Skip to content

Pin ready-to-merge.yml reusable workflow to commit SHA#27204

Merged
TravisEz13 merged 3 commits intomasterfrom
copilot/pin-ready-to-merge-workflow-sha
Apr 7, 2026
Merged

Pin ready-to-merge.yml reusable workflow to commit SHA#27204
TravisEz13 merged 3 commits intomasterfrom
copilot/pin-ready-to-merge-workflow-sha

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 7, 2026
edited
Loading

  • Pin ready-to-merge.yml reference in linux-ci.yml to commit SHA c8b3ad5819ad7078f3e375519b4f8c6232d1cbdf # v1.0.0
  • Pin ready-to-merge.yml reference in windows-ci.yml to the same SHA
  • Pin ready-to-merge.yml reference in macos-ci.yml to the same SHA
Original prompt

Create a pull request in PowerShell/PowerShell to pin the GitHub Actions reusable workflow reference for ready-to-merge.yml to a specific commit SHA instead of the v1.0.0 tag.

Context:

  • Current file: .github/workflows/linux-ci.yml
  • There is a uses: step for PowerShell/compliance/.github/workflows/[email protected].

Required change:

  • Update that uses: reference to use a full commit SHA (the commit that corresponds to v1.0.0).
  • Keep a trailing comment indicating the original tag, e.g. # v1.0.0.

Acceptance criteria:

  • Workflow reference is pinned to a commit SHA (not a tag).
  • CI config remains valid YAML.
  • PR contains only the minimal change needed.
  • PR title: "Pin ready-to-merge.yml reusable workflow to commit SHA" (or similar).

Example target line (already shown in the diff the user referenced):

  • uses: PowerShell/compliance/.github/workflows/ready-to-merge.yml@c8b3ad5819ad7078f3e375519b4f8c6232d1cbdf # v1.0.0

Pull request to create these changes against the default branch.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: create a PR to pin the ready-to-merge.yml to a commit instead of a tag

Assistant: I’m currently waiting on your approval/confirmation from the PR-creation prompt—once you accept it, I can proceed to open the pull request that pins ready-to-merge.yml to a specific commit SHA instead of the v1.0.0 tag.

This pull request was created from Copilot chat.

Copilot AI changed the title [WIP] Pin ready-to-merge.yml reusable workflow to commit SHA Pin ready-to-merge.yml reusable workflow to commit SHA Apr 7, 2026
Copilot AI requested a review from TravisEz13 April 7, 2026 21:25
@TravisEz13 TravisEz13 marked this pull request as ready for review April 7, 2026 21:30
@TravisEz13 TravisEz13 requested review from a team and jshigetomi as code owners April 7, 2026 21:30
Copilot AI review requested due to automatic review settings April 7, 2026 21:30
@TravisEz13 TravisEz13 added the CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log label Apr 7, 2026
Copilot AI reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves GitHub Actions supply-chain security by pinning the PowerShell/compliance reusable workflow reference for ready-to-merge.yml to an immutable commit SHA (while preserving the original v1.0.0 tag as a comment) across all OS CI workflows.

Changes:

  • Update ready-to-merge.yml reusable workflow reference from @v1.0.0 to @c8b3ad5819ad7078f3e375519b4f8c6232d1cbdf in Linux CI.
  • Update the same reference in Windows CI.
  • Update the same reference in macOS CI.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.github/workflows/linux-ci.yml Pins ready-to-merge.yml reusable workflow to a commit SHA (keeps # v1.0.0 comment).
.github/workflows/windows-ci.yml Pins ready-to-merge.yml reusable workflow to the same commit SHA (keeps # v1.0.0 comment).
.github/workflows/macos-ci.yml Pins ready-to-merge.yml reusable workflow to the same commit SHA (keeps # v1.0.0 comment).

@TravisEz13 TravisEz13 enabled auto-merge (squash) April 7, 2026 21:33
@TravisEz13 TravisEz13 merged commit 58b00b5 into master Apr 7, 2026
46 of 48 checks passed
@daxian-dbw daxian-dbw deleted the copilot/pin-ready-to-merge-workflow-sha branch April 9, 2026 07:13
@daxian-dbw daxian-dbw mentioned this pull request Apr 9, 2026
Merged
9 tasks
daxian-dbw pushed a commit to daxian-dbw/PowerShell that referenced this pull request Apr 9, 2026
@TravisEz13 @daxian-dbw
Pin ready-to-merge.yml reusable workflow to commit SHA (PowerShell#27204
656af96 
)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: TravisEz13 <[email protected]>
@daxian-dbw daxian-dbw mentioned this pull request Apr 9, 2026
Merged
9 tasks
daxian-dbw pushed a commit to daxian-dbw/PowerShell that referenced this pull request Apr 9, 2026
@TravisEz13 @daxian-dbw
Pin ready-to-merge.yml reusable workflow to commit SHA (PowerShell#27204
a633749 
)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: TravisEz13 <[email protected]>
@daxian-dbw daxian-dbw mentioned this pull request Apr 9, 2026
Merged
9 tasks
daxian-dbw pushed a commit to daxian-dbw/PowerShell that referenced this pull request Apr 9, 2026
@TravisEz13 @daxian-dbw
Pin ready-to-merge.yml reusable workflow to commit SHA (PowerShell#27204
a432c06 
)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: TravisEz13 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@daxian-dbw daxian-dbw daxian-dbw approved these changes

@jshigetomi jshigetomi Awaiting requested review from jshigetomi jshigetomi is a code owner

+1 more reviewer

@TravisEz13 TravisEz13 TravisEz13 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@TravisEz13 TravisEz13

Copilot code review Copilot

Labels

Backport-7.4.x-Done Backport-7.5.x-Done Backport-7.6.x-Done CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@daxian-dbw @TravisEz13