Community & Support: LinkedIn Group · Slack #project-nest
Active project leaders: Arkadii Yakovets -- GitHub · LinkedIn · Slack; Kate Golovanova -- GitHub · LinkedIn · Slack
Contributing · Code of Conduct · GSoC Mentors
Describe the solution you'd like
Recently, we pinned all GitHub Actions workflows to commit SHAs for improved security and reproducibility. While this is the recommended best practice, it reduces visibility into which version of an action is actually being used.
For every SHA-pinned action, include the corresponding version tag as a comment:
This provides:
- human-readable version context
- easier debugging and auditing
- better clarity when Dependabot proposes updates
Acceptance Criteria
- All SHA-pinned GitHub Actions include a version comment
- Comments follow a consistent format (e.g., # vX.Y.Z)
- No functional changes to workflows
Are you going to work on implementing this?
Community & Support: LinkedIn Group · Slack #project-nest
Active project leaders: Arkadii Yakovets -- GitHub · LinkedIn · Slack; Kate Golovanova -- GitHub · LinkedIn · Slack
Contributing · Code of Conduct · GSoC Mentors
Describe the solution you'd like
Recently, we pinned all GitHub Actions workflows to commit SHAs for improved security and reproducibility. While this is the recommended best practice, it reduces visibility into which version of an action is actually being used.
For every SHA-pinned action, include the corresponding version tag as a comment:
This provides:
Acceptance Criteria
Are you going to work on implementing this?