From f7d4f41ea55f375832b7c8c9ed297b129c108da1 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Wed, 10 Apr 2024 16:04:35 -0400 Subject: [PATCH] chore(ci): use SHA as reference for integration test workflow instead of branch. (#29787) ### Reason for this change It is better to use an immutable commit reference for workflows that require approval, since the branch's head commit can change between the time of approval and workflow run execution. ### Description of changes Updated the `ref` parameter to use the SHA from the pull_request event instead of the ref. ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/workflows/request-cli-integ-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/request-cli-integ-test.yml b/.github/workflows/request-cli-integ-test.yml index dfefb83f881f7..1b37dede1a153 100644 --- a/.github/workflows/request-cli-integ-test.yml +++ b/.github/workflows/request-cli-integ-test.yml @@ -38,7 +38,7 @@ jobs: with: # Needs to run with PROJEN_GITHUB_TOKEN because we need permissions to force push the branch token: ${{ secrets.PROJEN_GITHUB_TOKEN }} - ref: ${{ github.event.pull_request.head.ref }} + ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Submit to test-pipeline run: |