Pin GitHub Actions to commit SHAs

[jportner-ant]

Pin third-party GitHub Actions references to immutable commit SHAs.

[github-actions]

PR Review

Recommendation: COMMENT

Summary

Pins three third-party GitHub Actions (lycheeverse/lychee-action, marocchino/sticky-pull-request-comment, astral-sh/setup-uv) to commit SHAs across 5 workflow files. Sound supply-chain hardening, but a few related items worth addressing.

Actionable Feedback (3 items)

• Missed action: anthropics/claude-code-action@v1 — referenced in claude-pr-review.yml:44, claude-model-check.yml:70, claude-link-review.yml:69, notebook-quality.yml:58, lint-format.yml:120, notebook-tests.yml:129. Lives outside actions/*, so the same supply-chain reasoning applies — pin it for consistency with the stated policy (or document why first-party anthropics/* is excluded).
• Add .github/dependabot.yml for package-ecosystem: github-actions. Without it, pinned SHAs silently rot. Dependabot understands the # vX.Y.Z convention and bumps SHA + comment together.
• Drop the (sha-pinned) suffix (optional) — the SHA itself makes pinning self-evident, and the standard # vX.Y.Z form is what tooling expects. Harmless either way.

Detailed Review

Security

Strong improvement. SHA-pinning third-party actions defends against the class of supply-chain attacks where a tag is moved to point at malicious code (e.g., the tj-actions/changed-files compromise from March 2025). This is explicitly called out in GitHub's hardening guide.

Excluding actions/checkout and other actions/* GitHub-owned actions is a reasonable policy choice — they have a different trust model and stronger operational controls. Worth stating that policy in a CONTRIBUTING note so future PRs follow the same rule.

Code Quality

• Format <sha> # <version> is the GitHub-recommended convention and is parsed correctly by Dependabot/Renovate.
• All three SHAs are consistently applied across every occurrence — no drift.
• Pre-existing nit (out of scope): notebook-tests.yml uses actions/checkout@v4 and actions/upload-artifact@v4 while sibling workflows use @v6. Worth a follow-up.

Positive Notes

• Tight, focused diff (7+/7−). Easy to verify.
• Version comment makes the pin human-readable without losing immutability.
• Targets the highest-risk actions (third-party, run with repo token) first.

[github-actions]

PR Review

Recommendation: COMMENT

Summary

Pins three third-party GitHub Actions (lycheeverse/lychee-action, marocchino/sticky-pull-request-comment, astral-sh/setup-uv) to immutable commit SHAs across 5 workflow files. This is a sound supply-chain hardening practice aligned with GitHub's own recommendations and OpenSSF Scorecard's Pinned-Dependencies check.

Actionable Feedback (3 items)

• Scope inconsistency: anthropics/claude-code-action@v1 is referenced in 6 workflows (claude-model-check.yml:70, notebook-tests.yml:129, claude-link-review.yml:69, notebook-quality.yml:58, claude-pr-review.yml:44, lint-format.yml:120) but is NOT pinned. It lives in a separate repo from this cookbook, so the same supply-chain reasoning applies as for astral-sh/setup-uv. Either pin it for consistency or document why it's exempted (e.g., trusted-org policy).
• Verify no implicit version bumps: Worth confirming the previous floating @v2 / @v4 tags actually resolved to v2.8.0 / v2.9.4 / v4.2.0 at the time of this PR. If any are bumps, call that out in the commit message — reviewers reading "pin to SHA" don't expect functional version changes.
• Consider Dependabot config: If .github/dependabot.yml doesn't already include package-ecosystem: github-actions, add it. Without automated bumps, SHA pins silently rot — trading supply-chain risk for stale-dependency risk. The chosen comment format # v2.8.0 (sha-pinned) is Dependabot/Renovate-compatible, so the infrastructure is ready.

Detailed Review

Code Quality

The change is minimal, mechanical, and consistent within its scope. The # v2.8.0 (sha-pinned) comment format is excellent — human-readable, machine-parseable by Dependabot/Renovate, and signals intent clearly. The same astral-sh/setup-uv SHA is reused across all four workflow files, so versions don't drift.

Security

This is a meaningful security improvement. Floating tags (@v2, @v4) can be force-moved to a malicious commit by either a compromised maintainer account or a tag-pull request, as occurred in the tj-actions/changed-files incident in March 2025. SHA pinning eliminates this attack vector for the pinned actions.

Suggestions

• Consider also pinning first-party actions/checkout@v6, actions/setup-python, etc. OpenSSF Scorecard and SLSA Level 3 expect ALL actions pinned, including first-party — GitHub's own hardening docs recommend it because the actions org is not immune to compromise. The "third-party only" scope is a defensible policy choice but worth being explicit about (e.g., a comment or SECURITY.md note).

Positive Notes

• Sound, targeted security hardening that's easy to review.
• The trailing-comment format is the right call — keeps the change self-documenting and tool-friendly.
• Consistent SHAs for the same action across files (astral-sh/setup-uv in 4 files all pin to the same SHA).