Skip to content

fix: hardens the release action#42

Merged
pandeymangg merged 3 commits intomainfrom
fix/harden-release-action
Oct 1, 2025
Merged

fix: hardens the release action#42
pandeymangg merged 3 commits intomainfrom
fix/harden-release-action

Conversation

@pandeymangg
Copy link
Contributor

@pandeymangg pandeymangg commented Oct 1, 2025

Hardens the release action by pinning the action versions to specific SHAs

@pandeymangg pandeymangg requested a review from Dhruwang October 1, 2025 05:18
@coderabbitai
Copy link

coderabbitai bot commented Oct 1, 2025
edited
Loading

Walkthrough

The CI workflows were adjusted and a version bump was applied. In publish-to-maven-central.yml, a hardened-runner step with egress-policy: audit was added, actions/checkout and actions/setup-java were pinned to specific commit SHAs, the checkout step now precedes JDK setup, and the publish step label was updated; a minor blank line was removed. In sonarcloud.yml, the checkout step gained a name without altering behavior. In android/build.gradle.kts, the top-level version was updated from 1.0.2 to 1.1.0.

Pre-merge checks

✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The title "fix: hardens the release action" clearly and concisely summarizes the primary objective of pinning action versions and strengthening the release workflow without extraneous detail, matching the main changes in the pull request.
Description Check ✅ Passed The description succinctly states that the release action is hardened by pinning action versions to specific SHAs, which directly corresponds to the changes in the GitHub workflows without including unrelated content.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 765026f and fba3f56.

📒 Files selected for processing (3)
  • .github/workflows/publish-to-maven-central.yml (1 hunks)
  • .github/workflows/sonarcloud.yml (1 hunks)
  • android/build.gradle.kts (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: SonarCloud

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@pandeymangg
Copy link
Contributor Author

pandeymangg commented Oct 1, 2025

@coderabbitai review

@coderabbitai
Copy link

coderabbitai bot commented Oct 1, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 1, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@pandeymangg pandeymangg added this pull request to the merge queue Oct 1, 2025
Merged via the queue into main with commit 5c2e303 Oct 1, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dhruwang Dhruwang Dhruwang approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pandeymangg @Dhruwang