Pin dependency versions

Always specify exact versions of tools and dependencies in CI/CD workflows rather than using 'latest' or floating versions. This ensures build reproducibility, prevents unexpected failures when upstream dependencies change, and makes debugging easier.

copy reviewer prompt

Prompt

Reviewer Prompt
Deploy Agent

Always specify exact versions of tools and dependencies in CI/CD workflows rather than using ‘latest’ or floating versions. This ensures build reproducibility, prevents unexpected failures when upstream dependencies change, and makes debugging easier.

Example:

# Instead of this (unstable):
- name: Setup golangci-lint
  uses: golangci/golangci-lint-action@v2
  with:
    version: latest

# Do this (stable):
- name: Setup golangci-lint
  uses: golangci/golangci-lint-action@v2
  with:
    version: v1.41.1
    args: --verbose

Similarly, when defining test matrices, explicitly specify all supported versions to ensure comprehensive coverage across environments.

Source discussions