Charlotte Brandhorst-Satzkorn (Gerrit)

unread,

Feb 25, 2026, 9:30:49 PM (2 days ago) Feb 25

to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Charlotte Brandhorst-Satzkorn has uploaded the change for review

Commit message

action.yml: pin action dependencies to full commit SHAs

In August 2025, GitHub introduced a feature which allows GitHub
repositories to enforce that Actions use SHA pinning. If enabled, all
GitHub Actions, including their transitive dependencies, must use SHA
pinning in order to be allowed to run. Switching to SHAs for our Action
dependencies allows repositories with this setting enabled to continue
using golang/govulncheck-action.

Fixes golang/go#75908

Change-Id: I0ffe9a8f56bbfd87dc50136fc35b0fc58abb4206

Change diff

diff --git a/action.yml b/action.yml
index 33fe6a6..9f5016e 100644
--- a/action.yml
+++ b/action.yml
@@ -44,8 +44,8 @@
   using: "composite"
   steps:
     - if: inputs.repo-checkout != 'false' # only explicit false prevents repo checkout
-      uses: actions/chec...@v6.0.2
-    - uses: actions/setu...@v6.2.0
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
       with:
         go-version: ${{ inputs.go-version-input }}
         check-latest: ${{ inputs.check-latest }}

Change information

Files:

M action.yml

Change size: XS

Delta: 1 file changed, 2 insertions(+), 2 deletions(-)

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

satisfied_requirement

open

diffy

Gopher Robot (Gerrit)

unread,

Feb 25, 2026, 9:33:27 PM (2 days ago) Feb 25

to Charlotte Brandhorst-Satzkorn, goph...@pubsubhelper.golang.org, Zvonimir Pavlinovic, golang-co...@googlegroups.com

Attention needed from Sean Liao and Zvonimir Pavlinovic

Message from Gopher Robot

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://go.dev/doc/contribute#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

Open in Gerrit

Related details

Attention is currently required from:

Sean Liao
Zvonimir Pavlinovic

Submit Requirements:

Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

satisfied_requirement

open

diffy

Sean Liao (Gerrit)

unread,

Feb 25, 2026, 9:47:34 PM (2 days ago) Feb 25

to Charlotte Brandhorst-Satzkorn, goph...@pubsubhelper.golang.org, Gopher Robot, Zvonimir Pavlinovic, golang-co...@googlegroups.com

Attention needed from Zvonimir Pavlinovic

Sean Liao voted

Auto-Submit	+1
Code-Review	+2
TryBot-Bypass	+1

Open in Gerrit

Related details

Attention is currently required from:

Zvonimir Pavlinovic

Submit Requirements:

Code-Review

No-Unresolved-Comments
Review-Enforcement

TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

David Chase (Gerrit)

unread,

3:46 PM (3 hours ago) 3:46 PM

to Charlotte Brandhorst-Satzkorn, goph...@pubsubhelper.golang.org, Gopher Robot, Zvonimir Pavlinovic, golang-co...@googlegroups.com

Attention needed from Charlotte Brandhorst-Satzkorn and Zvonimir Pavlinovic

David Chase voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Charlotte Brandhorst-Satzkorn
Zvonimir Pavlinovic

Submit Requirements:

Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Johan Brandhorst-Satzkorn (Gerrit)

unread,

5:01 PM (1 hour ago) 5:01 PM

to Charlotte Brandhorst-Satzkorn, goph...@pubsubhelper.golang.org, David Chase, Gopher Robot, Zvonimir Pavlinovic, golang-co...@googlegroups.com

Attention needed from Charlotte Brandhorst-Satzkorn and Zvonimir Pavlinovic

Johan Brandhorst-Satzkorn voted Code-Review+2

Code-Review

+2

Open in Gerrit

Related details

Attention is currently required from:

Charlotte Brandhorst-Satzkorn
Zvonimir Pavlinovic

Submit Requirements:

Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Reply all

Reply to author

Forward

[govulncheck-action] action.yml: pin action dependencies to full commit SHAs

Charlotte Brandhorst-Satzkorn (Gerrit)

Charlotte Brandhorst-Satzkorn has uploaded the change for review

Commit message

Change diff

Change information

Related details

Gopher Robot (Gerrit)

Message from Gopher Robot

Related details

Sean Liao (Gerrit)

Sean Liao voted

Related details

David Chase (Gerrit)

David Chase voted Code-Review+1

Related details

Johan Brandhorst-Satzkorn (Gerrit)

Johan Brandhorst-Satzkorn voted Code-Review+2

Related details