GHA: license check and action pinning by stephen-derosa · Pull Request #7 · livekit-examples/cpp-example-collection

stephen-derosa · 2026-04-09T18:49:03Z

No description provided.

.github/workflows/builds.yml

Copilot

Pull request overview

Adds GitHub Actions checks to enforce pinned action refs and validate Apache license headers as part of the existing CI workflow.

Changes:

Introduces reusable workflows for pin-checking (pinact) and license-header checking (addlicense via Docker).
Updates the main build workflow to call these reusable workflows.
Pins previously unpinned GitHub Actions to specific commit SHAs and tightens job permissions for the build job.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
`.github/workflows/pin_check.yml`	New reusable workflow to verify `uses:` refs are pinned.
`.github/workflows/license_check.yml`	New reusable workflow to validate Apache license headers via `addlicense`.
`.github/workflows/builds.yml`	Calls the new reusable workflows; pins action versions by SHA; adds `contents: read` permissions for the build job.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/license_check.yml

.github/workflows/builds.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Agent-Logs-Url: https://github.com/livekit-examples/cpp-example-collection/sessions/bf6c5bcf-16e7-41e2-8c68-51a4ddddf58b Co-authored-by: stephen-derosa <40528896+stephen-derosa@users.noreply.github.com>

Copilot

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/license_check.yml

.github/workflows/builds.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

GHA: license check and action pinning

0a18718

stephen-derosa requested a review from Copilot April 9, 2026 18:49

stephen-derosa self-assigned this Apr 9, 2026

Copilot started reviewing on behalf of stephen-derosa April 9, 2026 18:49 View session

github-advanced-security bot found potential problems Apr 9, 2026

View reviewed changes

.github/workflows/builds.yml Fixed Show fixed Hide fixed

Copilot AI reviewed Apr 9, 2026

View reviewed changes

.github/workflows/license_check.yml Outdated Show resolved Hide resolved

.github/workflows/builds.yml Show resolved Hide resolved

Copilot started work on behalf of stephen-derosa April 9, 2026 18:55 View session

stephen-derosa and others added 3 commits April 9, 2026 12:55

Update .github/workflows/license_check.yml

fd0baad

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Potential fix for pull request finding 'CodeQL / Workflow does not co…

264d58a

…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

GHA: add explicit permissions to license-check and pin-check jobs

14bf7f6

Agent-Logs-Url: https://github.com/livekit-examples/cpp-example-collection/sessions/bf6c5bcf-16e7-41e2-8c68-51a4ddddf58b Co-authored-by: stephen-derosa <40528896+stephen-derosa@users.noreply.github.com>

Copilot finished work on behalf of stephen-derosa April 9, 2026 18:58

stephen-derosa requested a review from Copilot April 9, 2026 19:09

Copilot started reviewing on behalf of stephen-derosa April 9, 2026 19:09 View session

Copilot AI reviewed Apr 9, 2026

View reviewed changes

license dep and copyright

b8057a2

stephen-derosa requested a review from Copilot April 9, 2026 19:19

Copilot started reviewing on behalf of stephen-derosa April 9, 2026 19:19 View session

Copilot AI reviewed Apr 9, 2026

View reviewed changes

.github/workflows/license_check.yml Outdated Show resolved Hide resolved

.github/workflows/builds.yml Show resolved Hide resolved

stephen-derosa and others added 2 commits April 9, 2026 13:36

Update .github/workflows/builds.yml

9d8f1f1

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Update .github/workflows/license_check.yml

77b67f2

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

stephen-derosa merged commit f231c0c into main Apr 9, 2026
7 checks passed

stephen-derosa deleted the sderosa/ci-safety branch April 9, 2026 19:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GHA: license check and action pinning#7

GHA: license check and action pinning#7
stephen-derosa merged 7 commits intomainfrom
sderosa/ci-safety

stephen-derosa commented Apr 9, 2026

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

stephen-derosa commented Apr 9, 2026

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants