close
Skip to content

CI: Pin GHA dependencies#378

Merged
ockham merged 1 commit intotrunkfrom
ci/pin-gha-versions
Mar 10, 2026
Merged

CI: Pin GHA dependencies#378
ockham merged 1 commit intotrunkfrom
ci/pin-gha-versions

Conversation

@ockham
Copy link
Contributor

@ockham ockham commented Mar 10, 2026

Per GHA guidelines: https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions

(Strictly speaking, it might not be necessary for actions provided by GH itself, i.e. anything with an action/ prefix. For consistency's sake, and in line with Gutenberg's practice, I'm pinning all GHA dependencies. Dependabot should be able to update them regardless.)

@ockham ockham self-assigned this Mar 10, 2026
@github-actions
Copy link

github-actions bot commented Mar 10, 2026

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props bernhard-reiter.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@codecov
Copy link

codecov bot commented Mar 10, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.27%. Comparing base (0847409) to head (baa4646).
⚠️ Report is 1 commits behind head on trunk.

Additional details and impacted files 
@@             Coverage Diff              @@
##              trunk     #378      +/-   ##
============================================
- Coverage     53.55%   53.27%   -0.29%     
  Complexity     4419     4419              
============================================
  Files           298      298              
  Lines         39448    39448              
============================================
- Hits          21128    21014     -114     
- Misses        18320    18434     +114
Flag Coverage Δ
e2e-js 45.71% <ø> (-0.02%) ⬇️
e2e-php 41.51% <ø> (-0.54%) ⬇️
javascript 15.07% <ø> (ø)
phpunit 29.96% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ockham ockham changed the title CI: Pin GHA dependency versions CI: Pin GHA dependencies Mar 10, 2026
@ockham ockham merged commit 94a01f7 into trunk Mar 10, 2026
15 of 17 checks passed
@ockham ockham deleted the ci/pin-gha-versions branch March 10, 2026 14:00
This was referenced Mar 10, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ockham ockham

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ockham