF merged commit fbea76b into master Mar 27, 2026
6 checks passed
@ChronosSF ChronosSF deleted the sstoychev/pinning-repo-dispatch branch March 27, 2026 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dafo dafo dafo left review comments

@turbobobbytraykov turbobobbytraykov Awaiting requested review from turbobobbytraykov

@dobromirts dobromirts Awaiting requested review from dobromirts

@kdinev kdinev Awaiting requested review from kdinev

Assignees

No one assigned

Labels

version: 21.2.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ChronosSF @kdinev @dafo @github-advanced-security