Skip to content

Pin reusable workflow refs to gha/v1#842

Merged
jakebromberg merged 1 commit into
mainfrom
pin-gha-v1
May 12, 2026
Merged

Pin reusable workflow refs to gha/v1#842
jakebromberg merged 1 commit into
mainfrom
pin-gha-v1

Conversation

@jakebromberg
Copy link
Copy Markdown
Member

@jakebromberg jakebromberg commented May 12, 2026

Summary

Pins reusable workflow refs from @main to the new gha/v1 stability tags on wxyc-shared / wxyc-etl, and passes the matching *-ref input so the inner script checkout in each reusable workflow stays pinned (default was main).

Why

Before this PR, a push to wxyc-shared/main or wxyc-etl/main would cascade into this repo's CI with this repo's secrets. The new gha/v1 stability tags provide a pin-able ref. Tag policy: gha/v1 moves for non-breaking updates; gha/v2 for breaking changes.

Project

Part of GitHub Actions Supply-Chain Hardening, Phase 2.

Test plan

  • Reusable-workflow jobs still pass after merge.

@jakebromberg
pin reusable workflow refs from @main to @gha/v1
0ef1cf4 
Pins WXYC/wxyc-shared (and/or WXYC/wxyc-etl) reusable workflow
invocations to the gha/v1 stability tag instead of floating @main
refs. Also passes wxyc-shared-ref / wxyc-etl-ref inputs so the
inner script-checkout step in each reusable workflow stays on
gha/v1 instead of defaulting to main.

Part of org project: GitHub Actions Supply-Chain Hardening
(https://github.com/orgs/WXYC/projects/31), Phase 2.
@jakebromberg jakebromberg merged commit 317483c into main May 12, 2026
6 checks passed
@jakebromberg jakebromberg deleted the pin-gha-v1 branch May 12, 2026 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jakebromberg