Skip to content

CI: Fix last unpinned action versions#35137

Merged
Sidnioulz merged 1 commit into
nextfrom
sidnioulz/fix-last-version-pins
Jun 11, 2026
Merged

CI: Fix last unpinned action versions#35137
Sidnioulz merged 1 commit into
nextfrom
sidnioulz/fix-last-version-pins

Conversation

@Sidnioulz

@Sidnioulz Sidnioulz commented Jun 11, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

We've enforced mandatory version pinning for actions.

These are the last outliers

Manual testing

Not needed.

Summary by CodeRabbit

  • Chores
    • Updated internal CI/CD infrastructure dependencies to enhance build stability and reliability.

Copilot AI review requested due to automatic review settings June 11, 2026 08:18
@Sidnioulz Sidnioulz added build Internal-facing build tooling & test updates ci:normal Run our default set of CI jobs (choose this for most PRs). qa:skip Pull Requests that do not need any QA. labels Jun 11, 2026
@Sidnioulz Sidnioulz self-assigned this Jun 11, 2026
@Sidnioulz Sidnioulz moved this to In Progress in Core Team Projects Jun 11, 2026
Copilot AI reviewed Jun 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins the remaining unpinned GitHub Action references to immutable commit SHAs, aligning these CI workflows/composite actions with the repo’s mandatory action version pinning policy.

Changes:

  • Updates the composite .github/actions/setup-node-and-install action to use pinned SHAs for actions/setup-node and actions/cache restore/save.
  • Normalizes the actions/setup-node version comment formatting in generate-sandboxes.yml to match the repo’s # vX.Y.Z convention.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/generate-sandboxes.yml Keeps setup-node pinned and standardizes the inline version comment format.
.github/actions/setup-node-and-install/action.yml Replaces tag-based action references (@v4) with pinned commit SHAs for setup-node and cache restore/save.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@coderabbitai

coderabbitai Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9266ef63-24e2-4459-8a38-4f1865c26c30

📥 Commits

Reviewing files that changed from the base of the PR and between 4730339 and 7dd35db.

📒 Files selected for processing (2)
  • .github/actions/setup-node-and-install/action.yml
  • .github/workflows/generate-sandboxes.yml
📝 Walkthrough

Walkthrough

This PR pins three reused GitHub actions to specific commit hashes in the composite action setup workflow, replacing floating version references with deterministic commits for setup-node v6.4.0 and cache actions v5.0.5. The generate-sandboxes workflow is updated to reference the pinned setup-node commit.

Changes

Action Version Pinning

Layer / File(s) Summary
Action version pins to specific commits
.github/actions/setup-node-and-install/action.yml, .github/workflows/generate-sandboxes.yml		 actions/setup-node, actions/cache/restore, and actions/cache/save are pinned from floating v4 tags to specific commits. setup-node updates to v6.4.0 and cache actions to v5.0.5. generate-sandboxes workflow simultaneously updates to the pinned setup-node commit.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Comment @coderabbitai help to get the list of available commands and usage tips.

@storybook-app-bot

storybook-app-bot Bot commented Jun 11, 2026

Copy link
Copy Markdown

Package Benchmarks

Commit: 7dd35db, ran on 11 June 2026 at 08:35:02 UTC

The following packages have significant changes to their size or dependencies:

@storybook/cli

Before After Difference
Dependency count 203 203 0
Self size 947 KB 908 KB 🎉 -39 KB 🎉
Dependency size 88.99 MB 88.99 MB 🚨 +360 B 🚨
Bundle Size Analyzer Link Link

@Sidnioulz Sidnioulz requested a review from a team June 11, 2026 08:54
@Sidnioulz Sidnioulz merged commit da0e18e into next Jun 11, 2026
146 of 150 checks passed
@Sidnioulz Sidnioulz deleted the sidnioulz/fix-last-version-pins branch June 11, 2026 08:55
@github-project-automation github-project-automation Bot moved this from In Progress to Done in Core Team Projects Jun 11, 2026
@github-actions github-actions Bot mentioned this pull request Jun 11, 2026
Open
16 tasks
@Sidnioulz Sidnioulz added the patch:yes Bugfix & documentation PR that need to be picked to main branch label Jun 11, 2026
This was referenced Jun 11, 2026
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@huang-julien huang-julien huang-julien approved these changes

Assignees

@Sidnioulz Sidnioulz

Labels

build Internal-facing build tooling & test updates ci:normal Run our default set of CI jobs (choose this for most PRs). patch:yes Bugfix & documentation PR that need to be picked to main branch qa:skip Pull Requests that do not need any QA.

Projects

Core Team Projects
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Sidnioulz @huang-julien