Skip to content

Pin setup-python action to a commit hash - part 0#7491

Merged
youknowone merged 1 commit intoRustPython:mainfrom
ShaharNaveh:setup-python-pin
Mar 24, 2026
Merged

Pin setup-python action to a commit hash - part 0#7491
youknowone merged 1 commit intoRustPython:mainfrom
ShaharNaveh:setup-python-pin

Conversation

@ShaharNaveh
Copy link
Contributor

@ShaharNaveh ShaharNaveh commented Mar 24, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated GitHub Actions workflow for dependency checking to improve output handling and validation logic.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 24, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 1f25e9f4-6cf4-4179-a216-4057beee3b32

📥 Commits

Reviewing files that changed from the base of the PR and between 464b6bc and 85cca4d.

📒 Files selected for processing (1)
  • .github/workflows/lib-deps-check.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/lib-deps-check.yaml
📝 Walkthrough

Walkthrough

The workflow pins the actions/setup-python action to a specific commit SHA and refactors the dependency check step to capture command output directly into a shell variable, then write it to $GITHUB_OUTPUT using a heredoc. The "Post comment" step's condition is updated to check the output variable directly instead of a separate boolean flag.

Changes

Cohort / File(s) Summary
GitHub Actions Workflow Configuration
.github/workflows/lib-deps-check.yaml		 Pinned actions/setup-python to commit SHA, refactored output capture mechanism from temporary file to shell variable with heredoc writing, and updated post-comment gating condition to check deps_output variable directly.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Output flows in variable streams,
No temp files cluttering our dreams,
A cleaner path, direct and true,
The workflow hops to something new!
Heredoc writes with graceful ease,

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Pin setup-python action to a commit hash - part 0' accurately reflects the main change: pinning the actions/setup-python dependency to a specific commit SHA instead of a version tag.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 24, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 24, 2026
View reviewed changes
This was referenced Mar 24, 2026
Merged
Open
Merged
@ShaharNaveh ShaharNaveh changed the title Pin setup-python action to a commit hash Pin setup-python action to a commit hash - part 0 Mar 24, 2026
@youknowone youknowone merged commit 56c3a37 into RustPython:main Mar 24, 2026
18 checks passed
Copilot AI pushed a commit that referenced this pull request Mar 25, 2026
@ShaharNaveh
Pin setup-python action to a commit hash (#7491)
32b8af3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@youknowone youknowone youknowone approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ShaharNaveh @youknowone