[php-src] PR #22215: ci: pin GitHub Actions to full commit SHAs

From: Date: Wed, 03 Jun 2026 01:55:47 +0000
Subject: [php-src] PR #22215: ci: pin GitHub Actions to full commit SHAs
Groups: php.git-pulls 
Request: Send a blank email to git-pulls+get-36282@lists.php.net to get a copy of this message 
Pull Request: https://github.com/php/php-src/pull/22215
Author: XananasX7

This PR pins GitHub Actions from mutable version tags (e.g. @v4) to full commit SHAs,
preventing silent supply chain attacks from compromised action repositories.

Recommended by [GitHub's security hardening
guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
and [OpenSSF Scorecard](https://securityscorecards.dev/).

Thread (1 message)

  • XananasX7
« previous php.git-pulls (#36282) next »