Skip to content

Add mise version+sha256 pinning to CI#1070

Merged
zeitlinger merged 3 commits into
mainfrom
add-mise-version-pinning
Mar 3, 2026
Merged

Add mise version+sha256 pinning to CI#1070
zeitlinger merged 3 commits into
mainfrom
add-mise-version-pinning

Conversation

@zeitlinger
Copy link
Copy Markdown
Member

@zeitlinger zeitlinger commented Feb 20, 2026

Summary

  • Pin mise version and sha256 in all workflow files for reproducibility and supply-chain security
  • Renovate will keep these up to date via the custom manager in grafana/flint#43

Test plan

  • CI passes with pinned mise version

@zeitlinger
Add mise version+sha256 pinning to CI workflows
5551a1a 
Pin mise version and sha256 in all workflow files for reproducibility
and supply-chain security.
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Copilot AI review requested due to automatic review settings February 20, 2026 18:00
@zeitlinger zeitlinger mentioned this pull request Feb 20, 2026
Closed
Copilot AI reviewed Feb 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR strengthens CI reproducibility and supply-chain security by pinning the installed mise binary to an explicit version and sha256 in GitHub Actions workflows, aligning with the Renovate custom manager approach referenced in the PR description.

Changes:

  • Add with: version and with: sha256 to jdx/mise-action usage in the lint workflow.
  • Add with: version and with: sha256 to jdx/mise-action usage in the acceptance tests workflow.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/lint.yml Pins mise version and checksum for deterministic lint runs.
.github/workflows/acceptance-tests.yml Pins mise version and checksum for deterministic acceptance test runs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@zeitlinger
Add config:best-practices to renovate extends
f5c608b 
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
@zeitlinger
Add mise entries to renovate-tracked-deps.json
e305b04 
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Copilot AI review requested due to automatic review settings February 20, 2026 19:40
Copilot AI reviewed Feb 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (2)

.github/renovate-tracked-deps.json:54

  • This PR is scoped as mise pinning, but this hunk also adds new Renovate tracking for grafana/otel-lgtm in docker-compose files. Consider calling out these additional tracked-deps changes in the PR description (or splitting) to keep the change intent clear.
  "examples/dotnet/docker-compose.yml": {
    "docker-compose": [
      "grafana/otel-lgtm"
    ]
  },

.github/renovate-tracked-deps.json:251

  • This adds Renovate tracking for the python base image in example Dockerfiles, which isn't mentioned in the PR description. Consider documenting this extra scope so it's clear why renovate-tracked-deps.json changed beyond mise pinning.
  "examples/obi/python.Dockerfile": {
    "dockerfile": [
      "python"
    ]
  },
  "examples/python/Dockerfile": {
    "dockerfile": [
      "python"
    ],

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/renovate.json5
@zeitlinger
Copy link
Copy Markdown
Member Author

zeitlinger commented Feb 23, 2026

Thanks @Copilot — addressed 1 comment(s). Please have another look!

@zeitlinger zeitlinger merged commit b41972e into main Mar 3, 2026
14 checks passed
@zeitlinger zeitlinger deleted the add-mise-version-pinning branch March 3, 2026 08:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@martincostello martincostello martincostello approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zeitlinger @martincostello