Skip to content

GitHub Actions digest pinning for non-version-like tags #40095

New issue
New issue
Open
#40097
Open
GitHub Actions digest pinning for non-version-like tags#40095
#40097
Assignees
zharinov
@zharinov

Description

@zharinov
zharinov
opened on Dec 21, 2025

Discussed in #28387

Originally posted by neoeinstein April 13, 2024

What would you like help with?

I would like help with my configuration

How are you running Renovate?

Mend Renovate hosted app on github.com

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

No response

Please tell us more about your question or problem

I have this example job in a GitHub Actions workflow:

  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
      - uses: dtolnay/rust-toolchain@nightly
        with:
          components: rustfmt
      - run: cargo +nightly fmt --all -- --check
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: clippy
      - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2
      - run: cargo clippy --workspace --all-targets --features derive

Pinning gets the rust-cache and checkout actions, as they had version-like tags, but I'd also like to digest-pin the two rust-toolchain actions with the nightly and stable tags. Another similar action is taiki-e/install-action@nextest, which has some tags for specific tools to install using that workflow.

I'm looking for a suggestion that would allow me to pin these to their respective digest.

Logs (if relevant)

Logs

Some detail extracts:

          {
            "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}",
            "commitMessageTopic": "{{{depName}}} action",
            "currentValue": "nightly",
            "datasource": "github-tags",
            "depName": "dtolnay/rust-toolchain",
            "depType": "action",
            "packageName": "dtolnay/rust-toolchain",
            "replaceString": "dtolnay/rust-toolchain@nightly",
            "skipReason": "invalid-version",
            "versioning": "docker",
            "updates": []
          },
          {
            "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}",
            "commitMessageTopic": "{{{depName}}} action",
            "currentValue": "nextest",
            "datasource": "github-tags",
            "depName": "taiki-e/install-action",
            "depType": "action",
            "packageName": "taiki-e/install-action",
            "replaceString": "taiki-e/install-action@nextest",
            "skipReason": "invalid-version",
            "versioning": "docker",
            "updates": []
          },
          {
            "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}",
            "commitMessageTopic": "{{{depName}}} action",
            "currentValue": "stable",
            "datasource": "github-tags",
            "depName": "dtolnay/rust-toolchain",
            "depType": "action",
            "packageName": "dtolnay/rust-toolchain",
            "replaceString": "dtolnay/rust-toolchain@stable",
            "skipReason": "invalid-version",
            "versioning": "docker",
            "updates": []
          },

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions