Pin checkout to commit. Don't persist creds if not needed by ShaharNaveh · Pull Request #7430 · RustPython/RustPython
📝 Walkthrough
Walkthrough
GitHub Actions workflows across six configuration files are updated to pin the checkout action to a specific commit hash (v6.0.2) instead of using the floating v6 tag, while adding or modifying persist-credentials configuration to control credential handling.
Changes
| Cohort / File(s) | Summary |
|---|---|
GitHub Actions Checkout Pinning (persist-credentials: false) .github/workflows/ci.yaml, .github/workflows/cron-ci.yaml, .github/workflows/lib-deps-check.yaml, .github/workflows/pr-format.yaml, .github/workflows/release.yml |
Replaces actions/checkout@v6 with pinned commit actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 and adds with: persist-credentials: false to disable credential persistence across multiple workflow jobs. |
Checkout Version Bump (persist-credentials: true) .github/workflows/update-doc-db.yml |
Updates checkout action from v6.0.1 to v6.0.2 with pinned commit hash and adds with: persist-credentials: true in both generate and merge jobs to enable credential persistence. |
Estimated code review effort
🎯 2 (Simple) | ⏱️ ~10 minutes
Poem
🐰 A checkout pin, so precise and tight,
Credentials guarded left and right,
Workflows locked to v-six-point-two,
Security measures fresh and new! ✨
🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
| Check name | Status | Explanation |
|---|---|---|
| Description Check | ✅ Passed | Check skipped - CodeRabbit’s high-level summary is enabled. |
| Title check | ✅ Passed | The title accurately summarizes the main changes: pinning the checkout action to a specific commit hash across all workflows and disabling credential persistence where unnecessary. |
| Docstring Coverage | ✅ Passed | No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check. |
✏️ Tip: You can configure your own custom pre-merge checks in the settings.
✨ Finishing Touches
🧪 Generate unit tests (beta)
- Create PR with unit tests
- Post copyable unit tests in a comment
📝 Coding Plan
- Generate coding plan for human review comments
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
Comment @coderabbitai help to get the list of available commands and usage tips.