This script fetches the commit SHA for a specified tag of a GitHub repository. If no tag is specified, it fetches the latest release's commit SHA. It utilizes the GitHub API to retrieve this information and ensures that you are referencing the exact commit SHA for your workflows, enhancing security and stability. Read here about why using SHA is better than using tags: Why you should use commit SHAs in your GitHub Actions workflows.
./get_commit_sha.sh <owner>/<repo> [<tag-name>]<owner>/<repo>: The owner and repository name (e.g.,octocat/Hello-World).[<tag-name>](optional): The specific tag name. If not provided, the latest release tag is used.
-
Fetch the latest release commit SHA for a repository:
./get_github_actions_sha.sh actions/checkout
-
Fetch the commit SHA for a specific tag:
./get_github_actions_sha.sh actions/checkout v4.1.6
-
Clone the Repository
git clone https://github.com/Siddhant-K-code/get-gha-sha.git cd get-gha-sha -
Make the Script Executable
chmod +x get_github_actions_sha.sh
-
Install Dependencies
Ensure you have
curlandjqinstalled on your system. You can installjqusing your package manager:sudo apt-get install jq # For Debian-based systems sudo yum install jq # For RedHat-based systems brew install jq # For macOS
actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6