Skip to content

Pin setup-node action to a commit hash#7495

Merged
youknowone merged 3 commits intoRustPython:mainfrom
ShaharNaveh:setup-node-pin
Mar 25, 2026
Merged

Pin setup-node action to a commit hash#7495
youknowone merged 3 commits intoRustPython:mainfrom
ShaharNaveh:setup-node-pin

Conversation

@ShaharNaveh
Copy link
Contributor

@ShaharNaveh ShaharNaveh commented Mar 24, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated CI/CD build configuration for improved consistency and reliability in the development pipeline.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 24, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: f64d73a3-d1e9-4b20-94f7-cb2d59a4a001

📥 Commits

Reviewing files that changed from the base of the PR and between 0270247 and 4aaa661.

📒 Files selected for processing (1)
  • .github/workflows/ci.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/ci.yaml
📝 Walkthrough

Walkthrough

A GitHub Actions step in the wasm job is updated to pin the Node.js setup action from a floating version tag (v6) to a specific commit hash (53b83947a5a98c8d113130e565377fae1a50d02f, corresponding to v6.3.0), ensuring reproducible and consistent workflow behavior.

Changes

Cohort / File(s) Summary
GitHub Actions Version Pinning
.github/workflows/ci.yaml		 Node.js setup action pinned to specific commit hash in wasm job for improved reproducibility and security.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Suggested reviewers

  • youknowone

Poem

🐰 A version floated in the air so free,
Now pinned to commit—precise as can be!
Reproducible runs, no surprises in sight,
Our workflows are locked and forever so tight! 🔒

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically describes the main change: pinning the setup-node action to a commit hash, which matches the actual modification in .github/workflows/ci.yaml.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 24, 2026
View reviewed changes
@ShaharNaveh
Copy link
Contributor Author

ShaharNaveh commented Mar 24, 2026
edited
Loading

Security failures are unrelated to this PR

@ShaharNaveh
Copy link
Contributor Author

ShaharNaveh commented Mar 24, 2026
edited
Loading

Security failures are unrelated to this PR

Should be fixed at 0270247 (wasn't related to changes in this PR)

changes to release. yml are now proposed at #7499

@youknowone youknowone merged commit 211649d into RustPython:main Mar 25, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@youknowone youknowone youknowone approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ShaharNaveh @youknowone